SEO Implications of a Hacked WordPress Site


Having your site hacked is a pain. You can end up with pages on your site selling everything from fake Ugg boots to Viagra and with links to online pharmacies and even pornography – none of this is great for your businesses reputation. One aspect of website security and hacks that is not talked about so often is the impact a hack can have on your search engine visibility.

In this post I want to have a look at hacking from a marketing and SEO perspective. What kind of damage does a hack do? How can you rectify things?

Secret Hacks

Some hacks are fairly obvious. If you are selling viagra or redirecting users then you will likely spot it – or at least a customer will and sooner or later these will come to your attention. The kind of hacks often present themselves and in many cases Google will pick this up and present a warning when showing results from your site: This Site May Be Hacked. The support page for this message advises users not to visit sites when this message is displayed and as such traffic will usually take a dive.

this site may be hacked notification in Google search results

The more worrying hacks are the ones that you may not spot quite so easily. Really, if you think about it. A short term hijacking of a site to redirect traffic is easily spotted but the best crimes are the ones you never even know happened – sort of like when Walter & Jesse steal the Methylamine from the train in breaking bad and top it back up with the same weight of water. There was no crime to investigate so there was no investigation. Smarter Black Hat SEO types of hacks often work like this and the primary goal is to insert some links to a third party sites.

Now many of the folks doing this often are not geniuses: most criminals are not the smartest as indicated by their career choice and we often see links added to footers or obvious places on the site. These are not the kind of links we are so worried about. The smart hacks will hide links in well established content. They will be cleverly inserted so they don’t really stand out to visitors or even you and your team. These links will be placed to promote third party sites – sometimes competitors. Often these links will be to the kind of content you would not want to associate your business with: drugs, pornography, propaganda. Often they are just promoting other sites that you would not want to link to.

Often spammers may create blog posts or content on your site that hijacks your search engine visibility and the pharma hacks tend to work like this but are big and obvious. Single posts or edits to content can be made to help achieve whatever the hackers goal may be.

What are the implications

In the SEO world people are so worried about who links to them. The Penguin link penalty has caused many SEO companies and website owners to lose their minds and whilst external link quality is important it is not something you can directly control and you should not have to monitor external links if you are playing fair. In stark contrast you have complete control over who you link to and by linking to sites that are spammy or topically irrelevant you are associating yourself with these bad neighbourhoods. As such you are saying “hey, we vouch for this porn” or “hey Google, we think this is a good site for visitors”.

All of this has one major implication – it damages trust.

What do the professionals say?

We spoke to Marcus Miller from the search marketing firm Bowler Hat in Birmingham UK. Marcus has been working in search and SEO since 1999 so has seen a thing or two in that time and provided the following comment.

Something I find useful here is to consider the five SEO super signals as proposed by Alan Bleweis. The acronym to make this easy to remember is QUART and it stands for Quality, Uniqueness, Authority, Relevance and Trust. Having dodgy links or content inserted in your site hits you on the quality, relevance and trust front. Really big on the trust side of things. Google will penalise you for selling links or adding links to your site that pass page rank or intend to manipulate search engine results and that is exactly the reason these links exist. Whether you placed them or not matters little – this is your site and it is your responsibility to keep it secure whether you like it or not.

WordPress security does not need to be complicated. Simply keeping your WordPress installation, plugins and themes up to date will deter all but the most determined of hacker. Most often these attacks are opportunistic with out-of-date software providing an open door to these low level hackers and script kiddies.

Beyond the obvious defacements we see a lot of content edits and links inserted to help inflate the rank of a clients site. It is important to monitor your site for content edits and outbound links that you do not agree with. This is easily done with Screaming Frog and a regular audit of outbound links and a close eye on what is indexed.

Really, a proactive approach to security with blacklist monitoring, website content monitoring, outbound link monitoring and most importantly of all active security monitoring, anti virus and ideally a website firewall should all complement a site that is kept bang up to date. Much like the service that wArmour supplies and we have suggested to our clients.

I do find it kind of crazy that folks will spend thousands on SEO and content marketing but don’t want to invest a few hours per week on security. Ideally though, security is a specialist area and a multi-headed beast so getting some pros to take care of it is ideal.

We agree with Marcus and his team over at www.bowlerhat.co.uk which is why we have partnered with them to bring technical SEO to our wArmour security packages. Proactive security ensures your site remains in Google’s good graces and you only link where you mean to.

Trust is everything

When it comes to SEO trust is everything. Does Google trust your site? Do they believe you provide a good experience if they a refer a search engine user to you? Off topic links, referrals or spam content are not a good experience. Selling links is Google’s bugbear and they will bring down the ban hammer if they stumble across your site being involved in such strategies.

Hitting you in the pocket

Everything always boils down to the same thing: money. Hacks will eat up time. Steal your traffic. Erode your trust and undermine solid SEO and content marketing efforts. Ensuring your security is taken care of is as important as the marketing itself.

If you suspect you have an issue with your site and would like one of our guys to give it a quick look over then give us a shout in the comments below and we will take a look and feedback.


Leave a comment

Get Secure - Get wArmour

WordPress is better when it’s wearing wArmour.
Contact us today to secure your website and resolve any existing problems!

Get wArmour