Black hat SEO refers to using tactics that are against search engine terms of service to manipulate ranking. As the SEO industry has changed over the past couple of years, as Google and other search engines seek to improve search result quality to provide a better user experience and traditional black hat techniques are becoming less effective, negative SEO is the new solution. Since it is harder to rank for competitive keywords than it was just three years ago, negative SEO uses a number of black hat techniques to sabotage the competition’s ranking as a method of increasing your own.
Negative SEO attacks come in a variety of shapes and sizes, including:
- Building spammy backlinks to your website
- Spammy blog comments
- Distributing copies of your website’s content all over the internet
- Working to remove your best backlinks
- Hacking your website
- Pointing backlinks to your website with keywords promoting Viagra, gambling, and other negative niches
If you’re not a big website and you don’t think you have to worry about it, realize there are hackers and people out there who mess with random websites for fun. And you don’t have to know what you’re doing to find someone who does. If you’re out to create trouble for someone, a quick search of Fiverr for “negative SEO” shows plenty of providers who are willing to launch massive negative backlink campaigns against any website you want. The threat is real, so rather than waiting to see if your website falls victim, it’s best to take a proactive stance.
You can fall victim to one at any given time, even if you’re not a major brand with a lot of competition. And if you do, it doesn’t necessarily mean the competition is to blame. I’m going to show you how to protect yourself from a negative SEO attack, because prevention is much easier than cleaning up the mess afterward.
Setup Alerts in Google Search Console
The Google Search Console, formerly known as Webmaster Tools, is an excellent source of information about what’s going on with your website. Setting up email alerts can let you know when certain issues arise, such as:
- Website is attacked by malware
- Server is having connectivity issues
- Pages are not being indexed
- Google manually penalizes your site.
If you’re not already using this service, I’ve written a guide on how to get started with Google Search Console. There you’ll be able to learn how to add your website and setup the necessary email alerts. Remember, this is not the same as Google Analytics, but provides some additional useful information about your website.
Keep an Eye on Your Backlinks
The most common form of negative SEO, especially as evidenced by what’s available on Fiverr is the creation of mass amounts of low quality backlinks. This is why it is important for you to keep a close eye on your backlinks so you can see when someone is building links to your website.
There are all kinds of backlink checker tools out there like Open Site Explorer and Ahrefs, but those require you to manually look at your backlinks every morning. There’s nothing wrong with that of course, but when you’re busy, it’s easy to forget to do. I’m a big fan of automating what you can without sacrificing quality, and then using the time savings elsewhere to improve your business. Monitor Backlinks will email you when it sees new backlinks are added to your website. Plans start at $25 a month for a single website, and allow you to monitor two competitors. There’s the option to skip competitors and make it a little cheaper, too. There’s a free 30-day trial so you can make sure you like the service, too.
When you notice new backlinks are being added, but you know you’re not the one behind them, you can start taking action to get them removed or disavowed. More on how to do that in a bit.
Use an Email Hosted at Your Domain for Building Backlinks
Spammers and attackers will often try to remove the best backlinks your website has. They do this by contacting the website owner of the link, pretending to be you, and asking that the webmaster remove the link.
You can’t stop people from reaching out pretending to be you, but you can safeguard against the webmasters falling for it by making sure you use an email address from your domain, rather than a generic account like Gmail or Yahoo. This way, you can prove you work for the website and it’s not someone who’s posing as you. Your hosting plan will generally include a certain number of email boxes you can use.
You’ll want to keep an eye on your backlinks as you’re building them, so you can see if any manage to disappear. If you notice you lose a good one, reach out to the webmaster, ask why they’ve removed your link, and let them know what has happened. If you’re using Monitor Backlinks, you can tag the backlinks you want to keep the most, so you can verify if any of them get removed.
Secure Your Website
There are several things you can do to protect your website against hacks. If you’re using WordPress, check out this post on ways to secure it. I recommend using WordFence on your WordPress site, as it can protect your site from malicious attacks, and scan for changes in the core files. The premium version of the plugin can also let you know if there are any viruses on your site, and tell you if your site is being used in any spam activity.
If you’d rather take a different approach, you can use the Google Authenticator Plugin to create a two step verification password used each time you login to your WordPress website. You’ll have to enter a code that Google generates on your smartphone (available for both Android and iOS phones) before you can access your site.
Use a strong password with numbers and special characters. If you struggle with remembering, use special characters to help you spell a word, like $ for S or @ for A.
Create backups of your files and database on a regular basis. Ask your hosting company if they are doing this for you. Even if they are, it’s a good idea to keep your own copies. You can use a plugin to automatically backup everything to Dropbox or OneDrive.
If your website allows visitors to upload files, talk to someone at your hosting company to make sure you have antivirus installed to prevent users from being able to upload malware.
Check for Copies of Your Content
Use Copyscape to check for content on your website elsewhere on the web. You can start with your website URL, or just copy and paste the text from any page or blog post into the engine and search.
Use Social Listening Tools
It’s possible spammers will create fake social media accounts similar to yours to trash your brand name. To make sure this isn’t happening, you can use social listening tools like Mention.net or Google Alerts (not real time) to see who’s talking about you and what they are saying. If you see anything that’s not legit, take action to get the profiles removed as soon as possible. Report them as spam, and ask that your followers do the same. You can monitor everything from Facebook and Twitter, to videos, websites and blogs, and even images and forums.
Monitor Your Page Speed
If you notice your website suddenly takes longer to load, run some tests on Pingdom to make sure it’s not because someone is sending thousands of requests to your server. If you don’t stop this quickly, it’s possible the spammers will be able to take you entire server down. You can setup email alerts to find out if your server is every down. If you notice your site is being attacked, contact your hosting company as soon as possible.
What to Do If You’re Attacked
Create a List of Backlinks to Remove
Check the links that were created to your website recently. Manually check all of them to decide if you want to keep or remove them. If you want to remove them, put them in a separate list.
Create the list as soon as you get an email alert with backlinks you’re unaware of – especially if they look like they are spam.
Try to Remove the Links
Reach out the webmaster of the websites with the links you want to remove and request that they remove the link to your website. If you are unable to find a contact page, you can check the WHOIS registration to see if there’s an email address there. Sometimes it is hidden. If you cannot find a contact email address even after taking that route, or you do not hear back from the webmaster, you always have the option to ask Google to disavow your links.
Disavow the Rest
Disavowing links is the way you tell Google you don’t want them to count backlinks toward your link juice. I’ve written about disavowing links in more detail on the blog before, so I’ll let you go to that post to learn more about creating the disavow file and using the Google Disavow tool. Basically, you create a file with the links you want to disavow, then upload it to Google’s tool. The results aren’t instant, however, so you may end up waiting up to three months, though most are done within a month. That’s why it’s always a good idea to reach out to the webmaster and ask them to remove the links, too.
Negative SEO Isn’t the End of the World
If you’re the victim of a negative SEO attack, try not to stress out too much. Google is smart, and can tell when a negative SEO campaign is being launched. There’s no guarantee you’re going to be penalized as a result of the attack, since the search engine can tell you’re not the one causing it. In fact, the entire process could backfire and improve your rankings. Someone who invests in a negative SEO campaign against you is engaging in a high risk, low reward activity.
Have you ever dealt with negative SEO? If so, how was your recovery? Share your experience with me in the comments below.