May 31, 2017

Black Hat SEOs and hackers are keen to find resources to exploit. A badly secured WordPress site makes a juicy target, and criminals use such sites for nefarious activities ranging from botnets to ransomware distribution. Of late, there has been a rise in a different sort of attack: SEO Spam Malware.

What Is SEO Spam?

SEO spam, also known as spamdexing, is the attempt to manipulate search indexes so that they include content they otherwise wouldn’t. Black Hat SEOs want to spam search engine results with content that doesn’t deserve either to be included at all or included in a prominent position.

The familiar and old-fashioned technique of keyword stuffing is a form of SEO spam, as are link spamming comment threads and forums, doorway pages, and every other technique for giving web pages an undue prominence in search results.

The motivations are clear: search is responsible for a substantial proportion of valuable referrals. SEO spammers and their clients want a piece of the pie, but they don’t want to do the work it takes to legitimately secure a place in the SERPs.

SEO Spam And Malware

SEO malware is malicious software that, once in place on a server, modifies or creates web pages that serve the interest of a spammer. An unsophisticated example would be a simple script that adds hidden links to an eCommerce store to the footers of infected sites. More sophisticated examples might add thousands of new pages to a site.

In a recently prominent example, attackers took over WordPress sites and used malware to create brand-new sites in the root directory of the server. Those sites were made available at subdomains of the legitimate site.

You might think SEO spam would be easy to spot, but that isn’t always the case. Spammers go to great lengths to hide their work, and often the malware is coded so that the spam is only shown to search engine crawlers. Ordinary visitors — including the site’s owners — only see the legitimate content.

Is Your Site Infected With SEO Malware?

There are some obvious clues that a site has been infected with SEO malware. If you check incoming search referrals in Google Analytics and see clearly unrelated search terms, it’s a strong indicator. So, if your site is a blog about woodworking and you suddenly see an influx of traffic with search terms like “cheap gucci shoes”, you’ve got a problem.

It’s entirely possible Google will become aware a site has been compromised before its owners, so you may well find out about it when Google emails you or your users let you know that web browsers are throwing up a security warning.

Of course, if your site has been compromised with SEO spam, you want to know about it as soon as possible. A WordPress security plugin with malware scanning can help. Sucuri and WordFence are prominent examples.

Keep Malware Out

The best way to fight malware is to make sure your site can’t be compromised in the first place. There’s no such thing as a completely secure site, but if a site is kept up-to-date, uses long and random passwords, or, even better, 2-Factor Authentication, the chances of being compromised are substantially reduced.


Nexcess, the premium hosting provider for WordPress, WooCommerce, and Magento, is optimized for your hosting needs. Nexcess provides a managed hosting infrastructure, curated tools, and a team of experts that make it easy to build, manage, and grow your business online. Serving SMBs and the designers, developers, and agencies who create for them, Nexcess has provided fully managed, high-performance cloud solutions for more than 22 years.

We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.