Search engine optimisation is the art of driving more traffic to your website through higher rankings on the results page.
What is negative SEO?
Negative SEO or Google Bowling as some refer to it, is the shady tactic of a rival climbing higher in the ranks by conning search engines into thinking your site is less worthy.
Google is constantly updating the engine to punish websites that try to manipulate the system; if a competitor was to make it appear that you are one of the bad guys, it will be very damaging to your organic performance.
Being able to spot and handle an attack can sometimes be difficult, if you are not consistently monitoring your website.
Even when monitoring your site, there are many people out there who successfully mimic spam behaviour on your site.
Often, the look and feel of your website will not change at all and you may not even notice until the damage is done and your traffic is plummeting.
Is your site being attacked?
Being attacked by an external body is not a good feeling. Being able to spot the signs is crucial to prevent your domain from being punished. If it seems too late and you’ve noticed your traffic and rankings dropping recently, follow these steps to diagnose the problem.
Has Google messaged you?
If you have been manually penalised, Google will send you a message in your Google Search Console account. This can be found in the left sidebar under ‘Security & Manual Actions’.
There will be a notification telling you that your site or page has been penalised and the reason why.
As a webmaster, your job is to rectify this issue and then file a ‘Reconsideration Request’. This process can take days or even weeks as it is reliant on a member of staff from Google to manually check your request and decide if the penalty should be listed.
Was there an algorithm update?
Before investigating any further, check if there has been an algorithm update that is causing havoc. There are several websites that monitor the weather forecast of algorithm updates, one we like to use is by Moz aptly named Mozcast.
Google releases hundreds of algorithm updates a year and several large updates that often cause upset within the industry.
In theory, if you’re writing unique, quality content and you’re on top of the technical integrity of the site, your site should not be affected by an algorithm update. In reality, if a competitor is doing it better, you will see a negative impact.
It is possible that a decline in rankings causing a decline in traffic is because of an update rather than an attack. If this is the case, you will need a solid SEO plan to compete.
If you think you’ve been hit by an algorithm update Talk to us today.
How is the indexation rate of your website?
If your rankings have plummeted and traffic has zeroed out, even if it’s just a few lucrative pages, check if these pages are still indexed in Google. You can quickly do this by typing into the Google search bar:
If the page is no longer in the index, you will see a message from Google suggesting for you to try Google Search Console and some suggestions on how to get the page indexed.
To get a bigger picture, you will want to open Google Search Console. If you have not set up Google Search Console then we would strongly advise you do so, as there is a wealth of free information on how Google sees your website. We would advise you to create webmaster accounts for all important search engines for your business:
The old Google Search Console UI had a section that housed a graph showing the progress of indexation. As GSC is migrating to a new platform, this can now be found under the ‘Coverage’ category, choosing the ‘valid’ and ‘valid with warnings’ tabs. You will be presented with a green and orange bar chart representing the number of pages indexed successfully. A really cool thing about this new UI is that webmasters can now overlay impressions quickly seeing the impact of reduced/increased indexation numbers.
If this suddenly drops and there has not been any development work, it is likely you’ve been penalised.
Have you been hacked?
Being hacked can be very difficult to detect and it’s a particularly vicious form of Negative SEO. Hacking a website is when an external body exploits the vulnerabilities of a website to gain unauthorised privileges, often enabling them to manipulate the website for their own needs.
Malware is malicious software written to cause harm; this is often presented in the form of viruses, trojans, spyware and ransomware.If someone has managed to exploit your website, Google may have already detected this and warned you.In Google Search Console, under the same tab that you’d find penalty notices, you will also have a section where Google will contact you if it has detected a security issue.
Cleaning up an infected site can take time but it is highly recommended to monitor the security of your site and strengthen the gates.
Have you suddenly got a lot of links?
If you’re showing signs of a potential attack but there doesn’t seem to be anything wrong with your website, have a look at your backlink profile. There are several robust tools for checking the linking history of your website; our preferred tool is Ahrefs because of the detailed information it provides.If you have noticed a spike in backlinks/referring domains, this could be due to negative SEO.Google will penalise a website that has a large number of low-quality, spammy or malicious websites pointing to it to protect users. A competitor could point thousands of backlinks to your site from several websites to harm your rankings.An easy spot to see if there is a backlink attack is to check the IPs of all the referring domains. If there is a group that share the same IP, it is likely they are malicious.
If your website showcases any one of these behaviours, it is possible you are currently being attacked and need to take swift action.
How is negative SEO conducted
If you practice white hat tactics, then you will be familiar with some of the black hat activities that can get your site penalised.
If you’ve ever been in the unfortunate position of being penalised, you’ll know first hand how damaging it can be for months, or even years, which is even more devastating when it is someone breaking down your defences to raise themselves.
There are many ways an external body can harm your organic performance; take every negative from the Google Webmaster Guidelines and someone can do this to your site to cause a penalty and attack your organic performance.
Link farming is when there is a group of websites that all link to each other, much like a clique.
Some farms are created manually, but the majority are born automatically. As with most black hat tactics, the aim is to reduce effort. This technique, especially if it is automated, can result in thousands of backlinks.
One of the strongest rules in Google’s Webmaster Guidelines is to not have spammy links pointing to your site.
If you’re not regularly checking your backlink profile and using the disavow file, your website will be penalised, losing rankings and traffic overnight if someone used a backlink gun and pointed it at you.
Remember, backlink detection tools may not pick up all of the backlinks, they have to crawl the web to find them or, the toxic domains can prevent their sites from being crawled by specific backlink detection tools. This means you won’t be able to see them.
We advise to use multiple tools to increase the chances of detecting toxic backlinks.
Conduct a backlink audit to highlight spammy links. The biggest indicator is often a large number of referring domains all sharing the same IP address or Sub-c net. Your audit should include:
- URL Redirects
- Negative Reviews
- Website Hack & Malware Attack
- Duplicate Content
A DDoS Attack is a distributed denial-of-service. In simple terms, it is the act of attempting to disrupt traffic to a targeted server by flooding a website with traffic from bots. This can cause an internal server error and crash the site.
Not only will it affect traffic and conversions, but if search engines crawl the site whilst it is down, it can also be de-indexed.
If you’ve been placed in #1 you can find that when you are back up and running, you may not get this position back without increased efforts in SEO.
- Notify your web hosting provider
- Ask your hosting company to provide you with a new IP
- Automate client communications to prevent a flood of phone calls
- Clear your logs to prevent the site from failing.
Injecting links is one tactic from a black hat that has hacked your site. This could be through several entrances, including Google Tag Manager, for example. It doesn’t have to be a competitor that is attacking you; it could be a previous agency you may have parted with on bad terms. Always remove access when parting ways with a third party.
If links have been injected into your website, these could be pointing to malicious sites with Malware. When a user clicks on these links, they will then be exposed to a security risk. When search engines follow this link, you will be associated with a harmful website and the performance of your website may suffer for it.
Crawl the website to pick up all links within the site. Analyse the list of URLs for any you don’t recognise and remove the source.
Modifying Content is a sneaky way of harming your website and can be very hard to detect if you have a large site.
The modification can be very small, such as changes to sentences for a poor user experience, or it could be large changes in imagery, layouts and functionality. The most common use for content modification is to spam the page with keywords in an attempt to penalise the page.
If you have found modified content on your site and you have a backup of your page, you will need to revert back to a previous file that does not have the offending content.
Content Scraping is a tactic some webmasters use. They copy content from other websites that are very popular to increase the traffic to their own domain. This is particularly frustrating when it works and you see a website that has scraped your content rank higher than you.
Duplicate content across domains will not cause a penalty, but in Google’s own words:
“In the rare cases in which Google perceives that duplicate content may be shown with intent to manipulate our rankings and deceive our users, we’ll also make appropriate adjustments in the indexing and ranking of the sites involved. As a result, the ranking of the site may suffer, or the site might be removed entirely from the Google index, in which case it will no longer appear in search results.”
If Google deems the scraped domain to be the more valuable one, your page could be deindexed.
Add a self-referencing canonical tag to every page.
De-indexing your site through website changes, such as adding a noindex tag or blocking the site from being indexed in the robots.txt file, can have devastating effects.
This does rely on the search engines crawling your site to detect the malicious code, but if you’re regularly crawling your website, then you should be able to pick these injections up quickly.
The resolutions are swift, but the recovery from any damage can take time.
Remove all instances of noindex tags and update the robots.txt file requesting Google to crawl the affected URLs again to speed up the indexing process.
How to protect yourself from negative SEO
There are so many avenues an external body can take to affect your organic performance negatively. The most basic steps to take to make sure you’re protected and detecting issues quickly are:
- Conduct regular backlink profile audits
- Regularly crawl your website for injected code and malware
- Set up email alerts for when your site goes down
- Ensure all parties that have access to your website and tools are authorised
- Run security health checks regularly