SEONONOsOver the past year Google has noted that site hacks have increased by 180%. That means tens of thousands of website are hacked every day. A site hack can significantly damage your site authority and decimate your organic search traffic. Google may even blacklist your site if they feel it is dangerous to users. Hacked sites may become dangerous if hackers insert malware or inject your site with other malicious code.

We recently worked with a company whose site was hacked and they immediately lost 65% of their organic search traffic. Fortunately, the developers were able to re-secure the site in a timely fashion and a penalty was avoided.

What Does a Hack Look Like?

Site hacks vary depending on what kind of hack it is. One type of fairly common site hack is the result of black hat SEO techniques that steal authority and traffic from unsuspecting sites.

The example below shows the search results for the name of the company whose site was hacked. The company is a homeopathic medicine blog, but the site hack replaced all their metadata with that of Tiffany ABC. If searchers clicked on the URL for the homeopathic medicine blog from Google they were instead redirected to the Tiffany ABC website. Bummer!

SEO Site Hack Example



How to Tell if Your Site Has Been Hacked

Sometimes it’s easy to spot a site hack, other times not so much. I recommend entering your URL into the Free Securi Sitecheck.

Website Malware Checker











You can also perform a quick site search on your domain name to see if anything fishy is showing up in the search results. To conduct a site search you simply type: into Google.

When I conducted a site search on the homeopathic medicine blog I discovered additional problems:image3

How to Protect Your Site From Hackers

Always Update your CMS, Software, and Plugins

Some of the most common hacks and malware schemes occur when hackers find holes or vulnerabilities in various plugins or software. CMS systems like WordPress and popular plugins like Yoast provide regular updates to combat hacking, so be sure to always have the latest version of all your plugins and software. For more details about how to avoid site hijacking, especially Facebook business pages, read through Justin’s post here.

Ch00se G00d Pa$$w0rds

Somewhere along the way we’ve forgotten why passwords were ever created in the first place – to protect your stuff. Passwords are not just an obnoxious step for getting from point A to B. Having a ridiculously easy password is like never locking up your bike. You hope no one will take it because that would be wrong. Then it gets stolen and you despair at the state of humanity. You can avoid all that emotional turmoil if you just get a good bike lock – or choose a really good password.

SplashData annually collects the worst passwords. Aside from the expected terrible passwords like “12345” or “password,” my favorites are:

  • Dragon
  • Monkey
  • Letmein
  • Master
  • Trustno1

Let Google Help You

Google Search Console is your official communication channel with Google. Pay attention to the messages you receive through Search Console. If you have security issues Google will report them there.

Google may also send you other helpful security messages like the following, where Google sent this site a message letting them know they need to update WordPress. Thank you, Google.

Search Console's Update MessagesIn addition to help provided through Google Search Console, Google Webmaster Support has launched an entire no hack campaign to help site owners protect their sites.

For more information visit the following resources:

If you want to learn more about SEO dos and don’ts, check out the rest of my posts in the SEO No-Nos series.