Now why would I say your account has been hacked? Good question, and the answer will surprise you. It did me!
We did a maintenance survey recently of the sites using our MasterSiteManager software (now retired) for their SEO rank tracking and monitoring, and what we found was shocking even to us!
Almost 1 in 50 client sites that we monitored showed that they had on average over 200 outbound links on them (in other words – they got hacked).
1 in 50! Wow!
But that’s also a pretty good indication of how wide spread and prevalent the issue is on blogs all over.
Think you know how many “Outbound links” your site has? Maybe not!
Knowing EXACTLY how many outbound links your site has isn’t just about SEO, and funneling page rank anymore.
When hackers break into your site they are far more likely to hide links on home page to game the search engines than do much of anything else like messing with your homepage, planting a Trojan or crashing your server/site.
If you’re not constantly checking the HTML code of your home page you will have no idea that you’re a victim of link spam.
The good news is hackers are pretty greedy and if they’ve taken the time to break into your site, they usually don’t just post 1 or 2 links – they post hundreds!
So if you see the number of outbound links on your site jump dramatically, (upwards of 200-300 over night) it’s likely that a hacker has managed to get in and plant links to his porno / casino / sex drugs web sites.
Check your source code on your site ASAP!
Da*m! I got hacked. What happens now?
If your site got hacked with a huge injection of bad links, what happens in most cases is that at first Google will depress your rankings because your site is linking to “Bad Neighborhoods”.
Google will hit you with an algorithmic penalty and then after a period of time (Google won’t say how much – but we are thinking 60-90 days based on what we’ve seen).
If you fail to correct the issue, Google will just de-index your site altogether. Ouch!
Here’s an example how bad the problem is with blogs using WordPress: http://www.backup-technology.com/hundreds-of-uk-government-school-university-websites-hacked/
Now if something like this happens to your site, it is correctable but it’s a huge pain in the you know what, as you’ll have to go in an modify the WP database table on your site.
Sadly restoring the blog/site from a backup won’t fix the problem in most cases. Instead you need to to clean your blog and purge the infection.
Getting back to links for a second. To monitor the back links pointing to your site, the cheapest solution is Google Webmaster Tools.
Just log in to your Webmaster Tools account and click on the Traffic link, then the “Links to your site” heading. Traffic>>Links to your site
Now remember these basics for On-Page SEO:
- If you have a site with a high number of outbound links on it you need to remember that each of these links will have less power than if it had only 3 or 4 outbound links, plus it looks “spammy” and Google may ding you as well for “poor usability”.
- You may want to work at lowering the number of outbound links on the site (or at least your home pages) so that its links to your “money” site have more power in them. And be VERY selective who you link out to.
- Add a “no index” tag to any links you have in your footer.
- Keep your product descriptions unique. In other words, don’t just use the description your product suppler gives you – EVER.
- Try to keep the total number of out bound links (Links that leave your site) to no more then 2-3 per page.
An Ounce of Prevention Goes a Long Way..
The easiest way to avoid this nightmare is to prevent it before it happens. Which is actually pretty easy using some WP Plugins.
My personal favorite security plugins for WP are: iThemes Security (used to be called Better WP Security).
iThemes Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.
Next up is BulletProof Security – BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.
One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. Security Logging. HTTP Error Logging.
Personally the web host I’m using determines which of these plug ins I use. I think iThemes Security is easier to set up but both are very good offerings and both are free.
Till next time,