What is that of negative SEO ? When we talk about SEO strategies to enhance web positioning, in most cases we are referring to techniques that improve our visibility in search engines.
But what if I tell you that there are also some SEO techniques that can negatively affect you?
In this case I am not referring so much to what I can do on my own website or blog, but rather what others can do to harm me.
Yes, in this modern online world there are also those who seek to improve their own web positioning at the cost of taking over that of their competitors.
Are we aware of the negative techniques that others could use to try to move our website away from the top positions in Google?
So I ask myself again:
Would we know how to defend ourselves so as not to lose web positioning?
Brandon has prepared for us an extensive article with more than 4,500 words, in which he will show us what are the negative SEO techniques that we could suffer and how we should protect ourselves from them.
I hope it helps you to take care of the positioning of your website!
How To Identify Negative SEO in Order To Protect Your Web Positioning From Malicious Attacks?
If you have been in the world of online marketing for a while, you have surely heard of SEO or search engine optimization of a website.
But did you know that SEO can also be used against you?
Sometimes, especially in very competitive markets, your competitors can use some techniques with the aim that your site loses positions or, in the worst case, is penalized. These techniques are known as negative SEO .
Those who have already heard about this, will surely think that this consists of pointing a lot of toxic links to the website of your competition.
But no, it’s not just that.
In fact, there are several techniques that can be used to do negative SEO to a site.
In this article I am going to show you 8 of the most common techniques and I will also tell you what to do to protect your website from them.
Is Negative SEO Possible?
I heard Google say no! 😉
In recent years, negative SEO has started to get a lot of attention, and Google is largely to blame.
Apparently he has always had the philosophy of punishing the “bad” instead of benefiting the “good”, which makes it possible for Negative SEO to exist.
Also, since the Penguin update was released, searches for “Negative SEO” have skyrocketed.
Why? Because Penguin focuses on sites with an unnatural link profile. And it is difficult to distinguish between links that you create yourself and those that a competitor creates to try to do negative SEO.
So Can Negative SEO Work? It’s Possible?
Yes, of course it exists and is possible.
Google’s stance is, for a change, ambiguous. Sometimes he says it’s not possible, sometimes he hints that it is, and other times he pulls out tools to disavow links ( known as Google’s Disavow Tool ).
Although negative SEO is not possible, what if it really is?
In practice, it has been shown that these types of practices do exist and can greatly harm the visibility of your site.
The best thing to do about it is to know some of the most common techniques and know what you can do to protect yourself from them.
Next we will see:
The 8 Most Common Negative SEO Techniques That Exist Online Today And How To Protect Yourself From Them
Things you must do to protect your website from a negative SEO attack:
On the borderline between legal and illegal we have hacking. It can take many forms, but here we are going to focus on two of the ones that most harm your web positioning.
This can be done in several ways. Some of the best known are with SQL injections, to get information from your database, or trying to steal your password directly with a brute force attack.
This obviously usually affects more sites made with some CMS such as WordPress or Joomla .
If they succeed and access your site as an administrator, can you imagine what they could do?
They could, for example, inject a link into your site pointing to theirs without you noticing. Or they could put a robot meta tag to tell search engines not to index your content, losing all your positioning.
To do this, a technique called XSS is commonly used. With this they can manage to inject you with a link or even some malicious code so that Google detects your website as infected with malware and loses positions.
But there are also other ways.
Another common way to insert code on a website is when you download plugins or paid themes for free . If you download and install it without checking it, you may also be installing some malicious code without knowing it.
How To Protect Yourself From This Type Of Negative SEO?
Easy! Use VERY strong passwords .
Example of insecure password: facchinjose_1974
Example of strong password: X9K! 0p2dJH9q86baixr @
To generate and store strong passwords, I use LastPass .
Monitor your own website for strange terms with Google Alerts .
This can be very helpful when they inject links to your site.
You just have to create a new alert and monitor something similar to this:
And set it to send you a notification the moment it finds something suspicious.
- If you use any CMS you must keep it updated yes or yes. This is necessary because it is easier for you to be hacked if you have previous versions of your CMS, since the vulnerabilities are already known. There are even sites where vulnerabilities from past versions of many CMSs are listed . This makes it easier for a hacker to know how to attack you.
- Have backup copies of your site, just in case.
- Monitor server logs. This is the most technical step you will see in this guide. It consists of downloading and analyzing the access logs from your server.
Regardless of all the possibilities that log analysis offers for SEO, let’s focus on discovering potential attackers.
For this, the content of the log must be extracted to an Excel document and filtered to search for access attempts to certain URLs.
Among Other Things, A Log Stores The Following Data About Who Tried To Access Your Website:
- Your IP.
- The date and time of the request.
- What request did (HTTP Request).
- HTTP status code (200, 301, 404, etc).
- User Agent .
In this case we are interested in analyzing the request made, the HTTP Request, and looking for suspicious queries. For example:
This will depend on the CMS they are using.
To understand a little more, here is an example:
There is a clear example of “someone” who has been trying to access my wp-login.php file, making a request every second.
Once the IP is found, you can easily block access by editing the htaccess file .
Another important aspect if you are using a CMS is to investigate what security plugins exist. In the case of WordPress, one very useful to avoid this type of access is WPS Hide Login .
There are also more complete WordPress security solutions such as Wordfence Security .
Before Moving On To The Next Technique, There Are Two Very Important Things You Should Always Keep in Mind:
- Google is supposed to notify you from its webmaster tools if it notices that your site could be hacked, but DO NOT trust yourself (and don’t forget that you must subscribe to email alerts). Sometimes it can take a long time to warn you and by then you will have lost positions. It is best to constantly monitor it.
- If your site gets hacked and Google sends you a message about it, after solving the problems don’t forget to send a request for reconsideration.
► 2. Server overload (DDoS)
These are the famous denial of service attacks.
The objective of these attacks is to overload the resources of your server so that it stops responding. Whether it goes down or stops responding to incoming connections, the site ends up down and not responding.
It is generally done using Botnets, which are often computers infected with some malware, so that it becomes a “zombie” machine and participates in the DDoS attack without knowing it.
This attack can also be carried out in other ways, for example:
- Buying visits or getting them through exchanges.
- Buy an attack of this style directly to your website.
These types of attacks are often not done in a negative SEO way, but they can harm your positioning.
For example, it can greatly increase the loading time of your website, which would cause your users to leave your site to begin with. If it is prolonged too long, you can lose positions.
In extreme cases, they can throw your website for several days. And if Google or some other search engine realizes this you can lose positions or be completely de-indexed.
How To Protect Yourself From Denial Of Service Attacks?
- Cache and minimize the files on your website and compress the images. In general, decrease the loading time of your site. Here’s a complete WPO guide to do it.
- Have Hotlinking protection active.
- Use a service like CloudFlare Pro .
- Actively monitor your website with a tool like Pingdom .
And if you discover that your website is being attacked, you should contact your hosting provider immediately to take measures that can mitigate the attack.
► 3. Theft Of Web Content
This is one of the most common attacks, they try to make you lose positions by distributing your content.
This can be in several ways:
- The basics: copy and paste your content.
- Taking the content that you publish in your RSS and publishing it on other sites.
- Take an article and distribute it on hundreds of sites with a link to your website.
- Clone your site completely.
The goal is for search engines to detect duplicate content on your site and suffer a loss of positions, and in the case of the mass distribution of your content, at the same time they send you many low-quality links.
How to protect yourself from theft of web content?
- Include links at the end of your RSS feed.
- Don’t post full feeds, just excerpts.
- Use a service like Copyscape or Plagium.
And if you are in a competitive market or your content has been copied several times, you can opt for Copysentry , a paid tool to check weekly if your content has been copied.
If you find a site copying your content, you can try to contact it, but since this surely won’t do much, you can report it for copyright infringement to Google .
► 4. Elimination Of Links
This attack is fortunately rare, compared to the others. However, when carried out it can be very problematic since they generally attack your strongest links.
How Do They Do That?
- They locate your best links. This can be done with various tools like Majestic or Ahrefs .
- They investigate the contact information of whoever is in charge of the website that links you. It can be directly through a contact form, locating an email on the site or looking in the domain registration information (Whois).
- They send an email posing as you or a partner on your site , asking them to remove the link.
Before it was a little more difficult to get it removed, you had to offer a very compelling reason. But Google has made it easier with its manual penalties (which is different from being a victim of Google Penguin!). Now all you have to do is ask them to remove the link they have to your site, arguing that you have suffered a penalty, and that’s it!
Ironic truth 🙁
How To Protect Yourself?
In the case of this technique, protection is a bit complicated, since it does not depend directly on you.
I will first mention what you should do if you receive such a request . Later, I will tell you what to do to decrease the risk of being affected by this negative SEO technique.
If you receive an email requesting the removal of a specific link alleging a penalty:
- Use a tool like SEMrush to check if you have actually missed visits.
- Pay special attention to the sender’s email address . Avoid taking into account emails sent from accounts in Gmail, Outlook or some other free service.
- If the email matches the domain it supposedly represents, answer it asking if it really wants you to remove that link, i.e. ask for a confirmation.
For what? It is not very difficult to send an email posing as another person. You can even falsify the mail and send it with the domain you want.
But what they can’t do is read your incoming emails and reply to them.
So asking for confirmation before deleting any link greatly reduces the probability of affecting a third party, which they probably want to do negative SEO.
What If You Want to Protect Yourself From This Type Of Attack?
- Always use emails with your own domain when contacting other sites for questions of links, reviews, guest articles and more.
- Keep a record of the links you have obtained to monitor them later. You can use specific tools for this, like Monitor Backlinks (from $ 25.42 / month) or Linkody (from $ 9.90 / month).
You can also do it manually using Scrapebox, or only its free Addon: Link Checker Tool .
You don’t need to have Scrapebox installed, just download the tool and run it.
To use it you need to create two .txt files. In one you will put the list of your inbound links and in the other the URLs or domains that you want to verify.
1) Here you select the txt that contains your sites
2) Here, the txt that contains your links
3) If you check this checkbox, this tool will take into account only the domains of your sites. That is, if you put in your file:
The Link Checker will search for links that point to any of the pages in domain 1 or domain 2. Do not select it if you want to search for backlinks to specific pages.
4) Here you can adjust the number of “threads” or simultaneous processes to be executed. The higher that amount is, the faster it will finish verifying your links, but it will consume more RAM memory.
At the end you can export the pages where a link was found and where it was not.
If many pages return an error, click the “Remove” button to remove those pages where no error has occurred , wait a couple of minutes and start the scan again.
► 5. Negative Links
This is one of the most common negative SEO techniques and one of the easiest to perform.
It is enough to hire a package of 10,000 links on some website such as Fiverr or SEOClerks, point them to your website with ‘rare’ anchors and you can start losing positions and visits.
What if instead of 10,000 100,000 links point? You can imagine.
What they do not take into account is that many times this can not only be useless, they can also end up helping the site they want to harm . It depends on many factors: the authority of the site, its age, the quality of its inbound links, etc.
How To Protect Yourself From Negative Links?
- Get strong links.
How many toxic links would have to be created to harm Wikipedia?
With its tens of millions of inbound links and all the SEO metrics on top, I think a Negative SEO attack with toxic links would be completely useless.
If you get quality links you can increase the authority of your website, so it will be more difficult for the toxic links created to harm you . They could even improve your web positioning.
- Monitor your links.
Periodically audit your inbound links .
Depending on your market and the situation of your website you can do it monthly, biweekly or even weekly if you suspect that they could be doing negative SEO.
Of course, do not limit yourself to using only one tool . Get all the links you can, use Google Search Console (formerly Google Webmaster Tools), Majestic, Ahrefs, Moz, Cognitive SEO, Open link profiler, SEMrush … all the link sources you can.
Put them all together in a spreadsheet, eliminate duplicates and start reviewing those links that seem suspicious to you.
This is the stage when you should be more careful.
Not All Links That Look Negative Are!
Some criteria that you can follow are to know which links could be negative are:
- Links with rare extensions like .ru or .tw
- Links whose SEO metrics are very low or null. Whether you use Moz metrics (Domain and Page Authority, etc.), Majestic (Trust Flow, Citation Flow), Ahrefs (URL and Domain Rating) or some other.
- Links with ‘rare’ anchors.
- Links with highly optimized anchors.
Once you have this list it ‘s a good idea to give it a little manual review anyway , lest you disavow links that might be helping you.
When you have all of these links, put together a file to send to the Disavow tool.
Before Finishing This Point, You Have To Consider Two Things:
- You do not have to submit a request for reconsideration. That is only for cases where you are manually penalized. Google alerts you from its Search Console when that happens.
- Google has said several times that submitting links to the Disavow tool is like telling Google to take those links as if they were nofollow. So, if you send links that are already nofollow, in theory you are wasting time.
But who knows…? You can still send them as long as the final file doesn’t weigh more than 2 MB. And trust me, it won’t weigh 2MB, you would need too much text for that.
► 6. ORM Negative
With ORM I mean the negative manipulation of the online reputation of a company or person. (ORM = Online Reputation Management.)
Although it may not affect SEO, here we will focus on those cases where they do, specifically when, due to an attempt to ruin someone’s reputation, they displace it from the search results.
If so, either your competition may remain part of your visits or you may see your income decrease due to negative comments positioned on Google.
How To Protect Yourself?
The first thing you should do is make sure you DOMINATE the results of the first page of the search engines, at least for searches related to your brand.
Obviously your website should be the first place, and then you have several options to position. For example:
- Profiles on social networks: Facebook, Twitter, Google+, LinkedIn, Slideshare, Youtube, etc.
- Listed in quality directories
- Interviews on other sites
Anything relevant to your brand is better to have positioned on the first page. And in case any competitor wants to position himself, do some link building to prevent it.
And second, monitor with Google Alerts the searches that are related to your brand. You can also monitor searches such as “Brand + opinion” or “Brand + testimonial”.
When you see a new result appear, review it and if it is an attempt to attack your online reputation, act as soon as possible.
That is, start creating links to better position your own content, report false testimonials or content when you can and if necessary create new content (either on or off your page) to position yourself instead of the negative results.
► 7. CTR Manipulation
This is the famous “link-negative SEO” (although, as we have just seen, there are several ways to do it without using links, not just this one).
The CTR refers to the Click Through Rate, in this case focused on SEO. That is, it is the percentage of clicks your site receives compared to the number of times it appears in search results .
This CTR as a factor in SEO has become fashionable lately, although it is far from being “new” , as has its manipulation to improve the positioning of a site.
With “positive” manipulation came negative too, this is another negative SEO technique that a competitor against your site can perform.
But before I show you how you can detect if you are being the victim of such an attack and what to do about it, I want to ask you a favor …
Don’t believe everything you read.
Specifically, those sensational articles that aim to get more visits by exaggerating things or even inventing them.
And I say this because in the case of the CTR, that is abundant today in the Hispanic blogosphere.
CTR is not a new factor and its manipulation (positive or negative) is not.
An example? This 2010 article on the Distilled blog. The article is about negative SEO and various techniques that can be used are discussed.
If you read carefully, you will see that the manipulation of the click through rate is already mentioned, by the hand of a true black hat magician: Ralph Tegtmeier .
How to protect yourself?
Before you begin, you must first make sure that this is an attack of this type.
There are several ways to do this, but the easiest is using Google’s webmaster tools (Search Console).
You should go to the search analysis section and review the number of clicks and impressions you have had, comparing them with the previous period.
And What Are We Looking For?
Normally if you have a better average position, you will have a higher CTR. And if your position decreases, your CTR will also go down. But if your position holds or rises and your CTR drops a lot, something may be happening.
To look for signs of a CTR manipulation attempt you must first take into account that this works by keyword , so you have to identify what might be the target of the attack.
In general, if the impressions increase, the CTR falls and the position is maintained, it could be an attack of this style .
Detecting this is more difficult than it seems, and there are several things to consider. Some of them are:
- That rise in impressions, could it be something natural? Check average searches on Keyword Planner and Google Trends .
- If the CTR is down, could it be because the competitors are simply doing better? Check the snippets that appear in Google searches. Search Rich Snippets and check the wording of the titles and meta descriptions.
- Google almost never offers us exact data in its tools, but it is the “least worst” of what we have. Still, I have seen that many times the “Position” column returns quite rare values. So, at least in these cases, monitor your positioning with an external tool.
You can be seeing in Search Console that your CTR has dropped and that your position is theoretically the same, but check with some external tool that you have actually lost positions.
In that case, it is not a negative CTR manipulation.
Fortunately, it is difficult to harm a site with such an attack. And I say fortunately because detecting it is a bit complicated.
If you think you might be falling victim to a negative SEO attack, check everything else first . And if as much as you are looking for you do not find what could be the cause, maybe it is this.
Finally, the CTR may or may not be used as a factor to position a site. In other words, it is used in some searches and not in others, according to Gary Illes .
So all the more reason to leave this negative SEO technique for last.
Now, if you have already come this far and think that you may be suffering an attack of this type, it only remains to do the same but to improve your CTR.
Whether it’s asking your subscribers or followers on a social network to support you by doing a certain search, clicking on your result and browsing a little on your site or using a bot.
One option may be to use PandaBot.
► 8. Take Advantage Of Your Broken Links
This technique is one of the least used, but still it is advisable to be vigilant . Especially since it is easy to prevent.
It consists of the following:
- They scan your site to find broken links.
- They check which of those broken links point to sites that no longer exist.
- If the domain is available, they buy it.
- And they fill it with spam.
There are even programs (and at least I know of one) to create “anti optimized” pages. That is, with all the On Page techniques to make possible spam. And with a single click!
Thus, without knowing it, your site will be linking to one or more sites full of spam, which could harm you.
The solution is to simply monitor the broken links on your site continuously.
And to do so there are several alternatives:
- Do you use WordPress? There are plugins for that: Broken Link Manager .
- Use some software like Xenu (free), DinoRANK or Screaming Frog (free with a limit of up to 500 URLs or ~ 135 Euros) to track your broken links.
- Scrapebox: This Swiss Army Knife SEO also allows you to check the broken links on your site using a free addon called “Broken Link Checker”. However, you must have a Scrapebox license to use it.
Monitoring your broken links is important to offer a good experience to your users, but now you have another reason to do it: avoid a possible negative SEO attack.
Have you got here?
Perfect, now you know more about negative SEO (and how to protect yourself from it) than all those who believe that the only way to do this is by sending toxic links to a website.
To finish this article I am going to list the main steps you should do on your website to protect yourself from the most common attacks:
- Sign up for Google webmaster tools (now Search Console) and enable email notifications so you don’t miss a thing.
- Keep your CMS, plugins and themes always updated. Don’t forget to back up your site.
You should monitor these four things quite frequently:
- Your links . Both inbound (backlinks) and internal (to detect broken links).
- Your content. To see if someone is duplicating or distributing it.
- Your website. Use Pingdom to monitor if you have a fall.
- Searches related to your brand. In case someone wants to position yourself in your place and damage your reputation.
If you do this you will not have to worry much about your competition doing a negative SEO attack without you realizing it and making you lose positions.