We know that losing control of our website via hacking is never a good experience. And with algorithm changes under way, it may get a little more complicated ranking-wise.
Google announced recently that they’re rolling out a series of changes to their search algorithm that “aggressively” targets hacked spam in search engine results pages.
In a post on the Google Webmaster Central Blog, Google software engineer Ning Song wrote that they are removing hacked sites from Google’s search results:
“We are aggressively targeting hacked spam in order to protect users and webmasters.
The algorithmic changes will eventually impact roughly 5% of queries, depending on the language. As we roll out the new algorithms, users might notice that for certain queries, only the most relevant results are shown, reducing the number of results shown:
The algorithm change will affect only “spammy queries” and not the normal queries.
Hacked sites have long been a problem for webmasters and site owners not only for ranking issues, but also for reputation management and other related concerns. Damage control after regaining control of your site will likely include beefing up defenses, checking content, and recovering any loss or drop in rankings—all of which are tedious and technical.
After pure spam, hacked sites are the second most common reason for manual actions, as Google penalizes sites that are hacked and are no longer providing content that originally brought in the rankings.
What the Hack
Google removes hacked sites from its search results as a protection for users. Google’s Matt Cutts said in a 2008 blog post that more than redirects and affected user experience, they remove hacked sites from SERPs to keep malware and other infections from spreading.
Using a hacked blog as example, Cutts explained that some sites may be hacked to show certain links, “but what if the hackers had hosted malware on your site? Then every user to your site might have gotten infected just by visiting your site. “
“That danger to Google users is one of the reasons that we temporarily remove hacked sites from Google,” added Cutts.
Another point Google wants to made clear is that they are doing this for the users; “users tell us loud and clear that they don’t want to be sent to hacked sites, because of the potential danger that they represent.“
“Even though it’s stressful to be removed from Google, I hope you understand why Google might not want to send users to a hacked blog.”
Content and Hacked Sites
In their announcement about the algorithm changes to counter hacked sites, Google said this is part of their campaign “to weed out the bad content while retaining the organic, legitimate results.”
Bad content (in this case, hacked content) gives poor search results to users, and as we know from several warnings and updates, Google looks down upon anything that makes search difficult for users.
Hacked content comes in different forms, the most common of which include:
- Injected content
These are pieces of malicious content injected into existing pages on your site or into frames, often in the form of malicious JavaScript.
- Added content
New pages added to your site containing spammy or malicious content. These are often added to manipulate search engines, harm site visitors, or affect site performance in search results.
- Hidden Content
Hidden content piggybacks on your site or page’s rankings by adding content that search engines can see, but are hidden from webmasters or users. This can include hidden links or texts via CSS or HTML, or more a complex technique such as cloaking.
- Redirects
These malicious codes injected into your site redirect some users to harmful or spammy pages. The redirect often depends on the device, often on mobile.
Still, the best way to fight hacking is to prevent it. Google has a help center for site owners, webmasters, and SEOs to learn more about hacked sites, prevention, and damage control.