How big a threat to your website is link building hacking?

Remember when SEO was just about the keywords?  In 2020, search engine optimisation has changed beyond all recognition with businesses not just hiring one in-house expert but, sometimes, entire teams.  

Although keywords and phrases are still relevant in the SEO world, these days the focus has switched to Search Intent which is Google’s way of figuring out what the searcher is after; for example, to simply buy a product or, to compare a number of similar products through the search engine. This means that content that doesn’t match with search intent, simply won’t ascend Google’s ranks.  

Other changes within SEO include the move to video and voice searching and, the practice of cutting or morphing zombie pages in order to streamline SEO and improve ranking.  There are no end of new and forward thinking SEO methods popping up all the time; so much so that it often becomes a little like a digital marketing ‘whack a mole’ game.  

In fact, marketers are often so focussed on getting on board with the latest SEO trends that they neglect one really important factor – link building and, the ways in which their links can prove to be an open door for hackers.

Build it and they will come

Link building is probably one of the most important tasks that your digital marketing department will ever undertake.  

Researching, identifying and acquiring good quality links for your brand’s site is key to gaining authority, social media followers and, ultimately, new customers.  Pretty much a full time job, gaining good quality links and backlinks requires patience, finesse and diplomacy.  

It’s also a two way street as you need to ensure that you’re offering something in return for your links.  For example, providing high value content relevant to the content on the site you wish to link to.  It used to be that Google levied a limit of 100 links per website.  

Although this is no longer the case, less is most definitely more when it comes to your site’s links.  Additionally, always think in terms of quality over quantity as ‘bad’ or ‘spammy’ links can adversely affect your site’s ranking – and, that’s not even the worst that can happen……….

Link building hacks which are hurting your SEO

You are no doubt familiar with the term ‘hacking’ and, may even have been a victim of it.    

Check Your Backlinks

Get an Instant Insight Into Who Links to Your Site

Every time the tech bods come up with something new, someone, somewhere, will figure out a way to hack into it for their own benefit.  In the past, hacking has been a huge threat to our technology including social media, online banking and email accounts.  Less publicised is the practice of hacking a website’s links – however this is, by no means, any less of a threat.  

Link hacking can be incredibly harmful to a website’s ranking and, it’s something that you’ll probably never know about unless you’re actively looking for it.  As technology becomes more sophisticated, so too do the hackers and, some of the forms of link hacking which are happening every day include:

Phishing Form

This is one that you’ve no doubt heard of.  So named because of the fact that it uses ‘bait’ in order to try to gain access to your website, phishing has been the downfall of many brands and individuals – including presidential candidate, Hillary Clinton’s, campaign chair, John Podesta, who once inadvertently handed his Gmail password over to hackers.  

In terms of website links, hackers will poke around to find vulnerabilities in your website’s security in order to gain entry to the folders and files on your server.  They then place HTML pages onto your server and, style them to look like they belong to your site.  

Common forms that these take are appointment booking forms, newsletter response forms and payment forms.  In some cases, these hackers, or phishers, gain access simply by guessing at a weak password.  Not only do these ‘rogue’ pages not show up on your CMS back end, but the URL of the page will actually become part of your domain – meaning that neither you or your customers will even realise that you’re being scammed unless you task an expert with looking for such pages.

Content cheats

This one is mainly a warning for those using WordPress sites and, in particular, older versions.  In this technique, sneaky hackers will identify weak spots in your site’s security in order to break in.  Once inside, they place their own content onto your blog thread or roll which allows them to take advantage of your domain authority to piggy back your links to lead them to their own site.  The reason for this is that the hacker is attempting to improve the ranking of his or her own site by taking advantage of the links on yours.  

This is really harmful to your site in a couple of ways; firstly, it’s the kind of activity which may harm your ranking if it’s spotted by Google.  Secondly, you’re likely to lose the good faith of the site that your links are leading to.  This one is a little easier to spot as it involves simply checking your blogs and content regularly for anything which doesn’t belong there.

Link Insertion

We’ve talked about hackers getting into your site in order to piggyback onto your links but they also, sometimes, leave something behind.  This hacking technique is used for the sole purpose of inserting a link from your website to the hacker’s own to improve their own ranking.  

This can also serve a dual purpose of redirecting your customers from your site to one of their own.  This kind of hacking can be a massive blow to your business as it can tend to erode the trust of your customers as well as chipping away at the authority of your site.

Negative SEO

One of the more malicious forms of link hacking, you’d be hard pressed not to take this one personally.  This technique involves the deliberate insertion of a link from a ‘bad’ site to yours by a third party.  In many instances, the hacker will use a ‘malicious bot’ to scour the internet for vulnerable sites to infiltrate with the bad links.  

Far from just a prank, this kind of hacking can quickly damage your reputation with visitors and customers, can affect your ranking and, can even involve a hefty Google penalty.  When a tool is used, it’s often impossible to find the identity of the hacker – which means you’ll have a tough time convincing Google that the problem wasn’t your fault.

The penalties

The above are a few ways in which hackers can compromise your website – and they can all have dire consequences.  These days, Google takes infringements like this extremely seriously – and isn’t shy about handing out penalties when infringements are identified.  

So, what does that mean?  Here, we’ll take a look at the kinds of penalty you can expect should you fall victim to link hacking.

One of the most common problems that businesses have is in not knowing that they’ve actually received a Google penalty. You should, after a digression, receive a manual action report via your Google Search Console informing you of the penalty and, informing you of the 13 steps for recovery that are available to you.

Check Your Backlinks

Get an Instant Insight Into Who Links to Your Site

Some people, however, do not recognize this message or, simply dismiss it. If you’re not sure whether you’ve received a Google penalty, either recently, or in the past, you can use a penalty indicator tool such as Website Penalty Indicator to check this for you.

When figuring out if you’ve been hit by a Google penalty, a good indication is a loss of traffic or a decrease in ranking – not so fast though; these things don’t necessarily mean that you have received a penalty.  

Often, these are things that can occur during a Google algorithm update.  A couple of times a year, Google will update its algorithms such as Penguin and Panda which can cause disruption to your ranking either temporarily or permanently.  This means that, although it isn’t actually a penalty, it basically behaves like one!  

It’s always a good idea to use a tool to determine whether or not you actually have a penalty so that you can begin the sometimes time-consuming process of appealing the penalty in order to have it removed.

The penalty box?

When it comes to what Google refers to as ‘unnatural links’ to and from your site, Google tends to be pretty unforgiving.  Unnatural links can include:

  • Links which have been bought or acquired through link schemes
  • Links to or from malicious sites
  • Spam related links
  • Excessive link exchanges
  • Repetitive links
  • Irrelevant links
  • Low quality links

The penalties for breaking the laws of Google can go one of two ways depending on the severity of your misdemeanor:

A Google Penalty – This means that Google will push the ranking of your site down so that your site is less visible and attracts less organic traffic.  This, essentially, means less sales for you and more for your competitors.

Removal – For more serious breaches of Google’s guidelines, the company reserves the right to remove your site completely.  Needless to say, this could be disastrous for your brand until you are able to rectify the situation – which could be a few months.

The following are some examples of brands who have been caught out – and paid the price:

The Victims

In 2013, Christian Leadership University Online (CLU) realised that its usually excellent ranking had begun to slip.  After seeking professional help, a link audit revealed that the university had been compromised by hackers who had infiltrated its site with pages promoting counterfeit goods.  

Unbeknownst to the university’s webmaster, Google had penalised the site which explained the slip in ranking.  Thankfully, once the issue was discovered, CLU was able to explain the situation to Google and, thus, had the penalty reversed.

In 2016, former baseball star, Dave Winfield, was a victim of hacking when his website was injected with links to sites which promoted flea tablets for dogs, escort services and adult material.  

Subsequently, Google levied a penalty which saw Winfield’s site move down the ranks.  Having had no previous knowledge of the illegal links, the star had to pay for a professional to remove the links and, then, go through the process of convincing Google that the issue was (a) inadvertent and (b) now resolved.

Check Your Backlinks

Get an Instant Insight Into Who Links to Your Site

The Culprits

In 2010, world famous store chain, JC Penney, was penalised after Google discovered that it had indulged in ‘black hat’ SEO tactics.  During an investigation, it was discovered that the brand had bought hundreds of links with thousands of targeted keywords in order to gain boosted sales for the holiday season.  

As a result, Google pushed the brand off the top pages of its search engine and, JC Penney also lost the respect of many of its customers.

Thwarting the hackers

Without hiring a full time member of staff to keep an eye on your links, your site may never be 100% safe from hackers.  Having said that, there are some ways in which you can help to keep your links in and the hackers out.  These include:


At the beginning of this article, we mentioned that, hard as it is to believe, a large number of hacking incidents occur simply because a website’s security is too weak. You can help to keep the bad guys out by paying attention to your website security including:

Passwords:  Always make sure that your passwords are secure – which means making them hard to guess.  Your passwords should always contain a combination of letters, numbers and special characters to make them inscrutable to hackers.

Migrate:  If your site isn’t already running on HTTPS, it’s high time that it was.  SSL encryption is a great way of protecting the data transfer between your site and your visitors.

CMS:  Updating your CMS and plugins (if you have them) can help to keep the bad guys out as these protect against many common online threats.

Systems:  Check your computer systems for malicious software and spyware which may be giving the hackers a helping hand.

Backup, backup, backup:  It’s hard to overstate the importance of backing up your entire system on a regular basis to help your site’s security.

If you do suspect that your site has been compromised, it’s vital that you run a diagnostic as soon as possible to find out if that is the case.  In the unfortunate event that this has happened, you’ll need to do two things:

  • Take steps to remove the offending links – you may need to consult a professional to help you with this.
  • Follow Google’s process for re-inclusion.  Before doing this, it’s a good idea to carefully document everything that has happened and to include any evidence you may have which shows your site has been hacked.  Depending on the complexity of the issue, you can expect a response from Google within a few weeks or a few months.

Whether it’s a deliberate and malicious attack or, simply a hacker trying his luck by getting in on the action on your site, link hacking should never be taken lightly.  

Penalties can be as swift as they are harsh and, at their worst, can see your site excluded from Google altogether.  

It’s incredibly important to perform regular health checks on every aspect of your website to make sure that any problems are identified and tackled early.  

This also gives you a better chance of preserving the chain of evidence which you may need to present to Google in order to reverse the penalty.

Author bio:

Milosz Krasinski, Managing Director at web consulting company, international SEO consultant, speaker, blogger at