Unfortunately, the answer to this question is yes. Your site can be flagged and dropped entirely from the Google search index (i.e. blacklisted). This happens when a hacker injects malicious code onto your server. Google will drop it from the index in order to protect searchers’ PC’s from being compromised.
The images below illustrate an example of a site that has been compromised. While not immediately dropping the website from the index, blacklisting will bring your SEO to standstill, resulting in a significant loss of organic traffic.
Blacklisting will still turn away most visitors, as Google SERP’s will caution them from accessing the site, as illustrated below.
Because of the recent proliferation of such attacks, Google has launched the ‘Webmasters Help for Hacked Sites‘ support center. It outlines in detail the steps you can take to clean up your server and prevent your site from being dropped from the Google index. In the last few years, 130,000 webmasters have taken the necessary steps to get their sites listed again.
The charts below illustrate just how much of a problem compromised sites have become. This isn’t just for large banking or corporate sites, as you may have heard of in the news. This happens to sites small and large, with little to no traffic. In most cases, the hackers use automated processes to discover and exploit vulnerabilities on servers. In many shared and even dedicated hosting environments, these vulnerabilities are not protected against.
Source: Google Safe Browsing Initiative
Why Does Google Care?
Google cares because it doesn’t like being used as a gateway to malicious websites. Google’s success relies on user-trust, which is driven by its own dedication to quality. The existence of compromised sites makes Google’s job harder. In order to provide the same high-quality results, Google has to not only deal with auto generated content, link stuffing, hidden texts, and other black hat SEO practices, but also with much more complex scenarios such as Cross Site Scripting (XSS), malicious backdoors and other security related threats.
Compared to SEO malpractices, these threats are even harder to detect and their effect on users is much more devastating. After all, it’s one thing to provide your users with a SERP link to a duplicated content piece, but another to provide them with a gateway to a site which will steal their private data or inject their computers with malware.
This is the dilemma that Google is now facing. Security threats are too widespread to be ignored. Google lacks the means to effectively identify online threats.
Why Should You Care?
Not caring can get you blacklisted. Remember, Google can’t remove the malware from your site, so it will do the next worst thing – remove your site from Google all together.
Google blacklisting is an often overlooked collateral damage of a website hack. Even in a best-case scenario, getting back into the SERP’s will take a lot of time, resulting in a loss of traffic and revenues. In the long-term, this also means the loss of search ranking positions. There is no guarantee that you will recover your “pre-hack” rankings, even if all issues have been resolved.
The De-Blacklisting Process
Resolving the issue can be hard, costly and time consuming. While Google’s new help center provides some directions for getting listed again, its bottom line is:
“While we attempt to outline the necessary steps in recovery, each task remains fairly difficult for site owners unless they have advanced knowledge of system administrator commands and experience with source code…”
Such an endeavor is out of reach for many webmasters, especially shared hosting users. When the only alternative is a total loss of Google positioning, many would be inclined to pay hundreds to thousands of dollars for scanning and removal services.
Discovering a Better Alternative
At Cover Story Media, we are always on the lookout for a better solution, for ourselves and our readers. About a year ago, when security related concerns began to rise, we began scouting the web for reasonably priced and effective security services. After testing several products we landed on Incapsula, a CDN (Content Delivery Network) based security service, which we still use to protect our website today.
Incapsula is a reverse proxy service that positions itself between the website and its visitors to filter malicious visitors. At the same time, it will also significantly speed up your site by caching its content, optimizing resources and delivering it from a number of proxy locations across the globe.
Security wise, Incapsula will protect against SQL injection, cross site scripting, remote file inclusion, bots, DDOS, and more. Simply put, Incapsula is an extremely effective security solution, which also offers many speed related SEO benefits. Even the free version is enough to prevent blacklisting, because:
- Freely provided bot filtering will prevent automated attacks, the main source of grief for SMB (Small & Medium Business) sites, which are usually not specifically targeted.
- A recently introduced backdoor removal tool will identify and quarantine existing shells, helping you recover from hacks and making your site presentable enough for re-submission and de-blacklisting.
To give a better idea of what Incapsula can do, here is a snapshot of our dashboard. Notice the 72% daily cached volumes and the number of attacks that it blocked, just in the last three months.
Subscribe to SEJ
Get our daily newsletter from SEJ's Founder Loren Baker about the latest news in the industry!