How to Safeguard Your Website from Hacking & Manual Actions

  • 1.0K
  • 1.2K
Brent Csutoras
Brent Csutoras SEJ STAFF
How to Safeguard Your Website from Hacking & Manual Actions

If you’re an SEO professional, you don’t ever want to receive this notification on your (or your client’s) Search Console dashboard.

“This site may not perform as well in Google results because it appears to be in violation of Google’s Webmaster Guidelines.”

This dreaded message means Google has taken a manual action on your website, which can be due to any of the following reasons:

  • Hacked site
  • User-generated spam
  • Unnatural links to your site
  • Thin content
  • And so much more…

Security threats and search engine penalties are critical issues that can hurt your rankings and your bottom line. You need to avoid them from the outset. To achieve great SEO results, you need to ensure that your website is well-protected and properly optimized.

I had the pleasure of moderating an SEJThinkTank webinar last October 18, presented by Eric Kuan, Webmaster Relations Specialist at Google. Kuan talked about website security and manual actions, and how webmasters and SEO professionals can avoid getting hacked and penalized. Here is a recap of the webinar he gave.


How to Keep Your Website Secure

According to Google, the number of hacked sites increased by approximately 32 percent in 2016 compared to 2015, and this trend is not expected to go down. Aggressive hackers prey on vulnerable websites, and if you don’t secure your outdated site now, you might be the next target of their attack.

Common Types of Website Compromises


Hacked spam is the most common type of website compromise. Spammers inject content into a legitimate website in order to drive traffic to a malicious or deceptive site. A hacker might redirect content to pharmaceutical, gambling, or pornographic websites that can cause real damage to your actual site.


Malware is any piece of software that was written with the intent of doing harm to data, devices, or people. Malware can directly affect your website users, which is why Google provides strict warnings.

Credit Card Skimming

Credit card skimming is a fairly new security threat that affects e-commerce platforms. It can also be considered as one of the most dangerous compromises for consumers as credit card data is stolen. Thus, it can hurt your reputation if you don’t address this immediately.


A botnet is a network of computers infected with malicious software and remotely commanded and controlled by cybercriminals called botmasters. Botnets steal your resources in order to do malicious things like crack passwords or crack other sites. This type of compromise is difficult to detect, often bypassing anti-virus and security tools.

Make Web Security a Priority

You should always put web security on top of your list.

Hackers are constantly looking for exploits. Check your log files constantly so you can spot and fix any compromises right away.

Pay attention because only a single weak link is needed to break the entire chain. You can do 98-99 percent right in website security but if you neglect that 1-2 percent, you’re still vulnerable to compromises. Hackers can exploit that one weak link and undo all the security measures you’ve done.

Whether you’re a small or a big brand, you can get affected by website compromises. No one is 100 percent immune to these types of security issues.

Why Should You Care?

If your site is hacked, a lot of damage can happen:

  • Users cannot access your site.
  • You and your user’s data will be compromised.
  • Your brand’s reputation will be affected.

Aside from the above damages, fixing a hacked site, finding the vulnerability and re-securing lost data can be extremely difficult. Hackers will constantly try to keep a hacked website hacked. Therefore, they will do things that can prevent you from spotting the compromise, such as cloaking and file injection.

The best thing way to avoid this inconvenience is to secure your website properly.

What Can You Do?

Here are the steps you can take to avoid your website from getting hacked.

1. Sign up for Search Console

Once you’ve added and verified ownership of your site in Search Console, Google will send you critical website notifications such as vulnerability and hacking warnings that you need to pay attention to.

2. Keep Security at the Forefront of Your Strategy

Talk to everyone who works on your site – developers, marketers, SEO professionals, etc. – and make sure that they understand the importance of security.

3. Back up Your Site Regularly

This is one of the most effective ways to recovering your site when it has been compromised, but not all webmasters do it. If you have a backup of your site, it will be easier to revert it to its original state prior to getting hacked.

4. Keep Software Updated

Keeping your software updated is the easiest thing you can do to prevent your site from being compromised. Most of the compromises Google sees are from outdated software such as content management systems (CMS), plugins, etc.

If you’re using a CMS or e-commerce platform, sign up for their newsletter and be on the lookout for emails saying you need to update the software due to security risks.

Talk to the people who are working on your site because sometimes making updates to the software can cause certain plugins to break or become incompatible.

5. Consider Investing in Security Software

If you’re not an expert in securing your site or you think you need an added layer of protection, you can invest in a security software.

A Quick Word About HTTPS

HTTPS is about encrypting the information transmission of your website, which is a good practice that can help keep user data secure. This is related but different from securing your website from intrusion.

Google urges using HTTPS everywhere. If you have limitations, then use it on any sensitive data that gets passed like passwords or credit cards. Google’s Chrome browser will now notify if sensitive info is being passed on non- HTTPS.

How to Avoid Manual Actions

What is a Manual Action?

A manual action is an adjustment of a site that is manipulating Google Search. Manipulative behavior is:

  • Anything done to trick search engines
  • Deceptive behavior (e.g., cloaking, unnatural links, scraping content)
  • Not limited to a specific set of rules

What Should You Do?

Check Webmaster Guidelines

Make sure to follow and understand Google’s Webmaster Guidelines. Don’t resort to manipulative behavior to game the search engine – it will do you no good.

Don’t Be Overly Concerned with Manual Actions

If you’re building a good website for your users, you aren’t going to get penalized. A manual action is reserved for webmasters trying to do something tricky in order to manipulate search rankings.

Improve Ranking by Focusing on Your User’s Needs & Technical SEO

Talk to your users about how you can improve their experience on your website. Google focuses on bringing users to sites that would be most helpful for them. Therefore, if you listen to what your users need and give them what they want, you should have no difficulty ranking well.

You should also make sure that your website’s technical SEO components are on point so that Google understands it properly.

What is a Reconsideration Request?

A reconsideration request is a request to have Google review your site after you fix problems identified in a manual action notification. Reconsideration requests are manually reviewed by the Google Webmasters team.

Characteristics of a Good Reconsideration Request:

  • Demonstrates understanding of the problem
  • Details how the problem was solved

Characteristics of a Bad Reconsideration Request:

  • Submits a blank site
  • Doesn’t detail what was changed
  • Completely tears down a site

If you aren’t aware of the problem, get help from experts.


Key Takeaways

  • Prioritize web security
  • Follow Webmaster Guidelines
  • Don’t worry unnecessarily about manual actions

Video Recap: Google on Website Security and Manual Actions [Webinar]

Watch the video recap of the webinar presentation and Q&A below.

Here’s the SlideShare of the presentation as well.

Join Us for Our Next Webinar!

Discover 10 strategies to localize paid search and Facebook ads to generate more conversions and revenue. Join DialogTech’s Blair Symes and Katie King for our next sponsored ThinkTank webinar on Wednesday, June 13 at 2:00 PM Eastern.

10 Local Strategies to Drive More Customers from AdWords & Facebook
Brent Csutoras

Brent Csutoras

Chief Marketing Officer at PeakActivity

Chief Marketing Officer at PeakActivity and Managing Partner at Search Engine Journal. Brent has over 10 years experience in Social ... [Read full bio]