Yoast has conducted research and determined that over the past year, SEO spam attacks have grown in scale, particularly on WordPress sites, targeting internal site search.
Although this type of attack does not directly impact the optimization of your website, it does end up generating unnecessary costs, both in terms of time and resources. Your website can be compromised and you often won’t even know it. See what Yoast experts think about the matter.
What is “Negative SEO”?
According to Yoast, SEO professionals are divided on whether there is a “negative” or “positive” SEO. From this perspective, while some websites focus on optimizing their pages and using proven strategies to sri lanka whatsapp data improve their positioning, there may be brands that seek to harm the visibility of other websites.
Google claims that most websites don't need to worry about this, however, there are many people who are actively attacking other websites through internal search.
How can spammers use your site's internal search?
Most WordPress sites have an internal search feature, which can be accessed via the URLs “yoursite.com/?s=example” or “yoursite.com/search/example/”.
What many “spammers” do is insert some keyword into these URLs and display the result as if it were a search results page on their website. In other words, anyone can write an advertisement for illicit products or services, such as “https://yoast.com/?s=buy my fake rolex watch from www.example.com”, and “create” a page on their website that displays their “ad”.
The spammer could also write scripts and software to generate requests for URLs like this at scale, hitting multiple sites at once, or display these types of URLs in places like analytics accounts and server logs.
This practice, in addition to causing annoyance, can negatively impact your SEO project, since, if Google identifies this type of problem, it can ban your site from search results.
Spammy internal search links
Yoast experts say that compromising your site's SEO is exactly the goal of these practices, so it's very likely that these people have a readily available network of low-quality spam sites.
For them, the goal isn’t to rank their sites in search results, just to get their fake links crawled. Once Google identifies and starts crawling these pages, problems start to appear.
In addition to these links reaching real users of your website, causing you to lose credibility and authority on the internet, when generated in mass, these links compromise Google's ability to crawl your real pages.
Another important point is that these pages can appear in your reports, as in the image above, and end up “disguising” the real problems that your website may have with SEO, as the amount of false information causes this data to go unnoticed, both by you and by Google.
What are the possible impacts?
Some of the main problems cited by Yoast are:
If SEO analysis is not performed to fix these issues quickly, fake pages can be crawled, indexed and ranked, causing damage to the brand;
As these pages are heavily linked (by spammers), Google may understand that this is content that deserves to be indexed, so you need to ensure that your site's robot.txt files prevent the crawling of all pages that result from internal searches;
If you don't set a noindex tag for these pages, they may appear in your Google Search Console reports under "crawled but not indexed" and hide real issues with your pages.
Some more experienced spammers may dig deeper, exploring URLs that point to pagination of search results (?page/5/?s=example) or RSS feed versions of those results (/search/[spam]/feed/rss2/).
Some larger sites (which are often targeted by this type of attack) use Cloudflare's security system, a content delivery network, performance, and security platform.
With Cloudflare's features, your website's pages are monitored and automatically sent to IndexNow, and since spam pages "look" like pages on your website, they are sent there as well. In other words, this is another tool that could be impacted by attacks and resources will be wasted.
How to avoid this problem?
With Yoast SEO, the noindex tag is automatically applied to your search results page, which keeps these URLs out of Google. This way, even if you see this type of data in Google Search Console, it won't affect your SEO.