Connect with us


3 Ways To Find Hidden Spam Links & Text On A Webpage



3 Ways To Find Hidden Spam Links & Text On A Webpage

Every website on the Internet, no matter how small or large, is under some form of attack by a user-generated content spammer or a spambot.

Increasingly, many of the attacks are focused on hiding links because links are a high-value commodity, fetching hundreds of dollars each. The following solutions will help stop these attacks and keep your site safe from hidden links.

According to internet security company Barracuda, nearly 40% of all internet traffic is generated by bad bots.

If those bad bots are successful, the negative impact they can negatively impact the search visibility of a website through hidden links placed to malware and spam.

Many in the SEO community don’t think of website security as an SEO issue.

Consequently, many SEOs working in agencies and in-house don’t make security scanning a priority because it’s not traditionally thought of as part of SEO.

But security quickly becomes an SEO priority the moment a site loses ranking. So, it’s best to be proactive and not reactive.

The best SEO integrates security into their process, even if it’s to make sure that the developer team is keeping on top of it.

Here are three ways hidden links make it onto a site and the ways to keep it from happening.

1. Old And Out-Of-Date Plugins And Themes

SEO spammers purchase popular plugins and themes that have been abandoned or are not regularly updated.

The commerce in links is lucrative so it makes financial sense to purchase semi-abandoned themes and plugins in order to add backdoor access for the purpose of adding spam links to the sites.

WordFence published an article about plugin spammers a few years ago that detailed how the spammers paid $15,000 for just one plugin.

While that sounds like a decent amount of money it has to be put into context that links can be sold for $500 each.

So, gaining access to 20,000 sites through a single plugin creates a huge opportunity to illicitly sell scores of links on every site that uses that one plugin.

In that scenario, a spammer only needs to sell 30 links to recoup their investment, and the rest is pure profit.

The attack documented by WordFence describes that after the purchase of the plugin, the new owners updated the plugin to gain access to over 200,000 websites that used the plugin.

WordFence reported:

“On June 21st, the first release of Display Widgets under the new author went out. Then on June 30th there was a second release, version 2.6.1, which included the malicious code… this code allowed the new plugin author… to publish spam content on any site running Display Widgets.

There were approximately 200,000 sites using Display Widgets at the time.”

How To Protect Yourself From Plugin And Theme Spam

Always conduct an audit of plugins and themes that are used on a site. Make sure that the plugin is regularly updated and has not been abandoned.

If the plugin or theme appears to have been abandoned then the safest course of action is to seek out another plugin that is still being actively updated and improved.

Additionally, many plugins need to be updated because the WordPress core, PHP (the software that WordPress runs on), and many popular JavaScript libraries that power themes and plugins are all constantly updated, which means that plugins and themes also need to be updated in order to preserve their functionality.

Most plugins are constantly evolving and improving their usefulness. It’s normal for plugins and themes to be regularly updated, so it can be a warning signal if a plugin has stopped being updated.

The most obvious way to protect yourself from becoming a victim to plugin and theme spam is to audit your themes and plugins at least once a year (twice a year is even better).

Check each plugin and your theme to see when was the last time it was updated.

I know this might sound harsh but another warning sign to look out for is if a theme or plugin isn’t particularly popular. A lack of popularity can sometimes mean that there’s a better software product out there that most people use.

Take some time to investigate if there are better options out there.

Tools To Use To Protect Against WordPress Plugin Spam


Wordfence is a leading security plugin.

One of the main differences between the free and the premium versions is that the premium version is constantly updated for new threats as they happen. The free version is updated for new threats every 30 days.

Both Wordfence free and premium are effective tools to protect against out-of-date or otherwise vulnerable plugins.

Wordfence features a security scanner that helps keep your WordPress site protected.

Wordfence describes the benefits of its security scanner:

“The security scanner included with Wordfence free alerts you when your site is running vulnerable or outdated plugins, themes, or core files.

Additionally, our scanner compares your core files, themes, and plugins with known clean versions in the repository, checking their integrity and allowing you to repair files that have changed by reverting them to a pristine, original version.

The Wordfence scanner also scans file contents for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections, and allows you to delete malicious files.”

Sucuri Security

Another excellent WordPress security plugin is Sucuri.

Sucuri has a malware scanner that can identify out-of-date software, as well as identify signatures of a compromised WordPress website.

Sucuri lists the benefits of its free plugin:

  • Security Activity Auditing.
  • File Integrity Monitoring.
  • Remote Malware Scanning.
  • Blocklist Monitoring.
  • Effective Security Hardening.
  • Post-Hack Security Actions.
  • Security Notifications.

2. User-Generated Content Spam

There are multiple strategies employed by spammers to get their links onto websites, forums, and even on Facebook groups.

Blatant Promotion on Guest Posts, Comments, and Forums

There are multiple forms of user-generated content spam, but one of the most obvious ones is the Win-Win spam technique.

The way this method works is this: a spammer will submit a useful guest post to a website, add a useful post to a forum or Facebook group, or add a comment to a blog.

The spam part of this kind of technique is that they refer users back to their website for a more in-depth answer or they cite their site within the article.

Google frowns on using guest posts for link building. John Mueller is on record stating that guest posting for links results in unnatural links.

Marketers call that a win-win because they say they’re adding a quality link where readers can get an answer.

But one should be very careful to not allow outbound links to any site that uses these tactics to build links.

These kinds of user-generated link building tactics are generally used to promote low-quality websites. Publishers should in general be highly skeptical of publishing guest posts from any unknown individuals.

The way to protect yourself from this kind of spam is to simply ignore unsolicited emails from individuals who are unknown to you.

There’s nothing wrong with guest posting, but when it is done as part of a link building tactic then it crosses the line.

At the very least, if you’re going to publish a guest post, be sure to put a nofollow link attribute on all outgoing links and never give publishing credentials to anyone you do not know well and trust.

Tools To Use To Spot Bad Links

Screaming Frog

Screaming Frog is a downloadable software program that crawls a website and extracts a variety of useful information.

It is an excellent tool for crawling a website and identifying all outbound links.

Using the tool one can inspect all outbound links on a website and verify if the link is one that you feel comfortable with and whether or not it has a nofollow attribute.

There is a free version that has a limit of 500 URLs and a reasonably priced premium version that will provide countless hours of SEO data to investigate.

Crawling Tip: Whichever version of Screaming Frog that you use, be sure to set the User Agent to emulate Googlebot. Sometimes hidden links (from hacked sites) are hidden to everyone except to Googlebot.

WP External Links Plugin

The WP External Links plugin was produced by the popular Web Factory plugin and theme developer that has been developing free and paid plugins for over 10 years.

Their relatively new external links WordPress plugin was published in June 2021 and was quickly embraced by over 100,000 WordPress publishers.

The WP External Links plugin will check all outbound links and produce a report of where they link to, if there is a nofollow on it, and provides the ability to add different kinds of nofollow link attributes to various links, like the specialized UGC nofollow link attribute.

This is a useful plugin for auditing all external links.

3. Sneaky Links

Some spammers operate with the assumption that new members are under scrutiny. So, their approach is to hide their links in order to keep the links from being removed.

Here are a few techniques used by sneaky link spammers.

Links Hidden In A Quote

This kind of spam can be hard to notice. What the spammer does is quote a previous post by a member in good standing and then answer that member with a link-free post.

However, what they are doing is altering the quoted post and adding a link to it so that it looks like the trusted member added the link.

A moderator will look at the post and overlook the link in the quoted post, see that the new member didn’t spam, and allow the link to remain since the link was embedded in the post quoted by a trusted member.

Link Hidden In A Punctuation Mark

Some spammers will post a huge comment and somewhere inside that post they will bury a link to the site they’re promoting within a punctuation mark or in one letter.

Link Hidden By Matching Text To Page Color

This technique is literally hiding a link, and it happens on user-generated content posts where the members can change the font colors.

So, if the page background is white, they will add style codes to their post to make the spam link white.

How To Protect Against Sneaky Links

Aksimet Antispam

Akismet Antispam is known as a WordPress spam management plugin.

However, Akismet can also be used for other content management systems, too.

In addition to WordPress, Akismet can protect sites built on:

  • Joomla.
  • Drupal.
  • Perch.
  • Mediawiki.
  • Moodle.
  • phpBB.
  • SMF.
  • VBulletin.
  • Discourse.
  • Elixir.
  • Piwigo.

Akismet can be used to block spam user signups, protect email forms, as well as to block spam from comments. The Akismet module for Wikimedia can block spam edits to sites built with the Wikimedia CMS.

Cloudflare Web Application Firewall

The Pro, Business, and Enterprise levels of Cloudflare feature a web application firewall (WAF) that protects websites from many of the top intrusion techniques.

Cloudflare’s WAF will protect a site from a variety of attacks that can lead to a full site takeover where a malicious hacker can add hidden links throughout a website.

Use Better Security Challenge Questions

A popular built-in option for stopping spam links is security challenge questions.

One issue is that many spambots are able to answer most questions. The trick to a successful security challenge question is to craft questions that cannot be answered by Google or Bing.

Math questions like what is 1 + 1 are easily defeated.

Similarly, questions like who is the president of the United States are also easily defeated.

Think of questions that can’t be Googled for an answer.

For example, ask new registrations to spell a word but to spell it with the last letter capitalized. Use questions with a twist to fool automated spam software.

As long as it can’t be answered by Google then it’s likely to be impossible for a bot to defeat. The key is for the question to not be answerable by Google.

All Sites Are Under Attack

The bigger a site is, the harder it is to spot spam and the easier it is to hide it.

But even small sites are under heavy probing and attack at virtually any moment of the day.

It’s important to set up defenses to block spammers before they have a chance to hide their links on your webpages and quite possibly ruin your rankings.

It’s also important to be aware of the sneaky ways spammers try to add hidden links to a website.

Lastly, it is always a good idea to automatically apply the rel=nofollow link attribute to all user-generated content links which will signal to search engines that those links are not trustworthy and should not be considered.

That way, in the event a spam link does get in through user-generated content, the link itself will not be able to poison your rankings.

More Resources:

Featured Image: Khosro/Shutterstock

Source link


What Businesses Need To Know



What Businesses Need To Know

Google has announced that Google Optimize and Optimize 360 will no longer be available after September 30. All experiments will continue to run until that date.

Google launched Optimize over five years ago to help businesses test and improve their user experiences.

Many companies have widely used the tool to optimize their website, landing pages, and other online properties.

While the discontinuation of Google Optimize and Optimize 360 may disappoint, Google says it’s committed to providing a new solution in GA4.

Users are encouraged to download their data before it becomes unavailable at the end of September.

Google Optimize will go down in marketing history as a short-lived but beloved tool. Businesses that rely on it for their experimentation needs will have to find a new solution.

The History Of Google Optimize

Avid users of Google Optimize may be interested in this story from Krista Seiden, a former employee on the team since its early days.

In a 20-part Twitter thread, Seiden recounts her time on the Google Optimize team and describes how the tool came to be.

She says the idea for Google Optimize came after finding that content experiments in Google Analytics couldn’t scale to her team’s needs.

That’s when they decided to build their own server-side A/B testing solution, which eventually became Google Optimize.

Seiden stayed on the Optimize core team until she left Google in early 2019.

During her time on the team, she made dozens of educational videos and how-to’s for Google Optimize and consulted on many of its features.

Seiden’s story, worth reading in full, shows that Google Optimize was not only a valuable tool but also had a passionate team behind it.

When Google Optimize ends its service on September 30, it will leave a significant gap in the market for affordable and beginner-friendly A/B testing options.

According to Seiden, Google plans to expand A/B testing capabilities in GA4. However, it’s unlikely that the features will be available by September 30.

Lastly, she adds that Google is working on integrating with other A/B testing partners, which means that businesses who are using a third-party tool may be able to transfer their testing data to GA4.

Comment From Search Engine Journal’s Director Of Marketing

Heather Campbell, Search Engine Journal’s Director of Marketing, gives her take on the sunsetting of Google Optimize and what it means for others in the field:

I’m not surprised this day has come. It was only a matter of time before Optimize / 360 would no longer function since Google is sunsetting Universal Analytics in July.

Google is investing in GA4 and wants you to do the same.

It’s still frustrating when Google moves our marketing cheese, but don’t lose hope. This could be your opportunity to find a platform better suited to your needs.

What does this mean for now?

It would be best if you started researching alternatives. And there’s plenty out there. The first place to start, though, is with GA4.

Hopefully, you’ve already started implementing GA4, as that’s where the next iteration of Optimize will live. And if you haven’t, you should probably stop reading this and get started.

Make sure you pull down any data from past campaigns. You can still run campaigns thru September 30, but if you rely on testing and personalization (like any good marketer does), you may need a backup.

Source: Google

Featured Image: Aa Amie/Shutterstock

Source link

Continue Reading


“Every App Is Going To Be An AI App”



"Every App Is Going To Be An AI App"

During a recent earnings call with shareholders, the CEO of Microsoft, Satya Nadella, stated that artificial intelligence would eventually be included in all of the company’s applications.

After discussing Microsoft’s financial performance for the last quarter, Nadella answered questions about AI and its expected integration into more products.

Given Microsoft’s commitment to expanding its partnership with OpenAI, it makes sense that shareholders would have questions about when Microsoft plans to use the technology it’s investing in.

Although Nadella wasn’t willing to give a specific date, he stated that AI would be integrated into all of Microsoft’s applications in the future.

In this article, we’ll take a closer look at Nadella’s statements regarding AI and briefly summarize the relevant highlights from Microsoft’s earnings report.

Nadella Says Every Microsoft App Will Be An AI App

Tyler Radke, the Lead Analyst at Citi, asked Nadella about the extent to which AI will be employed throughout Microsoft Azure, which is the cloud computing platform that runs its applications.

This was Nadella’s response:

“I think it’s too early to sort of start somehow separating out AI from the rest of the workload. I mean, even the workloads themselves, AI is just going to be a core part of a workload in Azure versus just AI alone. In other words, if you have an application that’s using a bunch of inference, let’s say, it’s also going to have a bunch of storage, and it’s going to have a bunch of other compute beyond GPU inferencing, if you will. I think over time, obviously, I think every app is going to be an AI app. That’s, I think, the best way to think about this transformation.”

Nadella is saying it’s too early to separate AI into its own category because it’s becoming a core part of all products.

He believes AI will be integrated into all apps over time and will also be integrated with storage and other forms of computing beyond just GPU inferencing.

In response to a question from Keith Weiss of Morgan Stanley, Nadella expressed a similar sentiment, saying investors should expect AI to be included in everything.

“I think the way for our investors to see this is we fundamentally believe that the next big platform wave, as I said, is going to be AI. And we strongly also believe a lot of the enterprise value gets created by just being able to catch these waves, and then have those waves impact every part of our tech stack, and also create new solutions and new opportunities…

And so, we fully expect us to sort of incorporate AI in every layer of the stack, whether it’s in productivity, whether it’s in our consumer services.”

Other Highlights From Microsoft’s Earnings Call

Microsoft announced that in the last quarter of 2022, it made $52.7 billion in revenue, which is 2% more than the year before.

However, the company’s profit is down due to decreases in operating income, net income, and earnings per share.

Advertising spending declined slightly more than expected, impacting search and news advertising and LinkedIn Marketing Solutions.

One of the most notable highlights is the increase in LinkedIn revenue by 10%. This indicates the professional networking platform is performing well and that businesses can feel confident investing their time in it.

Another highlight from the report is the increase in revenue for server products and cloud services by 20%. This growth was driven by the revenue of Azure and other cloud services, which increased by 31%.

This indicates that Microsoft’s cloud services are becoming increasingly popular in the market, which bodes well for the future of the company’s partnership with OpenAI.

Despite a slight decrease in profit, the company’s overall financial performance remains strong.

Source: Microsoft

Featured Image: ThomasAFink/Shutterstock

Source link

Continue Reading


Tips For Optimizing Product Pages



Tips For Optimizing Product Pages

Google Search supports a variety of shopping experiences, known as merchant listing experiences, in its search results. These include product snippets, popular products, shopping knowledge panels, and image search.

To be eligible for these experiences, Google requires rich product data.

In the latest installment of Google’s Ecommerce Essentials series on YouTube, Developer Advocate Alan Kent shares tips to optimize your product information to become eligible for those experiences.

Here’s a summary of the information shared in Google’s video.

Providing Product Data

The first step in making your product pages eligible for Google’s merchant listing experiences is to provide the required product data.

This can be done through structured data on webpages, through a Google Merchant feed, or both. Google recommends doing both if possible.

If you’re just getting started, you may want to add structured data to your webpages and then add a Google Merchant auto-feed. This feed is created from your on-page content and will help Google better understand your products.

After adding the structured data, use the merchant listing report in the Google Search Console to ensure it’s correct. This report will show any issues and help you fix them.

Providing Pricing Data

Providing product pricing data to Google can be complex because the search engine supports an increasing range of options.

The first step is to review the pricing options used on your website and then read through the Google documentation on pricing models to see what’s supported.

Once you know what pricing your site uses and what Google supports, you may need to simplify the pricing data you provide to Google to avoid confusion for shoppers.

Shipping information is a crucial component in determining the total cost of an item and an essential factor in search results.

Determining shipping costs can be complicated, as it depends on various factors such as carrier used, total order weight and dimensions, shipping distance, and more.

It’s important to note that, like pricing, you may need to simplify the shipping information you provide to match what Google supports.

Google says it’s safer to over-estimate shipping costs to avoid surprising customers at checkout with higher-than-expected charges.

Providing Product Identifiers

Eligibility to many merchant listing experiences requires you to provide product identifiers, such as a GTIN number, an NPN number, or a brand and product name.

The more you can provide, the better, Google says.

A SKU, or stock-keeping unit, isn’t an acceptable product identifier as it’s inconsistent across merchants.

Inspect your structured data markup to see whether GTIN or similar product identifiers are on your web pages.

Also, check the Merchant Center report in Google Search Console for warnings or error messages related to product identifiers.

In Summary

Google’s merchant listing experiences in search results allow businesses to increase their visibility and drive sales.

To be eligible for these experiences, businesses must provide rich product data to Google, which includes structured data on webpages, a Google Merchant Center feed, and product pricing and shipping information.

Additionally, providing product identifiers such as GTIN, NPN, brand, and product name is crucial to becoming eligible for merchant listing experiences.

By following these tips and using the merchant listing report in the Google Search Console to ensure accuracy, businesses can optimize their product information and increase their chances of being featured in Google’s search results.

Featured Image: Screenshot from, January 2023.

Source link

Continue Reading