Connect with us


3 Ways To Find Hidden Spam Links & Text On A Webpage



3 Ways To Find Hidden Spam Links & Text On A Webpage

Every website on the Internet, no matter how small or large, is under some form of attack by a user-generated content spammer or a spambot.

Increasingly, many of the attacks are focused on hiding links because links are a high-value commodity, fetching hundreds of dollars each. The following solutions will help stop these attacks and keep your site safe from hidden links.

According to internet security company Barracuda, nearly 40% of all internet traffic is generated by bad bots.

If those bad bots are successful, the negative impact they can negatively impact the search visibility of a website through hidden links placed to malware and spam.

Many in the SEO community don’t think of website security as an SEO issue.

Consequently, many SEOs working in agencies and in-house don’t make security scanning a priority because it’s not traditionally thought of as part of SEO.

But security quickly becomes an SEO priority the moment a site loses ranking. So, it’s best to be proactive and not reactive.


The best SEO integrates security into their process, even if it’s to make sure that the developer team is keeping on top of it.

Here are three ways hidden links make it onto a site and the ways to keep it from happening.

1. Old And Out-Of-Date Plugins And Themes

SEO spammers purchase popular plugins and themes that have been abandoned or are not regularly updated.

The commerce in links is lucrative so it makes financial sense to purchase semi-abandoned themes and plugins in order to add backdoor access for the purpose of adding spam links to the sites.

WordFence published an article about plugin spammers a few years ago that detailed how the spammers paid $15,000 for just one plugin.

While that sounds like a decent amount of money it has to be put into context that links can be sold for $500 each.

So, gaining access to 20,000 sites through a single plugin creates a huge opportunity to illicitly sell scores of links on every site that uses that one plugin.

In that scenario, a spammer only needs to sell 30 links to recoup their investment, and the rest is pure profit.


The attack documented by WordFence describes that after the purchase of the plugin, the new owners updated the plugin to gain access to over 200,000 websites that used the plugin.

WordFence reported:

“On June 21st, the first release of Display Widgets under the new author went out. Then on June 30th there was a second release, version 2.6.1, which included the malicious code… this code allowed the new plugin author… to publish spam content on any site running Display Widgets.

There were approximately 200,000 sites using Display Widgets at the time.”

How To Protect Yourself From Plugin And Theme Spam

Always conduct an audit of plugins and themes that are used on a site. Make sure that the plugin is regularly updated and has not been abandoned.

If the plugin or theme appears to have been abandoned then the safest course of action is to seek out another plugin that is still being actively updated and improved.

Additionally, many plugins need to be updated because the WordPress core, PHP (the software that WordPress runs on), and many popular JavaScript libraries that power themes and plugins are all constantly updated, which means that plugins and themes also need to be updated in order to preserve their functionality.

Most plugins are constantly evolving and improving their usefulness. It’s normal for plugins and themes to be regularly updated, so it can be a warning signal if a plugin has stopped being updated.

The most obvious way to protect yourself from becoming a victim to plugin and theme spam is to audit your themes and plugins at least once a year (twice a year is even better).


Check each plugin and your theme to see when was the last time it was updated.

I know this might sound harsh but another warning sign to look out for is if a theme or plugin isn’t particularly popular. A lack of popularity can sometimes mean that there’s a better software product out there that most people use.

Take some time to investigate if there are better options out there.

Tools To Use To Protect Against WordPress Plugin Spam


Wordfence is a leading security plugin.

One of the main differences between the free and the premium versions is that the premium version is constantly updated for new threats as they happen. The free version is updated for new threats every 30 days.

Both Wordfence free and premium are effective tools to protect against out-of-date or otherwise vulnerable plugins.

Wordfence features a security scanner that helps keep your WordPress site protected.


Wordfence describes the benefits of its security scanner:

“The security scanner included with Wordfence free alerts you when your site is running vulnerable or outdated plugins, themes, or core files.

Additionally, our scanner compares your core files, themes, and plugins with known clean versions in the repository, checking their integrity and allowing you to repair files that have changed by reverting them to a pristine, original version.

The Wordfence scanner also scans file contents for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections, and allows you to delete malicious files.”

Sucuri Security

Another excellent WordPress security plugin is Sucuri.

Sucuri has a malware scanner that can identify out-of-date software, as well as identify signatures of a compromised WordPress website.

Sucuri lists the benefits of its free plugin:

  • Security Activity Auditing.
  • File Integrity Monitoring.
  • Remote Malware Scanning.
  • Blocklist Monitoring.
  • Effective Security Hardening.
  • Post-Hack Security Actions.
  • Security Notifications.

2. User-Generated Content Spam

There are multiple strategies employed by spammers to get their links onto websites, forums, and even on Facebook groups.

Blatant Promotion on Guest Posts, Comments, and Forums

There are multiple forms of user-generated content spam, but one of the most obvious ones is the Win-Win spam technique.


The way this method works is this: a spammer will submit a useful guest post to a website, add a useful post to a forum or Facebook group, or add a comment to a blog.

The spam part of this kind of technique is that they refer users back to their website for a more in-depth answer or they cite their site within the article.

Google frowns on using guest posts for link building. John Mueller is on record stating that guest posting for links results in unnatural links.

Marketers call that a win-win because they say they’re adding a quality link where readers can get an answer.

But one should be very careful to not allow outbound links to any site that uses these tactics to build links.

These kinds of user-generated link building tactics are generally used to promote low-quality websites. Publishers should in general be highly skeptical of publishing guest posts from any unknown individuals.

The way to protect yourself from this kind of spam is to simply ignore unsolicited emails from individuals who are unknown to you.

There’s nothing wrong with guest posting, but when it is done as part of a link building tactic then it crosses the line.


At the very least, if you’re going to publish a guest post, be sure to put a nofollow link attribute on all outgoing links and never give publishing credentials to anyone you do not know well and trust.

Tools To Use To Spot Bad Links

Screaming Frog

Screaming Frog is a downloadable software program that crawls a website and extracts a variety of useful information.

It is an excellent tool for crawling a website and identifying all outbound links.

Using the tool one can inspect all outbound links on a website and verify if the link is one that you feel comfortable with and whether or not it has a nofollow attribute.

There is a free version that has a limit of 500 URLs and a reasonably priced premium version that will provide countless hours of SEO data to investigate.

Crawling Tip: Whichever version of Screaming Frog that you use, be sure to set the User Agent to emulate Googlebot. Sometimes hidden links (from hacked sites) are hidden to everyone except to Googlebot.

WP External Links Plugin


The WP External Links plugin was produced by the popular Web Factory plugin and theme developer that has been developing free and paid plugins for over 10 years.

Their relatively new external links WordPress plugin was published in June 2021 and was quickly embraced by over 100,000 WordPress publishers.

The WP External Links plugin will check all outbound links and produce a report of where they link to, if there is a nofollow on it, and provides the ability to add different kinds of nofollow link attributes to various links, like the specialized UGC nofollow link attribute.

This is a useful plugin for auditing all external links.

3. Sneaky Links

Some spammers operate with the assumption that new members are under scrutiny. So, their approach is to hide their links in order to keep the links from being removed.

Here are a few techniques used by sneaky link spammers.

Links Hidden In A Quote

This kind of spam can be hard to notice. What the spammer does is quote a previous post by a member in good standing and then answer that member with a link-free post.

However, what they are doing is altering the quoted post and adding a link to it so that it looks like the trusted member added the link.


A moderator will look at the post and overlook the link in the quoted post, see that the new member didn’t spam, and allow the link to remain since the link was embedded in the post quoted by a trusted member.

Link Hidden In A Punctuation Mark

Some spammers will post a huge comment and somewhere inside that post they will bury a link to the site they’re promoting within a punctuation mark or in one letter.

Link Hidden By Matching Text To Page Color

This technique is literally hiding a link, and it happens on user-generated content posts where the members can change the font colors.

So, if the page background is white, they will add style codes to their post to make the spam link white.

How To Protect Against Sneaky Links

Aksimet Antispam

Akismet Antispam is known as a WordPress spam management plugin.

However, Akismet can also be used for other content management systems, too.

In addition to WordPress, Akismet can protect sites built on:

  • Joomla.
  • Drupal.
  • Perch.
  • Mediawiki.
  • Moodle.
  • phpBB.
  • SMF.
  • VBulletin.
  • Discourse.
  • Elixir.
  • Piwigo.

Akismet can be used to block spam user signups, protect email forms, as well as to block spam from comments. The Akismet module for Wikimedia can block spam edits to sites built with the Wikimedia CMS.

Cloudflare Web Application Firewall

The Pro, Business, and Enterprise levels of Cloudflare feature a web application firewall (WAF) that protects websites from many of the top intrusion techniques.

Cloudflare’s WAF will protect a site from a variety of attacks that can lead to a full site takeover where a malicious hacker can add hidden links throughout a website.

Use Better Security Challenge Questions

A popular built-in option for stopping spam links is security challenge questions.

One issue is that many spambots are able to answer most questions. The trick to a successful security challenge question is to craft questions that cannot be answered by Google or Bing.

Math questions like what is 1 + 1 are easily defeated.

Similarly, questions like who is the president of the United States are also easily defeated.

Think of questions that can’t be Googled for an answer.


For example, ask new registrations to spell a word but to spell it with the last letter capitalized. Use questions with a twist to fool automated spam software.

As long as it can’t be answered by Google then it’s likely to be impossible for a bot to defeat. The key is for the question to not be answerable by Google.

All Sites Are Under Attack

The bigger a site is, the harder it is to spot spam and the easier it is to hide it.

But even small sites are under heavy probing and attack at virtually any moment of the day.

It’s important to set up defenses to block spammers before they have a chance to hide their links on your webpages and quite possibly ruin your rankings.

It’s also important to be aware of the sneaky ways spammers try to add hidden links to a website.

Lastly, it is always a good idea to automatically apply the rel=nofollow link attribute to all user-generated content links which will signal to search engines that those links are not trustworthy and should not be considered.

That way, in the event a spam link does get in through user-generated content, the link itself will not be able to poison your rankings.


More Resources:

Featured Image: Khosro/Shutterstock

Source link


Fact Checking: Get Your Facts Right



Fact Checking: Get Your Facts Right

In the last decade or so, the concept of “fake news” has become a major thorn in the side of consumers and content writers alike.

Digital marketing experts who write SEO content at the enterprise level might not consider themselves journalists or news reporters – but there’s a greater overlap between the roles than many people realize.

Like journos, enterprise SEO content writers need to earn the trust of their audience by demonstrating authority, relevance, and experience.

And while you might think that, as a content marketing specialist, the only person you’re serving is your client or employer, the truth is that good SEO content provides just as much service to consumers.

You’re not just advertising to people; you’re helping them find answers, information, and solutions to their problems.

That’s why, for SEO content writers, getting the facts right is crucial.

“Fake news” has eroded a lot of people’s trust in media. Online content, in particular, is always fighting an uphill battle due to the oversaturation of the digital space – and the sheer amount of misinformation that finds its way into blogs and social media sites with little quality control.


Today, fact-checking is arguably more important than ever before.

One little mistake is all it takes to lose a consumer’s trust forever.

But what does it mean to get your facts right? Is it just ensuring every name is spelled correctly, and every claim has an attributed source?

Both of these things are an important part of SEO fact-checking, but they’re only a small piece of a large puzzle.

Enterprise SEO Fact Checking Best Practices

Fun fact: Even when consumers don’t know you’re lying, Google does.

Web pages with deceptive, inaccurate, or poorly vetted content are penalized and less likely to appear in search results.

Want to avoid the wrath of the almighty algorithm? Here’s what you need to do:

Get The Basics Right

A few paragraphs back, I mentioned that fact-checking isn’t limited to correctly writing people’s names, ages, positions, and pronouns.


Nevertheless, getting the basics right is still important. If you can’t do at least that much, then you won’t be prepared to do more in-depth fact-checking.

It’s especially important to get this information right when you’re quoting multiple people.

Not only do you need to attribute quotes and ideas to the proper sources, but you also have to make sure the information they shared with you is accurately reproduced.

Double Check Everything

If you get a quote from someone that says the sky is blue, go outside and look up, just to be sure.

Okay, that might be an exaggerated example – but you get the point.

Double and triple-check everything.

If you find a useful quote or statistic online, track down the original source. See if you can find other reliable web pages with the same information.

Don’t be afraid to do a little research yourself. Crunch the numbers and try to find corroborating evidence.


Never take anything at face value.

Go To The Source

Speaking of tracking down the sources of stats and quotes: That’s a cornerstone of fact-checking so important, it merits expanding on now.

Have you ever had a teacher or professor tell you, in no uncertain terms, never to use Wikipedia as a source?

Well, that’s just as true when writing enterprise-level SEO content. Wikipedia might be useful in pointing you toward helpful sources, but it shouldn’t be your primary text.

Nor should any second-hand source. If another web page states something as a fact, confirm where it got that fact.

If it’s a disreputable source and you parrot it, then you become a disreputable source, too.

Understand The Information

Content writing – especially at the enterprise level and especially in an agency (rather than in-house PR team) context – often requires authors to cover many different areas of expertise in many different industries.

It can be tempting to regurgitate and plagiarize information that already exists, but if you do that, you won’t be able to offer any meaningful insights.


You have to understand the information you’re relaying.

That will help you spot contradictions and factual errors and demonstrate genuine authority.

Is AI Automation The Future Of Fact Checking?

Enterprise-level content fact-checking requires a lot of time and effort, but cutting corners is a recipe for disaster.

Fortunately, just as it has with many other aspects of SEO, AI automation may soon be able to simplify the process.

U.K.-based independent fact-checking organization, Full Fact, has been leading the charge in recent years to develop scalable, automated fact-checking tools.

Full Fact’s efforts have already garnered the attention of the biggest names in search engine technology.

In 2019, the non-profit organization was one of the winners of the 2019 Google AI Impact Challenge, which provides funding for potentially revolutionary automation research projects.

Full Fact’s stated goal is to develop AI software capable of breaking down long content pieces into individual sentences, then identifying the types of claims those sentences represent, before finally cross-referencing those claims in real-time with the most up-to-date factual news data.


Though Full Fact is still years away from achieving its goal, the benefits of such a breakthrough for SEO content writing are self-evident.

That said, you don’t have to wait for the future to use AI automation and other software tools to help you fact-check.

For example, the Grammarly Plagiarism Checker not only identifies duplicate content taken from another source but also highlights portions of text requiring attribution.

Commonly used enterprise SEO tools like Semrush, Ahrefs, and Moz, meanwhile, can be used to investigate a domain’s authority, helping you decide which sources are considered reputable.

Fact-checking in today’s oversaturated news and information marketplace can be intimidating at first glance. But the number of resources available to content writers is growing by leaps and bounds every day.

Making full use of these resources better enables you to win consumer trust in an age when that kind of trust is a very delicate, precious, and valuable commodity.

More resources:

Featured Image: redgreystock/Shutterstock


fbq('trackSingle', '1321385257908563', 'ViewContent', { content_name: 'fact-checking-get-your-facts-right', content_category: 'creation' }); } });

Source link

Continue Reading

Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address