Connect with us


3 Ways To Find Hidden Spam Links & Text On A Webpage



3 Ways To Find Hidden Spam Links & Text On A Webpage

Every website on the Internet, no matter how small or large, is under some form of attack by a user-generated content spammer or a spambot.

Increasingly, many of the attacks are focused on hiding links because links are a high-value commodity, fetching hundreds of dollars each. The following solutions will help stop these attacks and keep your site safe from hidden links.

According to internet security company Barracuda, nearly 40% of all internet traffic is generated by bad bots.

If those bad bots are successful, the negative impact they can negatively impact the search visibility of a website through hidden links placed to malware and spam.

Many in the SEO community don’t think of website security as an SEO issue.

Consequently, many SEOs working in agencies and in-house don’t make security scanning a priority because it’s not traditionally thought of as part of SEO.

But security quickly becomes an SEO priority the moment a site loses ranking. So, it’s best to be proactive and not reactive.


The best SEO integrates security into their process, even if it’s to make sure that the developer team is keeping on top of it.

Here are three ways hidden links make it onto a site and the ways to keep it from happening.

1. Old And Out-Of-Date Plugins And Themes

SEO spammers purchase popular plugins and themes that have been abandoned or are not regularly updated.

The commerce in links is lucrative so it makes financial sense to purchase semi-abandoned themes and plugins in order to add backdoor access for the purpose of adding spam links to the sites.

WordFence published an article about plugin spammers a few years ago that detailed how the spammers paid $15,000 for just one plugin.

While that sounds like a decent amount of money it has to be put into context that links can be sold for $500 each.

So, gaining access to 20,000 sites through a single plugin creates a huge opportunity to illicitly sell scores of links on every site that uses that one plugin.

In that scenario, a spammer only needs to sell 30 links to recoup their investment, and the rest is pure profit.


The attack documented by WordFence describes that after the purchase of the plugin, the new owners updated the plugin to gain access to over 200,000 websites that used the plugin.

WordFence reported:

“On June 21st, the first release of Display Widgets under the new author went out. Then on June 30th there was a second release, version 2.6.1, which included the malicious code… this code allowed the new plugin author… to publish spam content on any site running Display Widgets.

There were approximately 200,000 sites using Display Widgets at the time.”

How To Protect Yourself From Plugin And Theme Spam

Always conduct an audit of plugins and themes that are used on a site. Make sure that the plugin is regularly updated and has not been abandoned.

If the plugin or theme appears to have been abandoned then the safest course of action is to seek out another plugin that is still being actively updated and improved.

Additionally, many plugins need to be updated because the WordPress core, PHP (the software that WordPress runs on), and many popular JavaScript libraries that power themes and plugins are all constantly updated, which means that plugins and themes also need to be updated in order to preserve their functionality.

Most plugins are constantly evolving and improving their usefulness. It’s normal for plugins and themes to be regularly updated, so it can be a warning signal if a plugin has stopped being updated.

The most obvious way to protect yourself from becoming a victim to plugin and theme spam is to audit your themes and plugins at least once a year (twice a year is even better).


Check each plugin and your theme to see when was the last time it was updated.

I know this might sound harsh but another warning sign to look out for is if a theme or plugin isn’t particularly popular. A lack of popularity can sometimes mean that there’s a better software product out there that most people use.

Take some time to investigate if there are better options out there.

Tools To Use To Protect Against WordPress Plugin Spam


Wordfence is a leading security plugin.

One of the main differences between the free and the premium versions is that the premium version is constantly updated for new threats as they happen. The free version is updated for new threats every 30 days.

Both Wordfence free and premium are effective tools to protect against out-of-date or otherwise vulnerable plugins.

Wordfence features a security scanner that helps keep your WordPress site protected.


Wordfence describes the benefits of its security scanner:

“The security scanner included with Wordfence free alerts you when your site is running vulnerable or outdated plugins, themes, or core files.

Additionally, our scanner compares your core files, themes, and plugins with known clean versions in the repository, checking their integrity and allowing you to repair files that have changed by reverting them to a pristine, original version.

The Wordfence scanner also scans file contents for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections, and allows you to delete malicious files.”

Sucuri Security

Another excellent WordPress security plugin is Sucuri.

Sucuri has a malware scanner that can identify out-of-date software, as well as identify signatures of a compromised WordPress website.

Sucuri lists the benefits of its free plugin:

  • Security Activity Auditing.
  • File Integrity Monitoring.
  • Remote Malware Scanning.
  • Blocklist Monitoring.
  • Effective Security Hardening.
  • Post-Hack Security Actions.
  • Security Notifications.

2. User-Generated Content Spam

There are multiple strategies employed by spammers to get their links onto websites, forums, and even on Facebook groups.

Blatant Promotion on Guest Posts, Comments, and Forums

There are multiple forms of user-generated content spam, but one of the most obvious ones is the Win-Win spam technique.


The way this method works is this: a spammer will submit a useful guest post to a website, add a useful post to a forum or Facebook group, or add a comment to a blog.

The spam part of this kind of technique is that they refer users back to their website for a more in-depth answer or they cite their site within the article.

Google frowns on using guest posts for link building. John Mueller is on record stating that guest posting for links results in unnatural links.

Marketers call that a win-win because they say they’re adding a quality link where readers can get an answer.

But one should be very careful to not allow outbound links to any site that uses these tactics to build links.

These kinds of user-generated link building tactics are generally used to promote low-quality websites. Publishers should in general be highly skeptical of publishing guest posts from any unknown individuals.

The way to protect yourself from this kind of spam is to simply ignore unsolicited emails from individuals who are unknown to you.

There’s nothing wrong with guest posting, but when it is done as part of a link building tactic then it crosses the line.


At the very least, if you’re going to publish a guest post, be sure to put a nofollow link attribute on all outgoing links and never give publishing credentials to anyone you do not know well and trust.

Tools To Use To Spot Bad Links

Screaming Frog

Screaming Frog is a downloadable software program that crawls a website and extracts a variety of useful information.

It is an excellent tool for crawling a website and identifying all outbound links.

Using the tool one can inspect all outbound links on a website and verify if the link is one that you feel comfortable with and whether or not it has a nofollow attribute.

There is a free version that has a limit of 500 URLs and a reasonably priced premium version that will provide countless hours of SEO data to investigate.

Crawling Tip: Whichever version of Screaming Frog that you use, be sure to set the User Agent to emulate Googlebot. Sometimes hidden links (from hacked sites) are hidden to everyone except to Googlebot.

WP External Links Plugin


The WP External Links plugin was produced by the popular Web Factory plugin and theme developer that has been developing free and paid plugins for over 10 years.

Their relatively new external links WordPress plugin was published in June 2021 and was quickly embraced by over 100,000 WordPress publishers.

The WP External Links plugin will check all outbound links and produce a report of where they link to, if there is a nofollow on it, and provides the ability to add different kinds of nofollow link attributes to various links, like the specialized UGC nofollow link attribute.

This is a useful plugin for auditing all external links.

3. Sneaky Links

Some spammers operate with the assumption that new members are under scrutiny. So, their approach is to hide their links in order to keep the links from being removed.

Here are a few techniques used by sneaky link spammers.

Links Hidden In A Quote

This kind of spam can be hard to notice. What the spammer does is quote a previous post by a member in good standing and then answer that member with a link-free post.

However, what they are doing is altering the quoted post and adding a link to it so that it looks like the trusted member added the link.


A moderator will look at the post and overlook the link in the quoted post, see that the new member didn’t spam, and allow the link to remain since the link was embedded in the post quoted by a trusted member.

Link Hidden In A Punctuation Mark

Some spammers will post a huge comment and somewhere inside that post they will bury a link to the site they’re promoting within a punctuation mark or in one letter.

Link Hidden By Matching Text To Page Color

This technique is literally hiding a link, and it happens on user-generated content posts where the members can change the font colors.

So, if the page background is white, they will add style codes to their post to make the spam link white.

How To Protect Against Sneaky Links

Aksimet Antispam

Akismet Antispam is known as a WordPress spam management plugin.

However, Akismet can also be used for other content management systems, too.

In addition to WordPress, Akismet can protect sites built on:

  • Joomla.
  • Drupal.
  • Perch.
  • Mediawiki.
  • Moodle.
  • phpBB.
  • SMF.
  • VBulletin.
  • Discourse.
  • Elixir.
  • Piwigo.

Akismet can be used to block spam user signups, protect email forms, as well as to block spam from comments. The Akismet module for Wikimedia can block spam edits to sites built with the Wikimedia CMS.

Cloudflare Web Application Firewall

The Pro, Business, and Enterprise levels of Cloudflare feature a web application firewall (WAF) that protects websites from many of the top intrusion techniques.

Cloudflare’s WAF will protect a site from a variety of attacks that can lead to a full site takeover where a malicious hacker can add hidden links throughout a website.

Use Better Security Challenge Questions

A popular built-in option for stopping spam links is security challenge questions.

One issue is that many spambots are able to answer most questions. The trick to a successful security challenge question is to craft questions that cannot be answered by Google or Bing.

Math questions like what is 1 + 1 are easily defeated.

Similarly, questions like who is the president of the United States are also easily defeated.

Think of questions that can’t be Googled for an answer.


For example, ask new registrations to spell a word but to spell it with the last letter capitalized. Use questions with a twist to fool automated spam software.

As long as it can’t be answered by Google then it’s likely to be impossible for a bot to defeat. The key is for the question to not be answerable by Google.

All Sites Are Under Attack

The bigger a site is, the harder it is to spot spam and the easier it is to hide it.

But even small sites are under heavy probing and attack at virtually any moment of the day.

It’s important to set up defenses to block spammers before they have a chance to hide their links on your webpages and quite possibly ruin your rankings.

It’s also important to be aware of the sneaky ways spammers try to add hidden links to a website.

Lastly, it is always a good idea to automatically apply the rel=nofollow link attribute to all user-generated content links which will signal to search engines that those links are not trustworthy and should not be considered.

That way, in the event a spam link does get in through user-generated content, the link itself will not be able to poison your rankings.


More Resources:

Featured Image: Khosro/Shutterstock

Source link

See also  Google Removed 7 Million Fake Business Profiles In 2021


SEO Legend, Mentor & Friend



SEO Legend, Mentor & Friend

The SEO industry will be forever changed with the loss of Bill Slawski, owner of SEO By The Sea, Director of Search at Go Fish Digital, educator, mentor, and friend.

Bill was a great many things to a lot of people. He has been a contributor here at Search Engine Journal since 2019, and a friend and mentor to many of us for decades more.

It’s not often you can say that someone has influenced and shaped an entire industry. But this is one of those times.

On May 19, 2022, the SEO industry learned that Bill Slawski had passed away.

The loss and sadness across our community were palpable.

Remembering Bill Slawski: SEO Legend, Mentor & Friend

Remembering Bill Slawski: SEO Legend, Mentor & Friend

Remembering Bill Slawski: SEO Legend, Mentor & Friend

Remembering Bill Slawski: SEO Legend, Mentor & Friend

Remembering Bill Slawski: SEO Legend, Mentor & Friend

Remembering Bill Slawski: SEO Legend, Mentor & Friend
Remembering Bill Slawski: SEO Legend, Mentor & Friend

Remembering Bill Slawski: SEO Legend, Mentor & FriendRemembering Bill Slawski: SEO Legend, Mentor & Friend

A search patent expert, colleague and mentor to many, and a friend to many more, Bill influenced the lives of everyone in the search industry.


If you hadn’t read one of the thousands of articles he wrote or contributed to, watched one of his interviews, attended one of his talks, or listened to a podcast he was a guest on – I guarantee that someone you work with, learn from, or work for has.

This was due in no small part to Bill’s vast knowledge and expertise, combined with an unequaled passion for the nuances and technological advances that make search engines tick.

I spoke with Bill a few weeks ago as we were planning a feature article on the patents he felt are most impactful for search marketers.

In that interview, he explained his love for patents.

“One thing I always say about patents is they’re the best place to find assumptions about searchers, about search, and about the web. These are search engineers sharing their opinions in addition to solving problems,” he said.

He loved getting to see what engineers were thinking, and what they had to say when it comes to different problems on the web.

“One of my favorite types of patents to look up is when they repeat a patent and file a continuation,” Bill explained. “I like to look at these continuation patents and see how they’ve changed, because they don’t tell you, ‘This is what we’re doing.’”

That innate curiosity and true passion for unraveling the complexities of the search algorithms we work with each day made talking with Bill and reading his work a real joy.


I can’t tell you how many times I’ve gone to Bill or referenced his work in mine over the years, as have so many others.

He had a real talent for making complex concepts more accessible for readers and marketers of all stripes. As a result, his contributions to our collective understanding of how search works are unrivaled.

Bill Slawski’s work and knowledge are foundational to the practice of SEO as we know it today.

I speak for all of us at SEJ in saying we’re incredibly grateful for what he generously shared with each of us.

He was a close friend and respected colleague to our founder, Loren Baker, as well.

“Bill Slawski was a true friend of mine in more ways than one. First of all, he was a surprising mentor who helped me out quite a bit early on in my career, even before the days of social media or Search Engine Journal. He was my buddy and workmate,” Loren said.

Loren Baker and Bill Slawski

Loren Baker and Bill Slawski

Bill and Loren worked together for a couple of years and spent a lot of time out in the parking lot in Havre de Grace, Maryland, smoking cigarettes and talking about Google patents.

“If anything, I would say that Bill taught me that there was much more to SEO than just ranking alone,” Loren explained, adding that Bill taught him the importance of incorporating a narrative into all of the work that you do.


“He taught me the ethics and workmanship behind creating a piece of digital art that people will want to read, will want to share, and will ultimately search for and click on–touching their lives,” he said. “I will miss Bill deeply. It’s very difficult losing friends.”

Having started in 1996 and launching SEO By The Sea in 2005, Bill was the go-to source when you wanted to understand how search engines work or how they change the way we search or live our lives.

But it was so much more than that.

Bill was generous with his time and eager to share his knowledge of search, information retrieval, NLP, and other information technology with any and all.

He had a gift for taking complex patents, algorithms, concepts, real-world behavior, and search engines and explaining how the world of search and information retrieval worked in a way that everyone could understand.

Bill seemed to have an instinct for understanding what you knew and didn’t know or where you were confused. He could fill in the gaps without making you feel silly for having asked. Even if it was the millionth time he’d answered that question.

You didn’t have to be an SEO rockstar or an experienced professional, either.

If you didn’t understand something or had questions, he would happily spend hours explaining the concepts and offering (or creating) resources to help. And as many in the industry who encountered Braggadocio can attest to, you always felt like a long-lost friend, even if you had just “met” him in text.


“It’s like when you go to a conference and you’re one of the first people there. And all the seats are still empty and there’s not a lot of discussion going on. That’s what the SEO world was like back then…I remember happening upon an SEO forum and just being a lurker. Just looking at what everybody was talking about and thinking, ‘this is a strange career. I’m not sure I can do this.’ In the end, I did it.

I started out working and promoting a website for a couple friends who started a business. And so helping them succeed in business was a pretty good motivation.” Bill Slawski, cognitiveSEO Talks interview, April 5, 2018

Bill’s wealth of knowledge extended far beyond search, too.

With a Bachelor of Arts in English from the University of Delaware and a Juris Doctor Degree from Widener University School of Law, Bill spent 14 years as a court manager, administrator, technologist, and management analyst with the Superior Court of Deleware.

He loved nature and plants, and the ocean. He loved traveling and search conferences, but he ultimately found peace in nature and took advantage of it often. And he shared it with us all.

Bill pushed everyone to look beyond the headlines and keywords.

He was quick to add words of support and congratulations when someone shared an achievement. He encouraged everyone to explore the possible, to not be intimidated by new things, and to better understand the search ecosystem, not just the technology, so we could better serve our families, communities, colleagues, and clients.

His kindness, generosity, loyalty, and love of the industry knew no bounds.

The King of Podcasts on Twitter

The King of Podcasts on Twitter

Marshall Simmonds on Twitter

Marshall Simmonds on Twitter

Here at Search Engine Journal, Bill was a familiar face on social media and a VIP contributor, but he was much more than that.

Matt Southern, News Writer

One of the things I’ll miss most about Bill Slawski is the outdoor photography he shared on Twitter.

As deeply entrenched as he was in SEO and online marketing, he always took time to step back from the keyboard and admire life’s beauty.

I think that’s something we could all benefit from doing more of.

Roger Montti, News Writer

I knew Bill Slawski for almost 20 years, from the forums and search marketing conferences. He created a stir with all the things he discovered in the patents, which went a long way toward demystifying what search engines did.

What impressed me the most was his generosity with his time and how encouraging he was to me and to everyone. I feel privileged and honored to have been able to call him a friend.


He will be profoundly missed.

Brent Csutoras, Advisor and Owner

So much of our marketing journey has been in understanding not only how something works with Google but what they are trying to accomplish over the coming years so we can be prepared and ready to pivot when needed.

Bill’s work with patents provided valuable insight very few individuals were capable of distilling and yet everyone benefited from.

He was instrumental in getting us to where we are as SEOs and digital marketers today.

Bill Slawski Was A Man Of Quiet Impact

“My first interaction with Bill Slawski was on Kim Krause Berg’s Cre8asite forum. I was trying to learn what SEO was all about, so I just lurked, soaking up knowledge from bragadocchio, Black Knight, Grumpus, Barry Welford, and others. I know that Bill started more 10,000 threads there during his time as one of the admins and one of the first things that struck me was his willingness to patiently share his knowledge. At the time, I had no idea who he was, but it quickly became obvious that he was someone who was worth listening to. ”

~ Doc Sheldon, Facebook

That he was.

Atul Gawande once wrote that life is meaningful because it has a story–one driven by a deep need to identify purposes outside of ourselves and a transcendent desire to see and help others achieve their potential.


This was the very essence of Bill’s life.

Not just in the wealth of unparalleled knowledge and resources he has gifted to us, but in the inspiration, guidance, and encouragement he has instilled in us all. That is his legacy and one that will live on.

It’s been difficult to hit Publish on this piece as I don’t feel anything we share could do that legacy justice.

Search Engine Journal will leave Bill’s library of content here untouched in perpetuity, and we’ve left comments open below for all to share your contributions to this memorial for Bill.

Thank you, Bill, for sharing your intelligence, passion, and knowledge with the SEO community.

You will be sorely missed.

Written in collaboration with Angie Nikoleychuk.



if( typeof sopp !== “undefined” && sopp === ‘yes’ ){
fbq(‘dataProcessingOptions’, [‘LDU’], 1, 1000);
fbq(‘dataProcessingOptions’, []);

fbq(‘init’, ‘1321385257908563’);

fbq(‘track’, ‘PageView’);

fbq(‘trackSingle’, ‘1321385257908563’, ‘ViewContent’, {
content_name: ‘memoriam-bill-slawski’,
content_category: ‘news seo’

Source link

See also  Google Adds New Troubleshooting For Title Links & Valid Page Metadata Help Documentation
Continue Reading

Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address