How To Defend Your Website Against Negative SEO Attacks

negative SEO

For any business owner to discover that their website is being targeted by others using negative SEO, it can feel almost as if they were burgling your business for real.

In both scenarios you can feel helpless, and whilst we hope that neither of them ever happens to you, in the case of negative SEO we can at least give you some advice with regards to defending yourself, or more precisely your business’s website against it.

One of the primary objectives in defending yourself against an ongoing negative SEO attack is to discover who is actually carrying out that attack. As there are several ways that they may attack you, you need to go through the most common ones, to see if you can uncover the culprits.

Incoming Links

This will require you to use a link analysis tool, so ideally you want one which you have used and know how to assess its data. Be aware that not all tools analyse and score links in the same way so make sure you are comfortable with how you determine whether a link is good or bad.

Ideally, you want to look at some of the footprints that the negative SEO links are creating. In particular look for,

  • Links coming from low quality, spammy websites
  • Large numbers of links all showing up at the same time
  • Large quantities of links from the same country or IP address
  • Identical anchor texts being used in the links
  • Anchor texts related to pharma or adult phrases

At this point, it may not be clear whether the attack is by someone who is using a network of websites, but there are a couple of tools that can help you find out. One is at ‘‘ and the other can be found at ‘’

What these tools can do is generate a visual representation of all the inbound links which are coming into your website. This is an easier way for you to look for footprints and patterns, versus looking at a huge list of incoming links on a spreadsheet.

Spam Comments

This might be done manually, but the more likely scenario is that the culprit is using spam commenting software. Often you can trace where the comments are coming from by checking your server logs and identifying the IPs from which the spam comments were posted.

This is one of the easiest issues to address as you can simply add captcha software so that comments can only be left by real humans instead of software. Of course, you always have the option to turn comments off completely, and if they serve no real purpose, it is the easiest way to stop spam comments.

Dangerous Links Injected Within Content

If the negative SEO attacker has managed to hack your website, there are several ways they can cause issues, and not all of them are easy to spot until the damage is done.

One tactic they use is to employ proxies that they can hide behind and while doing so add content to your website which has cloaked or hidden links to websites that are likely to suspicious at best, and dangerous at worst, in terms of hacking someone’s browser for example.

As you check your website for unusual or unfamiliar URLs, it could be the attackers have slipped up, and instead of using proxies to hide their trail, they actually leave themselves in plain view with regards to their IP address.


Hotlinking involves the attackers taking images that you might host, embedding them in their own websites, and linking directly to them. The result is that a lot of your bandwidth is used up and depending on the image hosting package you have, this could lead to your website having downtime or slow loading, plus additional hosting charges.

The problem here is that it is only when the issues become apparent and after the negative SEO has occurred that you are able to do anything about it.

7 Quick Steps To Defend Yourself Against Negative SEO

Always ensure that your hosting and content management, such as WordPress, have the latest security updates and patches. The attackers tend to go for sites where they know the security is lacking or out of date.

Consider moving your website to a dedicated hosting server, rather than one which is shared. This will have ‘denial of service’ (DDoS) attack protection which will prevent any hacking attempts on your website.

Disable hotlinking of the images on your website, either at the CMS level or with your content delivery network.

Ensure your CMS is configured to stop duplicate content being added that might be injected with dangerous links.

Turn off comments if you can, but if you want or need comments on your website, install captcha software

If you identify who is carrying out the attacks, send them a cease and desist order. Most will, as they prefer to attack those who sit back and do nothing

If you discover they are your competition, report them to Google for ‘competitor spam’. Google will certainly look into it and can penalise their ranking.