SEO spam is a Black Hat SEO technique, used by spammers to spread spam content, exploiting the resources of a host server owned by someone else. After website compromising, the attacker installs number of scripts to penalize the search engine ranking of the compromised site (even going so far as to exclude it) or take advantage of the visibility of the site, to improve the ranking of sites used by the spammer to spread its spam messages. The techniques used include: comments spam, content duplication, keyword stuffing (more information on Wikipedia) or pages created specifically for search engines, but different from those displayed by users of the site (cloacking on Wikipedia).

How can I check if my website is being used for SEO spam?

First of all, through the Google Search Console, in the search queries section, you could find queries that are not relevant to your site and maybe even spam terms such as viagra, adult sites, online gambling, etc…. Then, you may find hidden spam posts on your site, that are not displayed in the post’s archive page. The best way to find out is to perform a malware scan using a malware scanner such as Sucuri Site Check or Quttera.

My website is infected… what can I do?

Cleaning up a website from a malware infection can be a very demanding operation, especially if the website’s database has been infected as well.

How can I protect my website?

To be able to install scripts means that the spammer has managed to become an admin user exploiting known or zero-day vulnerabilities to hack into your website. In both cases, the best way to keep your website secured, is to keep core files, themes and plugins updated and by setting a multi-layered protection model, to protect as much as possible from the risks that known and zero-day vulnerabilities carry with them.