Unfortunate as it is for webmasters, there will never be a time when black hat SEO schemes cease to exist. Hacker culture only continues to advance and evolve right alongside online development, so the best thing you can do is ensure that your website is protected.
Sucuri, an authority in cyber security, monitors hacker trends and threats across the major CMS platforms and leans over 500 hacked sites daily. Just recently, they identified new occurrences of hacked subdirectories on WordPress.
What’s going on?
In short, the attackers hacked websites to profit from their SEO and take advantage of server resources. Where some attacks involve malicious redirects or defacements that change the appearance of the website in an easily recognizable way, this attack does not. Rather, the attackers install spam sites in the subdirectories of websites, which allow them to skate below the radar without detection.
Is this a big deal?
Yes, because a website owner who isn’t monitoring the security of their site probably won’t know about it until their site visitors make complaints, get blacklisted, or directly find out from their hosting provider.
Check out how normal a site with this type of hacking action looks:
Oh no! What do we do?
Sucuri suggests utilizing Google Search Console. Website owners should check for unrelated search queries and excessive use of keywords like “free” and “cheap” as they are often used by spammers. You can also ensure the health of your website by securing your CMS and regularly monitoring your website for unusual activity, search queries, and transactions.