Free WordPress Security Mini Course

Comments   |   WordPress Security

The Google Redirect Hack

This particular hack can kill your Google rankings. In fact, I have met people that completely lost their revenue from a particular hacked site and ended up throwing their hands in the air and gave up. Remember in another post, we talked about different types of wordpress hackers. One of those hackers is a spam marketer. These types of hackers simply want to use and abuse your site to generate traffic and links to their own spammy websites (often sites that deal with magic weight loss pills, male erection pills, virus cleaners, etc.).

The dreaded Google redirect hack is a tricky little bugger. Here’s how it works…

  • The hacker finds a way into your wordpress website
  • The hacker then inserts a little script. The script is usually some small snippet right above the </body> tag or somewhere in the header. It will look something like this: <script src=””””></script>
  • That simple little script can do a number of things. In this particular case, the script recognizes when a visitor comes from a search engine and then it redirects that visitor to their own spammy website.
  • If you go directly to your site by typing the URL in the address bar, you don’t notice anything. Only if you click your link from a search engine like Google will you be redirected.

Why do they create this hack like this? Well the obvious reason is to capitalize on traffic to your website. When a visitor finds your link on Google, they click expecting to get your website. Then they are forcefully redirected to a spammy website. This hurts you for several reasons.

  • The customer is now very irritated with you. They didn’t want to go to the site you just redirected them to. (Yes, even though you didn’t physically redirect them, your site did… do you are to blame)
  • The customer will likely go right back to Google (so the time on your “site” is now minimal resulting in a possible drop in rankings)
  • The customer may never visit your site again. Ouch!
  • Google recognizes the issue and slaps your site with a Malware warning or just simply drops your site in the bottomless abyss of the 10,000th page of rankings. In other words, you will not get any more traffic from Google.

How can you find out if you were hacked with a Google redirect script?

  • Try visiting your site from a Google link.
  • Open your Google reader (or whatever RSS reader you use) and try clicking the link. The scripts sometimes even redirect RSS feeds, not just visits to the actual site.
  • Check your analytics on a regular basis. Heck, you should be doing this anyway! Check for any sudden and dramatic drop in traffic, especially traffic with Google as the referrer.
  • If you are dispalying Google AdSense, affiliate ads, or some form of advertising on your blog, see if your revenue suddenly plummeted.

I understand that these suggestions are for the most part “aftermath” checks and don’t solve the problem before it happens. That’s why this site Stop WordPress Hackers exists. Don’t wait until it’s too late before you implement simple security changes that will lock down your wordpress website.

Leave a Reply