URL Hijacking: How To Prevent It From Ruining Your Search Rankings
Last Updated March 22nd, 2022 · Web Development
Is your website at risk for URL hijacking? Not to be confused with domain hijacking, it can spell disaster for your website’s search rankings. Your website may rank at the top of the search results, only for URL hijacking to completely erase it from Google’s and Bing’s listings. While destructive to search engine optimization (SEO) when it occurs, URL hijacking can be prevented.
What Is URL Hijacking?
URL hijacking is a black-hat SEO process in which a nefarious webmaster replaces your web site’s search listings with his or her own website’s search listings. It’s performed using 302 redirects. The site admin will essentially hijack your website’s ranked URLs by redirecting to them with 302 Hypertext Transfer Protocol (HTTP) status codes.
URL hijacking is made possible by 302 redirects. A 302 redirect is a status code indicating that a document, such as a web page, has temporarily moved to a different URL. While they have legitimate applications, 302 redirects can be used for black-hat SEO processes like URL hijacking.
If another website owner wants to hijack a URL on your website, he or she may redirect to it from a URL on his or her website. With a 302 redirect, search engines may mistakenly identify the attacker’s URL as the original URL for the given page. They’ll assume his or her URL is the original URL, and search engines will assume your website’s URL is the second and temporary URL for the given page. Since they typically only rank original URLs, search engines will remove your website’s URL from the search results while replacing it with the wrongdoing site owner’s URL.
The Effects of URL Hijacking
When a URL on your website is hijacked, it will no longer rank. You may still see the URL’s organic listings when performing searches, but they’ll feature the black-hat developer’s URL. URL hijacking involves the replacement of your website’s ranked URLs for those of another, evil site admin’s.
URL hijacking can also harm your website’s brand image. Many users don’t visit websites by typing the addresses in their web browsers. Instead, they visit websites by searching for relevant keywords on Google or Bing and clicking the right listing. A user, for instance, may recall stumbling upon your website by searching for a specific keyword on Google. When visiting your website in the future, the user may perform this same Google search.
If one or more of your website’s URLs have been hijacked, users may not find it by performing searches. They may see the offending webmaster’s website ranking in the same placements and for the same keywords, which can dilute your website’s brand image. After discovering a switched URL, users may assume that your website was rebranded. To preserve your website’s brand image, as well as its search rankings, you must protect it from URL hijacking.
How to Prevent URL Hijacking
Define Canonical URLs
Another way to protect against URL hijacking is to define canonical URLs. A canonical URL is the preferred URL for a given page that’s published on multiple URLs. If multiple URLs have the same content on them, search engines won’t rank them all. They’ll typically only rank the URL that was published first. Defining a canonical URL means that you are telling search engines which URL they should rank.
Defining canonical URLs can protect your website from both duplicate content and URL hijacking. When you define a canonical URL for a given page, search engines will recognize it as the preferred URL. Other websites can still redirect to that URL, but search engines won’t rank them.
Use an Auto-Updating Sitemap
An auto-updating sitemap can protect your website from URL hijacking. Like all sitemaps, it will relay information involving your website’s URLs to search engines. Search engines can crawl it to find all of your website’s active URLs.
With a sitemap, search engines are more likely to recognize your website’s URLs as being original. They’ll quickly discover new URLs on your website by crawling the sitemap. Therefore, even if an evil webmaster redirects to a new URL on your website, search engines won’t recognize his or her URL as being original. They’ll recognize it as a duplicate URL.
You can always update your sitemap manually, but using an auto-updating sitemap is far more convenient. Whenever you publish a new page or edit an existing page, it will update the included URLs automatically to reflect these changes. There are auto-updating sitemap plugins available for most website content management systems.
Monitor for Content Theft
Monitoring the internet for unauthorized uses of your website’s content can help you defend against URL hijacking. In many cases, URL hijacking involves copied content. Black-hat webmasters may copy your website’s content to use on their own websites. When combined with a 302 redirect, search engines may
You can monitor for content theft by using Google Alerts. Google Alerts is a customizable notification tool. Available for free, it allows you to set up alerts for new publications of your website’s content. You can enter a snippet, enclosed in quotation marks, of the text content on a URL. When another website publishes that snippet, Google will send you an email notifying you of the publication.
After you discover another website has copied your website’s content, you can ask them to take it down. If that approach fails, you can submit a Digital Millennium Copyright Act (DMCA) notice. As hosting providers for digital content, search engines must comply with DMCA notices. You can submit a DMCA notice to Google and Bing claiming ownership of the copied content. Assuming they approve your DMCA notice, search engines will remove the infringing URL or URLs from their search results.
WordPress URL Hijacking Causes and Solutions
In particular, URL hijacking is a common problem on poorly maintained WordPress websites. One of the most common forms of WordPress malware is trojans that infect or upload infected files to your server. These files then invoke all kinds of malicious actions.
WordPress Malware Causes URL Hijacking
For URL hijacking, the most common malware will make your website seem to operate normally for visitors but behave differently to search engines. For example, a piece of WordPress malware might redirect a search engine indexing robot away from your site to a spam site instead. Unfortunately, Google will recognize this redirect as something you want your site to do. This will lead to search engine results for your site showing your URL but the text of the search result will be from the destination spam site. Clicking on the search result will send the user to the spam site and bypass your site entirely.
Handling WordPress URL Hijacking Problems
This form of URL hijacking is quite common in WordPress. You can remove this yourself but you need to know where to look. Check your WordPress installation on the actual server, using FTP or another server-side tool, and look for modified files. Familiarize yourself with what files make up WordPress Core and delete those that should not exist. Third-party plugins and themes are also popular vectors for malware to infect your WordPress site.
Protect Yourself From URL Hijacking
Search engines won’t always swap out your website’s search listings for those of another website just because there’s a 302 redirect in place. Rather, URL hijacking typically only happens if they identify the other website’s URL as being original. For maximum protection against this black-hat SEO process, however, you should consider using an auto-updating sitemap, defining canonical URLs, and monitoring for content theft.
Link Software has been offering web development services for many years. We’ve encountered and solved a variety of odd SEO situations and more. We also provide WordPress maintenance packages to keep your sites safe from URL hijacking malware. Contact us today if you need help solving an issue with your company’s website.