How to Avoid SEO Rank Poisoning via Injected Search Queries in WordPress

How to Avoid SEO Rank Poisioning via Injected Search Queries in WordPress

The goal of SEO poisoning is to hijack the search engine results of popular websites and inject malicious links into them to boost their placement in search results. These links then lead unsuspecting users to phishing sites, malware downloads, and other cyber threats.

Ever imagined if someone could rank a webpage on your very own website to rank for malicious terms? Perhaps for advertising their own products or just for negative SEO? Or to hijack your brand reputation for their own nefarious interests? Here’s an example:

Example of SEO poisioning SEO injection

Websites get hacked all the time, only this time, this is a clean and secure site still rendering the injected keywords by the use of search terms in the website’s URL.

Table of Contents

  1. Here’s How WordPress Search Template Renders User-Provided Search Keywords in the Archive-Title
    1. Here’s what the search-page’s URL looks like with injected spam keywords:
    2. And this is what such a link looks like inside Google Search Console:
  2. Fixing Injected Search Queries
    1. See Also:

Here’s How WordPress Search Template Renders User-Provided Search Keywords in the Archive-Title

  1. When you use WordPress’s built-in search feature to search for keywords, the submitted search query redirects to a URL containing the search terms.
  2. These search terms are then rendered as archive-title of that search page.
  3. Bad actors can copy this URL and generate backlinks to this URL.
  4. Search Engines will index these backlinks and rank this URL for those injected search-terms.
  5. Your page will start ranking for these search-terms affecting the rank and user-experience of your website.

Here’s what the search-page’s URL looks like with injected spam keywords:

image of injected search queries in wordpress search templates url

Image of Backlinks in Google Search Console of SEO Rank Poisioning via injected search queries in WordPress

You can try this with any WordPress website and most themes / templates support such keyword injection in the title of the search-archive or the search-template.

Fixing Injected Search Queries

The following piece of code works for most generic WordPress themes to eliminate the user-provided / injected search-terms on the search-result template.

add_filter( 'get_the_archive_title', function ( $title ) {
    if( is_search() ) {
        return 'Your Search Results:';
      }
      return $title;
});

Certain other themes which are not WordPress-standard-compliant, have their own quirks. For example here’s the bit of code that fixes this problem in the Thesis theme.

add_filter( 'thesis_archive_title', 'my_search_archive_title' );
function my_search_archive_title( $title ){
    if( is_search() ) {
        return 'Your Search Results:';
    }
    return $title;
}

Summary:
The lesson to learn here is how unexpected and surprisingly easy it is to lose your hard earned ranks and why you should monitor your ranks and fix things in time.

See Also:

This article is written by Evelyn Allison. Evelyn has over two decades of experience with the big-tech corporate giants. Starting in 2002 with consumer IT remote support, he transitioned into IT enterprise support and systems provisioning for Windows and Linux servers. Her prowess spans her expertise in network security, security audit and scripting-based-automation. Actively involved in web security since 2017, Evelyn has worked with various technologies to secure the web, leveraging tech like Nginx, modsecurity, reverse-proxies, developing web-application-firewalls, on-the-fly asset optimization using Google’s PageSpeed Module and more. Her expertise is reflected in the top-tier plugins and comprehensive consulting-services she offers in the domain of web-security.

Need help with restoring your hacked site?

Our dedicated incident response team, state-of-the-art technology, and excellent customer service makes sure that your website is 100% clean and secure.

Request Malware Cleanup →