Shocking! When Hackers Edit Disavow Links File

Did you know that hackers can edit your disavow links file in Google Webmaster tools and cause irreparable loss of search engine traffic rankings! I recently helped a friend fix his hacked site –  When your site gets hacked, you restore your server files, restore the database from WordPress backups (or Vaultpress backups), reupload your images, check that all your posts pages and images are working well. Your hosting scans your server for malware, trojans and malicious codes …

… but how many times have you checked your disavow links file?

shocking hacking

Hack Disavow Links File

The Google Disavow links tool is a powerful tool provided to webmasters to inform Google to discredit bad backlinks as Google considers their search engine rankings. This particular hacker got access to my friends e-mail account, got the hosting FTP password (never save your passwords on e-mail!) and deleted lots of files making the site unusable. Of course he was sure that the site would be restored soon enough.

But he was betting on much more damage…

He also logged into the Webmaster tools account (which had the same Google account!), and edited the disavow links file to add ALL back links to their site into it. The disavow link file is located on a special URL and the content is currently not visible in Google webmaster tools. Which means that unless you go specially looking for it, there are high chances you will miss checking this.

Disavow Links

The disavow links file is a very powerful tool provided by Google to Webmasters, and adding all back links of a site to that file means that you want Google to not consider any of those back links in your search engine rankings. Fortunately, based on a checklist we use we were able to help them fix the file quickly before any permanent search engine traffic damage was done.

Google stresses that most Webmasters do not need to use the disavow links file as Google has smart algorithms which can detect different types of back links. Moreover, Google also states that links disavowed in this file will take a long time to be reconsidered back into the rankings of the site, hence this tool should be used with utmost care and only if needed. Had this not been detected, it would surely have led to a drop in search engine rankings, which might be difficult to restore without a reconsideration request and manual Google intervention

When was the last time you checked your disavow links file?

This case highlights some serious implications as hackers might edit your disavow links file only, without touching a single file on your hosting server. You might never know that your site has been hacked! Just like when QOT was hacked and an e-mail alert saved us. This is also important for Webmasters who don’t host a disavow links file, and they should specially check this file periodically or after an email account is hacked.

Learn more about the Links Disavow Tool below –

Request to Google Webmasters Team

  1. Link the disavow links file directly in the Google webmasters panel, so that it is easily accessible rather having to search Google to find the disavow links tool.
  2. Display the contents of the disavow links file in a text box/ iframe just like they show the blocked URLs page where they show the robots.txt content in full (also like in Bing Disavow tool). It would help Webmasters better know what is posted inside it.
  3. Overrule disavow links file (especially if the file has been hacked) in case of a site hacking issue followed by a reconsideration request, to reverse changes caused by the discredited back links at a faster pace than usual.
  4. Send an email alert to a primary and secondary email address when this file is uploaded or edited.

Are your search engine rankings dropping? When was the last time you checked your disavow links file?


  1. Joe Hart says:

    That’s a scary situation.I’ve never thought about the damage a hacker can cause if he gets access to the disavow file.There needs to be some way to secure it.

  2. joyislam says:

    Nice data to see! (that people’s priorities are wacked.. SEO sure but at the top?) Not the best use of the infographic medium though :p It’s a nice but unnecessarily decorated list that is now inaccessible and has no hyperlinks

  3. Ajay says:

    How do you create the disavow links file?

  4. Paul Profitt says:

    I use Google Webmaster tools, but I have never used their disavow links file because I’m hoping that the Google algorithms will be enough to protect my site.

  5. Taswir Haider says:

    Nice data to see! I’ve never thought about the damage a hacker can cause if he gets access to the disavow file.There needs to be some way to secure it.

  6. Jim Jacques says:

    A great way to get rid of those links that you have not been able to remove up until now and allow us webmasters to focus on acquiring those high-quality links that Google is looking for.
    Recommended for experienced and well informed webmasters. Please use it carefully for your sites because if hacked everything is lost…

  7. Joshua says:

    Hackers are giving hard time webmasters especially when important information of their clients is stolen. The irreparable loss of search engine traffic makes me to worry a lot.

  8. Gareth Bull says:

    Wow, I’ve never heard of this before in the SEO field. Unreal article, this needs to be shared out to more of the industry. I’ll link in soon.

  9. KennB says:

    This is brutal…
    What a creative way to kill a website.

  10. Stephen Avila says:

    Most of our clients use one Google passwords so if email is hacked, for example, they can access everything from Adwords to Webmaster Tools. Hopefully people spiteful enough to do this kind of thing are few and far between but it is a good cautionary tale of the importance of good password security as you just never know.

Leave a Reply

Your email address will not be published. Required fields are marked *