Shocking! When Hackers Edit Disavow Links File

Did you know that hackers can edit your disavow links file in Google Webmaster tools and cause irreparable loss of search engine traffic rankings? I recently helped a friend fix his hacked site –  When your site gets hacked, you restore your server files, restore the database from WordPress backups (or Vaultpress backups), reupload your images, and check that all your posts pages and images are working well. Your hosting scans your server for malware, trojans, and malicious codes …

… but how many times have you checked your disavow links file?

shocking hacking

Hack Disavow Links File

The Google Disavow links tool is a powerful free SEO tool provided to webmasters to inform Google to discredit bad backlinks as Google considers their search engine rankings. This particular hacker got access to my friend’s e-mail account, got the hosting FTP password (never save your passwords on e-mail!), and deleted lots of files making the site unusable. Of course, he was sure that the site would be restored soon enough.

But he was betting on much more damage…

He also logged into the Webmaster tools account (which had the same Google account!), and edited the disavow links file to add ALL backlinks to their site into it. The disavow link file is located on a special URL and the content is currently not visible in Google webmaster tools. This means that unless you go especially looking for it, there are high chances you will miss checking this.

Disavow Links

The disavow links file is a very powerful tool provided by Google to Webmasters, and adding all backlinks of a site to that file means that you want Google to not consider any of those back links in your search engine rankings. Fortunately, based on a checklist we use we were able to help them fix the file quickly before any permanent search engine traffic damage was done.

Google stresses that most Webmasters do not need to use the disavow links file as Google has smart algorithms which can detect different types of back links. Moreover, Google also states that links disavowed in this file will take a long time to be reconsidered back into the rankings of the site, hence this tool should be used with utmost care and only if needed. Had this not been detected, it would surely have led to a drop in search engine rankings, which might be difficult to restore without a reconsideration request and manual Google intervention

When was the last time you checked your disavow links file?

This case highlights some serious implications as hackers might edit your disavow links file only, without touching a single file on your hosting server. You might never know that your site has been hacked! Just like when QOT was hacked and an e-mail alert saved us.

This is also important for Webmasters who don’t host a disavow links file, and they should especially check this file periodically or after an email account is hacked.

Learn more about the Links Disavow Tool below –

Request to Google Webmasters Team

  1. Link the disavow links file directly in the Google webmasters panel, so that it is easily accessible rather than having to search Google to find the disavow links tool.
  2. Display the contents of the disavow links file in a text box/ iframe just like they show the blocked URLs page where they show the robots.txt content in full (also like in Bing Disavow tool). It would help Webmasters better know what is posted inside it.
  3. Overrule disavow links file (especially if the file has been hacked) in case of a site hacking issue followed by a reconsideration request, to reverse changes caused by the discredited backlinks at a faster pace than usual.
  4. Send an email alert to a primary and secondary email address when this file is uploaded or edited.

Are your search engine rankings dropping? When was the last time you checked your disavow links file?

Share with friends

About the Author: P Chandra is editor of QOT, one of India's earliest tech bloggers since 2004. A tech enthusiast with expertise in coding, WordPress, web tools, SEO and DIY hacks.