You might already be aware of the spam attack that hit online retailers last year, and into 2023, and if you work in eCommerce and use Shopify, then it will definitely have been top of your agenda for a few months. So, what happened, and how can retailers guard against future exploits?
In short, companies affected would have seen an anomalous increase in the number of pages indexed – websites that should only be a few hundred or few thousand pages suddenly saw Google was trying to index tens of millions. On top of this, many sites were suddenly ranking for NSFW, gambling and other spam keywords, and backlink profiles that were once so natural suddenly reported an influx of spam keywords.
This is the nightmare scenario for eCommerce retailers, who spend budget, time and resources ensuring that sites are indexed accurately to attract the most customer traffic. For a full deep-dive into what happened and why, check out our recent blog: Shopify and the Never-Ending Pages Problem.
How can you tell if you have been impacted?
1. First things first, check your Google Search Console account and look at the number of indexed pages to see whether there have been any recent changes. If you are seeing a massive influx in pages indexed, then it is likely you are affected.
If you’re worried your Shopify website has been hacked, the easiest way to check is by logging into it and checking the actual URLs (the Pages, Collections, Products and Blogs). If the new pages you’re seeing Google trying to index in your Google Search Console account, aren’t in the backend of your CMS, you haven’t been hacked, and it is likely a result of this spam attack.
2. Secondly, check your new and lost backlinks in your Google Search Console. If you are seeing a huge increase in new backlinks, it is likely you are impacted.
3. Thirdly, if you are seeing new rankings for unrelated keywords. We noticed a pattern of new rankings (as well as clicks and impressions) for NSFW or gambling related keywords, as well as non latin characters.
So, what can you do if you are affected?
All is not lost! There are several things you can do to tackle these problems, and set yourself up to ensure you won’t be as badly impacted in future:
- Get rid of the excess pages
Start by helping Google get the new pages out of the index, by telling it to ignore the spam URLs. The easiest way to do this is by canonicalising these URLs back to the parent URL by adding a canonical tag (more detail on how to do this in our deep-dive blog here).
You can then back this up with the URL removal tool in the Google Search Console. Whilst this is fixing the symptom, not the cause and only a temporary fix, the hope is that Google’s algorithm will have caught up by the time the removal expires. For one client, we saw non-brand rankings start to climb back within 24 hours of submitting this request.
- Disavow links
Since none of these spam bots were kind enough to leave a contact email, asking them to remove their links proved problematic (!) and so a Disavow submission as the only real course of action. If you’re worried you’ve got enough spam links pointing to your website that they could damage your rankings, you’re telling Google you didn’t ask for them and not to count them.
Until this Shopify exploit is rectified, Disavows should become part of monthly maintenance.
- Focus on content
We can see that some Shopify eCommerce retailers were hit harder than others in the ranking by this recent exploit. But why was this? A strong content strategy appears to be the answer, meaning you are less reliant on those ‘glamour’ keywords, instead focusing on long tail search terms.
A great example of this is YuMove, a big company who was also hit by the Shopify exploit. Their site is very commercial, and includes 8.5k ranking keywords. They were not as badly impacted as many retailers due to the amount of good content on their site, specifically blog posts. They’re not doing anything specifically technical, but they’ve invested heavily in blogs and content production, and this has stood them in very good stead, as Google is constantly becoming more focused on content.
But why does it work? Well, the glamour keywords tend to have a higher search volume, but a lower buyer intent attached to them, whilst the long tail keywords have a lower search volume, but tend to indicate a higher level of buyer intent. For example, there may be a huge number of people searching ‘watch’, but that does not necessarily translate into sales, whilst someone searching ‘large mens watch gold strap analog’ is much further down the decision-making funnel, with a much clearer idea of the product they are looking for and want to purchase.