When a site gets hacked, you can almost always count on it being used to promote one of several market areas.  Google recently announced their hacked site algo, which would see hacked results removed from the search results.  But Gary Illyes from Google revealed another interesting fact about it… that it impacts spammy queries only.

Gary Illyes also confirmed this on Twitter when questioned about it.

What are spammy queries?  Just think of the typical keywords you see when a site gets hacked, pretty similar to the types of things you see in comment spam, too.  Pharmacy, adult and casino are pretty common, as are higher value brand products, particularly for counterfeit products and links to download malware.  They tend to be the more profitable and high value keywords… which is also why you don’t tend to see sites hacked with lower value or less common keywords.

This change actually makes a lot of sense.  It would potentially allow sites to still be shown for their usual set of keywords but wouldn’t show or rank for the keywords that were added when the site was hacked.  Of course, this would also depend on whether the site was “safe” or not, as some hackers also install malware on compromised sites, but that would trigger an additional warning from Google when someone tries to view it.

And sometimes hacked sites still have the best content for a particular search query, especially for niche markets or longer tail queries.  Google could still provide the desired content to the user – provided the site wasn’t trying to download malware just from visiting the page – and the site owner can still get that traffic while they are (hopefully) in the process of cleaning up from the hacking.

From Google’s perspective it is a very smart move to make, but people seem to be missing the bigger picture on this – by devaluing those spammy search queries, it makes it less profitable or enticing for hackers to exploit sites if Google won’t rank those pages.  While not every site would ordinarily rank for some of the higher trafficked and spammed search queries, there are ones that rank high enough already that can end up ranking for those hacked queries too.

Google also says that this change will impact 5% of queries.  That translates into a lot of searches where hackers won’t be able to get their content from exploited sites to rank.

Google is also pretty good at identifying sites that have been hacked – either bad enough to warrant a “this site may be hacked” warning in the search results or with a notification in Google Search Console.  And it likely would be easy for a search filter to be triggered for “this site has never posted anything about cheap viagra until Googlebot discovered 96,000 pages about it” or “suddenly this site has a ton of outgoing poker links from every single page on the site.”

Some would argue that it is the webmaster’s fault for not keeping a site up to date and allowing it to be exploited, meaning they “deserve” to lose their Google traffic, but we have seem time and again where up-to-date WordPress plugins are exploited, including some very popular ones.  And others just aren’t savvy enough to realize the importance of keeping up to date, or don’t even realize that updating is a thing, especially when using a “one button” install popular on many web hosts that don’t enable automatic updates.  And some site owners have no idea how to fix a site that has been compromised, yet continue to update their content while ignoring the problem.

It also means the recovery process is much quicker for site owners, especially from a ranking perspective, if they never stop ranking for their main keywords to begin with.

Hacked sites could still rank on other search engines, as it is not believed that others have a similar algo to Google’s that will prevent hacked sites from showing up for those typically spammed keywords.  But with Google serving the majority of searches in the majority of countries, it would definitely have an impact on the spam success rate of hackers taking advantage of exploits on WordPress and other types of sites.

Will this stop hackers from hacking sites through various vulnerabilities?  Of course not, because many have bots do the dirty work.  But this “spammy queries only” change would make it so that being hacked is less devastating to small business owners whose sites are exploited while removing some of the value that hackers get from hacking sites to inject or insert their own content, keywords and links.