There has been a WordPress spam that has been going on. It looks something like this in google:
Now you might be thinking that those spammers would have to get wome sort of access to their site.
Nope. What those spammers do is 100% legal and requires 0 knowledge of hacking. Even you and I can do that.
It is caused by a spammer who goes to your WordPress site and enters for example these spammy keywords into your search bar: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque sed bibendum augue. Proin et varius.. Then the spammer goes and creates a post on their own website adding links to their spammy search queries (on your site). Google, Bing, DuckDuckGo, and Baidu robots index those links and adds them in their search engine.
When somebody goes to google (or something else) and searches for those spammy texts, (or even just your website URL) those spammy search links pop up
This could seriously ruin your site’s reputation especially if the words/sentences are inappropriate.
The Solution:
Check if your website already has the robots noindex code in the source code. Just go to The Craziest & Most Affordable Hosting Deal Ever! or type something in the search bar and remove the thing you typed from the URL. Then just do CTRL+U or type view-source before the URL.
Update your WordPress installation to the latest version
Add an SEO plugin like Rank Math SEO (best for Elementor), Yoast SEO (most popular), or All in One SEO (recommended by wordpress.org themselves and made by Automattic) since they automatically add the robots noindex code to the source code.
Go to Google Search Console, add your domain/subdomain and do the verification process. Then click on Removals on the sidebar < New Request and type in your search results URL (could be The Craziest & Most Affordable Hosting Deal Ever! or type something in the search bar and remove the thing you typed from the URL.).
Maybe where you’re from, but where I’m from it most definitely is not. (Online) spam is most definitely illegal here.
Of course, that doesn’t mean much when it’s nearly impossible to trace the spam back to a person who caused it and then get hard evidence to convict that person.
But it’s most definitely illegal.
Require a good CAPTCHA before posting to prevent bot posts.
Implement other spam prevention methods like Akismet or StopForumSpam checks to block harmful IP addresses or emails.
You don’t need to remove spam from search results if there is no spam on your site to begin with. Spam also hurts your SEO more than any of those plugins could ever add.
The only suggestion I can also recommend is to update WordPress to the latest version. Hackers and spammers love outdated software with known security problems.
@admin Isn’t legal to search things on your website? Isn’t it? This spam is caused when spammers search spammy keywords on your site. It isn’t caused by them hacking into your wordpress admin account.
A search engine shows results found on your website. If you search for spam keywords, and there are results for your website, that means that spam content was found on your website.
I would say the solution to this problem is to make sure that this spam content does not exist on your site.
Perhaps my definition of hacking is more broad than yours, I define hacking as something like “activities to abuse the computer systems of someone else for the hacker’s benefit or to cause harm to others”.
And in which case, injecting spam content on someone else’s site, possibly using bots, is most definitely “hacking”. IMO hacking doesn’t require stealing account details or exploiting vulnerabilities in code.
Although the lack of sufficient spam prevention measures could definitely be considered a vulnerability.
