This is a real case study and has happened recently to one of our clients. We present it as a cautionary tale to anyone who has dropped significantly in Google search results.
We follow the organic placement for this customer on a monthly basis. This past month we saw that on many of his important keywords he had dropped totally off the radar screen on Google. Additionally in the Google Webmaster control panel in the brand new keyword section word were showing up for his account on casino, blackjack, and gaming.
I closely reviewed his website and any insertions of code and saw none. The client and I got with the web host to review any problems, there were none. Then when the client was reviewing Bing, he saw that his meta description for certain pages of his website mentioned gaming and casinos. This was serious.
I started doing research on the hijacking of meta tags and found on Webmaster World another person who was asking for help to resolve a similar situation but over a year ago. The savvy response was that there was code inserted and cloaking had been done to deliver a page for search engines that no one else could see.
The client got with Network Solutions and a security tech was able to identify that there were two files in the clients WordPress blog that had been altered. One was a 404.php file in the current theme template directory and the other was hidden in this directory: wp-includes/js/tinymce/plugins/spellchecker/classes/utils/utils.php.
If this ever happens to you make sure to check these two places first. The tech support person at Network Solutions said that using a script like this allows the perpetrator to deliver content just for a search engine on any page they desire of your website.
Man, was that a wakeup call! What a nasty situation! What was even stranger was only certain pages in the website had been targeted. The home page and then just some of the inside directory pages.
Now I don’t know if this client’s site was just randomly targeted or if a sneaky competitor in his highly competitive field was stealing his Google placement, but what I do know is that to me the attack was invisible. I tore up the site looking for code and there was none. I never thought to look in the blog as the blog we had confirmed was not affected with the malicious meta tag problem.
Needless to say we have enabled some serious security, changed all the passwords, and destroyed the code. This example can be a lesson to any person with a website who has experienced and unusual and significant drop in Google. But most telling of all is the brand new tool in the Google Webmaster control panel for popular keywords is an excellent heads up if you have a problem.
Keep up the good work!