How can you uncover invisible hijacked content with Fetch as Google?

Why is some hijacked content invisible in a standard browser?

Hackers use cloaking techniques to show different content based on the user-agent. Your browser displays the normal page while Googlebot sees spam, malicious links, or redirects. This asymmetry allows attacks to go unnoticed for weeks.

Modern SEO hacking specifically targets search engines. Hackers inject satellite pages selling Viagra, luxury watches, or toxic backlinks. You see nothing when visiting your site, your analytics seem normal, but Google indexes hundreds of rotten pages under your domain.

Does Fetch as Google actually detect all types of attacks?

The tool shows exactly what Googlebot retrieves and renders during crawling. If hackers inject conditional content based on user-agent, you will see it in the rendered version. It is particularly effective for detecting PHP injections, modified .htaccess files, or compromised WordPress plugins.

However, Fetch as Google does not detect attacks that only trigger after X visits, at specific times, or from certain geographies. Sophisticated hackers sometimes randomize the display of spam. A single point-in-time check is not enough — you need to monitor regularly.

Is this feature still available in Search Console?

Google has replaced "Fetch as Google" with "URL Inspection" in the modern version of Search Console. The principle remains the same: you test how Googlebot sees a specific URL. The feature displays the raw HTML, the rendered version, and reports any blocked resources.

The current interface is even more powerful. It shows rendering screenshots for mobile and desktop, detects JavaScript errors, and displays any security anomalies identified by Google Safe Browsing.

• Regularly check your strategic pages with the URL Inspection tool
• Compare raw HTML and the rendered version to detect JavaScript injections
• Monitor new indexed URLs that you haven't created
• Enable Search Console alerts to be notified of security issues
• Audit your .htaccess and functions.php files in WordPress after each alert

Is this recommendation still technically relevant?

Yes, but with an important caveat: Fetch as Google no longer exists by that name since 2019. The URL Inspection tool replaces it and offers expanded capabilities. Google continues to promote this approach because it genuinely helps detect basic cloaking.

In the field, I've seen dozens of compromised sites where owners were completely unaware they were hosting 500 pages of pharmaceutical spam. The tool immediately reveals the issue. However, it does not detect attacks that exploit CDN caching or client-side-only injections.

What vulnerabilities does this method not cover?

Hackers evolve faster than detection tools. Some recent attacks use multi-factor conditional injections: spam displayed only if the IP originates from a certain country AND the user-agent is Googlebot AND it is an even day. A single manual inspection misses this.

Other hackers inject content via compromised GTM tags or infected third-party scripts. Googlebot does not always render asynchronous JavaScript perfectly, so the URL Inspection may show a clean version while spam appears in production. [To be verified] systematically with external monitoring like visualping or a headless crawler.

Is this approach sufficient as an anti-hacking strategy?

No. The URL Inspection is a diagnostic tool, not a preventive solution. You detect the harm once it’s done, potentially after Google has indexed the spam and penalized your site. The real priority is upstream security: regular updates, hardening permissions, correctly configured WAF.

I see too many SEOs manually checking 5-6 key URLs per quarter and believing they’re protected. Meanwhile, 200 satellite pages get indexed under /wp-content/uploads/. It’s essential to automate: daily monitoring scripts that crawl the site, alerts for new URLs in Search Console, and weekly security scans.

How can you effectively use the URL Inspection to detect hijacked content?

Log in to Google Search Console, paste the suspicious URL in the top search bar, click on "Test Live URL." Wait 30-60 seconds for Google to crawl the page. Then click on "View Crawled Page" to see the raw HTML and the rendered screenshot.

Carefully compare what Google sees with what you see in your browser. Look for suspect link blocks, hidden text in white on white, JavaScript redirects to spam sites. If you see content that you didn’t create, you have been compromised.

Which URLs should you prioritize in this check?

Start with your main conversion pages: homepage, bestselling categories, AdWords landing pages. Hackers often target high-traffic pages to maximize spam distribution. Then check templates (header.php, footer.php) because an injection there affects the entire site.

Also inspect the strange URLs that suddenly appear in your Search Console coverage reports. If you see indexed pages like /viagra-online/ or /cheap-rolex/ that you’ve never created, that’s a clear warning sign. Some hackers are more subtle: they create /category/seo-tips-2019/ with auto-generated content.

What should you do if the tool indeed detects malicious content?

Your first reaction should be: don’t panic and don’t impulsively delete anything. Take screenshots, export the raw HTML visible to Googlebot, document everything. This evidence will be necessary to understand the attack vector and prevent recurrence.

Then switch to emergency mode: change all passwords (FTP, database, WordPress admin, host). Scan the server using tools like Sucuri SiteCheck or Wordfence. Identify recently modified files via SSH. Manually clean injections — automatic plugins often leave backdoors.

• Test your 10-15 main pages with the URL Inspection at least once a month
• Set up Search Console alerts for newly detected security issues
• Audit new indexed URLs weekly via the coverage report
• Install a monitoring plugin like Wordfence or Sucuri that provides real-time alerts
• Systematically compare raw HTML and the rendered version to detect JavaScript cloaking
• Create a schedule for automated weekly checks with a headless crawler