In yesterday’s webmaster hangout, the question was brought up about whether site owners need to disavow links from hacked sites.

If a website identified as hacked by google (such as example.com) shows as linking to a site in webmaster tools, do we need to/should we disavow it? Or is google automatically not counting this? If we need to, how can we identify them all? Thanks

Here was John Mueller’s response.

Essentially, if we find that the site is hacked in a way that it has injected links from a hacker, then we will probably ignore those links anyway, and otherwise, that can be a link like anything else, then possibly the hacked site think is just temporary.

So you definitely don’t need to go through all of your links and say oh this is hacked, this is okay, this is hacked, and disavow these individually.  That’s something you really don’t need to do.

But there are two different scenarios where one might get a link from a site Google has identified as hacked.  First, when the site randomly linked to you, perhaps as a result of your own site being hacked.  And second, if you already had a link on the site prior to the hack.

The first scenario, I would disavow links from hacked sites for two reasons.  First, odds that you would get an organic link from that site would be practically non-existent.  Second, I’d prefer not to leave it up to Google whether to discount a link or not, especially if I am doing a link audit and adding domains to a disavow anyway.  And unless you are dealing with a clean up that could hit the disavow limit, why not include it?

And if those links number in the thousands rather than just a handful?  Again, I would definitely want to disavow them rather than worry about whether or not Google is truly identifying them as hacked sites.

The second and trickier scenario is if you already have a quality, organic link from a site that has since been hacked.  There is the fear that Google could then see this as a low quality link as a result of the hack.  In this kind of scenario, I would be more likely to contact the site owner and alert them to the hack – especially has hackers are getting better at hiding their hack spam from site owners – and perhaps revisit it in a couple of months to re-evaluate.

Recently, I have also noticed a trend where site owners have been switching their sites over to static sites after being hacked, and in this scenario, I could see where site owners might accidentally include links, especially if they are to hacked sites that aren’t obviously spam links (ie. not links for Viagra etc).  So Google could see this as being cleaned up as far as the hack is concerned, yet links remain behind.

He was then asked specifically about sites hacked with malware.

I wouldn’t really worry about that.  In a case like that you are talking more about malware, and that’s something where even from our point of view it’s more of a temporary thing. It’s not that the site is kind of bad in the way that it is linking to your site, in the sense that this specific link from that site to your site is something that you placed there that is problematic, it’s essentially well that site got hacked and it got malware, or it didn’t get malware it got a different type of hack, and that’s not something I’d say you really have to worry about with regards to links to your site.

I think maybe links from your site, that might be something where you’d say well , I notice I’ve been linking to this one site a whole lot because it used to be a really fantastic site, but now it’s totally hacked and full of malware and maybe I will remove those links to that site.  That makes sense from a usability point of view, but that’s not even an issue where we’d say this is a search quality factor where we’d kind of judge your site based on the sites that you are linking to there.

So while Google implies that they are discounting links from hacked sites, it also depends on how proactive you want to be.  If you are already facing Penguin or a link related manual action, I would be much more inclined to disavow rather than hoping Google is discounting it.  But if there is nothing wrong with your current backlink profile aside from these hacked sites, it is fine to assume Google is discounting those links.

Here is the full video: