Here is what to do if your WordPress site is being warned by Search Console of a large number of noindexes on non-existent WordPress search results pages.

Thousands or more noindex warnings on WordPress sites

Google Search Console is a website for site operators that informs you how Google’s search engine is processing your site’s pages and incoming search terms.

If you see thousands of pages with Indexing > Pages > Excluded by noindex tags and the URLs contain ? s=Chinese or other keywords that you don’t recognize in the URLs.

Noindex means that the page is not registered with any search engine.
If the page is not excluded by noindex and the page is registered with search engines and appears in Google search results, this is a more serious problem.

SEO hack to exploit the automatic generation of search result pages in WordPress

WordPress generates a search results page even when no search results exist, and displays the search query in the title and content of that page.

Example of a URL that generates a page even when no search results exist with ↓?s=.

https://Your wordpress site url/?s=HackersSEOKeywords

A type of hacking has recently been confirmed in which hackers exploit this specification to create non-existent search result pages with arbitrary keywords and register them with search engines for SEO gains.

No harm done if noindexed

Since noindex means that the page was not registered in the search results, there is no harm even if a large number of such fraudulent search result pages are alerted.

WordPress 5.7 and above automatically noindexes the search result pages of WordPress, so a large number of “Excluded by noindex tag” is displayed in the search console.

However, with lower versions of WordPress, the search engines may register the incorrect search result pages generated by WordPress, which may pollute Google’s search results and cause a drop in search traffic.

How to deal with the problem of invalid search result pages on WordPress being registered with search engines

This type of SEO hack can be accomplished even if the hacker has not necessarily hijacked WordPress, so it is not highly likely that WordPress has been malware-infected or tampered with.

However, we recommend that you run a malware test.
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

The following two measures are necessary to deal with the problem.

1. If there are no search results on WordPress, make sure to add a noindex tag to the page so that it will not be registered in the search engines.

2 Return a status code 404 so that the search engine can treat the non-existent search result page as a missing page.

These two settings can be configured from the security function of the above plugin.
In the Security tab of the plugin’s settings page, set the security level to High or higher, or click on the


In the advanced settings, check “noindex search results on WordPress if they do not exist.

Related Posts:

  1. Type of malware that hooks search results of site search in WordPress to search engines.
    We have been consulted about a new type of malware that hooks the search results of site searches in WordPress to search engines, and here is a case study of it....
  2. WordPress, dealing with spam indexing, where pages you don’t remember creating get caught in search results.
    We will explain how to deal with spam indexing, a common symptom of recent WordPress tampering, in which pages that you do not remember creating are caught in the search results....
  3. New SEO hack to register Chinese and product name wordpress search results in Google search results.
    We have identified a new method of SEO hack that registers WordPress search results in Chinese and product names in Google search results, and we will explain how to deal with it....
  4. WordPress tampering, large number of HTML files in a randomly named folder, hosted illegally
    This section describes a case in which a large number of HTML files are stored in a folder with a random name without permission, which is a type of malware (server tampering) that has been detected very frequently in recent years, and these files are then caught by search engines....
  5. WordPress, content from your site is replaced and displayed in search results.
    If your site’s Google search results show a large number of pages that you do not remember creating, it is possible that your site has been tampered with....
  6. WordPress Rarely, a redirect hack that sends the site to another site only from Google search results.
    This section describes a redirect hack that forces WordPress to go to a different rogue site only in rare cases (some patterns say only on smartphones) when jumping from search engine results, and explains how to deal with it....