Keep SEO Intact: 3 Keys to Maintaining Site Security
AP Twitter Hack Calls to Mind Site Security
Less than a week ago, the tweet heard ’round the world alarmed The Associated Press’ nearly 2 million followers when the news agency’s official Twitter account announced White House explosions and an injured President. The tweet was a fake, the result of a hack allegedly perpetrated by the Syrian Electronic Army, and served as a stern reminder that anyone, anywhere can be hacked at any time.
The work you’ve put into optimizing a site is all for naught if a black hat compromises your site security and derails the traffic you’ve fought for.
In terms of SEO, a common damage a hacker can do is inject code into your site in order to steal traffic or even to harm your site. Such black hat practices often result in your own site losing ranking or earning malware warnings which will certainly dissuade potential visitors from proceeding to your site.
“You need to be really, really careful,” says Bruce. “Hackers can install bad links onto your site that no one can see. But the search engines will see the bad links and the (unwitting) site owner could be penalized.”
When a hacker installs bad links on a site, he does so in an effort to make money by stealing your traffic. “For many cyber criminals, the motivation (to hack) is financial,” Google Programming Tech Lead Maile Ohye explains in the “Helped for Hacked Websites” video from Google Webmaster Help.
1. Keep SEO Intact Through Vigilance
“Pay a lot of attention to your website to see if it’s behaving in strange and wondrous ways,” says Bruce. “If you really want to analyze SEO, you have to consider redirects or hidden links.”
That means you have to regularly check your website for breaches of site security. “If you own a website, you are ultimately the person responsible for the integrity of that website and you have an obligation to periodically check against intruders,” explains Bruce.
2. Be Aware of Vulnerabilities
Bruce Clay has seen a lot of sites be compromised through plugins.
“In WordPress, you can install modifications,” Bruce says. “When you install modifications on WordPress, WordPress keeps track of them and automatically looks for updates. However, some of the modifications in turn use other modifications and those secondary modifications don’t make it into WordPress’ automatic update list.”
Site owners, therefore, need to stay on top of secondary updates. By keeping plugins up-to-date, any known security holes you may have will be patched, and therefore, your site is protected (for the time being, at least; hackers will always be on the lookout for a fresh vulnerability).
3. Touch Base with Webmaster Tools
Within the ever-helpful Google Webmaster Tools, site owners can verify ownership of their sites and manage who is authorized to modify their sites. Here, site owners can also monitor their sites’ settings to make sure no unwanted changes have been made. For example:
“In the Webmaster Tools side navigation, select Configuration, then Settings to check for possible undesirable changes by the hacker such as a lower Crawl rate (perhaps with the goal to avoid search engine spiders). Also, check that nothing unusual is listed in the section Optimization > Remove URLs or Configuration > Change of Address.”
— “Help for Hacked Sites,” Google Webmaster Tools
Actively studying your site for “strange and wondrous behavior,” keeping your plugins up-to-date and taking advantage of Google Webmaster Tools are three key strategies to ensure your site is secure!
Have more tips on keeping your site secure? Share them in the comments!
5 Replies to “Keep SEO Intact: 3 Keys to Maintaining Site Security”
Great points, Kristi. As great as WordPress is, site owners have to be on the lookout for security issues. And as you mentioned, using Google Webmaster Tools is a great and easy way to do that. A “small” security breach could undo much of the work that you’ve put into a site.
Google Webmaster Tools is great to get an inside look at your site. Keep tabs on it on a regular basis and keep an eye out for any strange activity. If you see a significant change in traffic Webmaster Tools should be the first place to look.
This is the first I’ve heard of the AP Twitter hacking.
My brother has been having troubles with his wordpress sites getting hacked. In one of the times it was a plugin that had a security loophole, and the other it was because the server had a problem from someone elses site being hacked. I suppose that is one of the downsides of shared hosting.
Definitely critical factor, not just because of SEO, but because website usability and security of visitors. Often custom CMS based websites become the first target of attacks and I personally think that using some of the most popular open source CMS are better choice in terms of security compared to custom created.
Practicing site security is always good practice, I just never looked at it from an SEO point of view before. Very helpful, thanks!