Good Security: An SEO Strategy
I have been working in, and writing about, web site security for some time now and I never really made the connection between good security and search engine optimizations until just recently. On accident, I had left the term “Security” behind when searching for “SEO”. Kind of like the mythical way Reese’s Peanut Butter Cups were invented.
Most of the results centered on SEO for security companies, however there were quite a few that offered some interesting insight into how a well planned SEO campaign needs to rely on the security of the website to keep the ranking that the site had earned.
CenterNetworks – A case study
In May of 2009, CenterNetworks migrated from Drupal to WordPress to deliver content to their readers. In the process, vulnerability was exploited on many of their sites. The result had serious effects on their hard-earned ranking with Google:
“This other site apparently lost most of its “Google Juice” which resulted in a major reduction in organic search site traffic. At the lowest point, nearly 70% of Google-referral traffic to the site in question was lost. …slowly the Google Juice has been restored and we are back to normal traffic today.”
Also referencing the tale of CenterNetworks is the eConsultancy blog. In a post by Patrico Robles, a few tips for protecting your website were provided. From a security standpoint, it is nice to see someone else recognize some of the steps that should be taken to protect a website from attack. However, the advice given in this post didn’t quite go far enough.
The following best practices should be considered whenever you are planning an SEO campaign:
Know the vulnerabilities facing your software
If you are using WordPress, keep up with the different exploits found the software and how you can patch them. The same goes for any other software you are using to deliver content, MediaWiki, Joomla!, Drupal and the others. They all have vulnerabilities that need to be patched, and ones that need to still be found.
Know the third-party add-ons you are installing
There are thousands of people developing plug-ins for WordPress, extensions for MediaWiki and components for Joomla!. Installing one of these to your site could open a whole new world of exploits unknown to the rest of the community. Make sure that when you do find the perfect add-on for your site, you research that developer and their work. Make sure that there are no known vulnerabilities that have been ignored and that the developer is constantly releasing updates to fix any issues that may come up.
Keep up with updates
If your software and any third-party extras (plug-ins, components, modules, themes, skins, extensions, etc.) are not up to date, your site is at risk. Period.
Keep your databases separate
While there are ways to run the database that powers your social media site with other databases, this is never a good practice. Isolate your data as much as possible. This way, if an attacker gets into your blog’s database, your customer information has a better chance of staying safe.
Backup regularly
Regular backups protect your SEO campaign’s most valuable commodity – your content. If you are aware of an attack against your site, or an instance of vandalism, a backup will allow you to bring your site back to normal rather quickly. Make sure you test your backups at regular intervals as well. Nothing could be worse than turning to your backups after a disaster only to find that they weren’t properly set.
Control access
Don’t grant administrative permissions to anyone who doesn’t need them. Even if it seems like doing so will make your life easier. This goes for author and editor accounts as well. You can even go so far as to grant admin panel access by IP address if you want through htaccess.
Monitor your site
Many third-party developers have published change detection tools for your site. These are good if they alert you via email or SMS to a change that has taken place on your site. Of course, nothing beats a good set of eyes. Take time to review your site, especially ones that have received a recent amount of activity.
Watch for XSS vulnerabilities
According to WhiteHat security, cross-site scripting (XSS) vulnerabilities are still the number one exploit found on websites. It is estimated that 66 percent of all websites found to have vulnerabilities. In case you’re wondering, WhiteHat found that 83 percent of all websites have at least one vulnerability.
