Tuesday, July 28th, 2015...4:50 pm
The Hard Choice Between Security and Google Rankings
If you’re a site owner running a WordPress site with a Google
Webmaster Tools Search Console account attached to it, or an SEO taking care of one or a few sites like this, you’re sure to have been spammed by received a message like this from Google recently:
Now, you may have not touched anything server side recently and if that’s the case you may be wondering what happened and why. Have you been hacked????
Thankfully, not – quite the opposite. WordPress has just released a security update to patch a serious vulnerability:
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site.
So you’re left with a choice between site security and potential rankings drop… What should you do?
Before you make a decision, here are a few facts:
- WordPress is an extremely popular CMS used by millions of sites;
- As such, it often becomes a target of hackers – after all, it’s better ROI to find a vulnerability that’s common to millions of sites than something unique to a few sites only;
- Only in the last 7 days, 7 vulnerabilities affecting either core WordPress or its plugins have been made public knowledge – how many more exist that are not widely known of is anyone’s guess;
- If your site gets hacked, you’re pretty much on your own – Google makes it your responsibility to clean it up:
Engage in good practices like the following:
– Monitoring your site for hacking and removing hacked content as soon as it appears
– Preventing and removing user-generated spam on your site
- Has Google been doing anything helpful about the hacking issue? Why sure, as of February they have been “slowly rolling out a new hacked page classifier” only it’s full of issues and can misclassify your site any time and then it’s up to you to report it and spend your time trying to sort it out;
- A hacked site can not only affect your rankings negatively and disrupt traffic to your site, it may destroy your business regardless of the source of traffic and make you lose even your already existing customers.
With all that in mind, feel free to sort out your priorities. Is it your own/your client’s business – or is it the business of a cheeky search engine failing to find safe, effective and mutually suitable solutions to ITS business’ problems but rather scaring everyone into compliance instead?
If any open-minded enough Google engineer happens to read this post, here is my suggestion to you. Step out of your ivory tower and into the real world. Think about how your decisions affect people’s businesses and lives. Think about the choice between security and traffic you are forcing them to make. That’s really inefficient and steps like this will eventually lead to the demise of your search engine.