Webmaster Central Blog
Official news on crawling and indexing sites for the Google index
Quick security checklist for webmasters
Tuesday, September 18, 2007
Written by Nathan Johns, Search Quality Team
In recent months, there's been a noticeable increase in the number of compromised websites around the web. One explanation is that people are resorting to hacking sites in order to distribute malware or attempt to spam search results. Regardless of the reason, it's a great time for all of us to review helpful webmaster security tips.
Obligatory disclaimer
: While we've collected tips and pointers below, and we encourage webmasters to "please try the following at home," this is by no means an exhaustive list for your website's security. We hope it's useful, but we recommend that you conduct more thorough research as well.
Check your server configuration.
Apache has some
security configuration tips
on their site and Microsoft has some
tech center resources for IIS
on theirs. Some of these tips include information on directory permissions, server side includes, authentication and encryption.
Stay up-to-date with the latest software updates and patches.
A common pitfall for many webmasters is to install a forum or blog on their website and then forget about it. Much like taking your car in for a tune-up, it's important to make sure you have all the latest updates for any software program you have installed. Need some tips? Blogger Mark Blair has a few
good ones
, including making a list of all the software and plug-ins used for your website and keeping track of the version numbers and updates. He also suggests taking advantage of any feeds their websites may provide.
Regularly keep an eye on your log files.
Making this a habit has many great benefits, one of which is added security. You might be surprised with what you find.
Check your site for common vulnerabilities.
Avoid having directories with open permissions. This is almost like leaving the front door to your home wide open, with a door mat that reads "Come on in and help yourself!" Also check for any
XSS
(cross-site scripting) and
SQL injection
vulnerabilities. Finally, choose good passwords. The Gmail support center has some good
guidelines
to follow, which can be helpful for choosing passwords in general.
Be wary of third-party content providers.
If you're considering installing an application provided by a third party, such as a widget, counter, ad network, or webstat service, be sure to exercise due diligence. While there are lots of great third-party content on the web, it's also possible for providers to use these applications to push exploits, such as dangerous scripts, towards your visitors. Make sure the application is created by a reputable source. Do they have a legitimate website with support and contact information? Have other webmasters used the service?
Try a Google site: search to see what's indexed.
This may seem a bit obvious, but it's commonly overlooked. It's always a good idea to do a sanity check and make sure things look normal. If you're not already familiar with the site: search operator, it's a way for you to restrict your search to a specific site. For example, the search
site:googleblog.blogspot.com
will only return results from the Official Google Blog.
Use Google's
Webmaster Tools
.
They're free, and include all kinds of good stuff like a site status wizard and tools for managing how Googlebot crawls your site. Another nice feature is that if Google believes your site has been hacked to host malware, our
webmaster console will show more detailed information
, such as a sample of harmful URLs. Once you think the malware is removed, you then can request a reevaluation through Webmaster Tools.
Use secure protocols.
SSH and SFTP should be used for data transfer, rather than plain text protocols such as telnet or FTP. SSH and SFTP use encryption and are much safer. For this and many other useful tips, check out StopBadware.org's
Tips for Cleaning and Securing Your Website
.
Read the
Google Online Security Blog
.
Here's some great content about online security and safety with pointers to lots of useful resources. It's a good one to add to your Google Reader feeds. :)
Contact your hosting company for support.
Most hosting companies have helpful and responsive support groups. If you think something may be wrong, or you simply want to make sure you're in the know, visit their website or give 'em a call.
We hope you find these tips helpful. If you have some of your own tips you'd like to share, feel free to leave a comment below or start a discussion in the
Google Webmaster Help
group. Practice safe webmastering!
Hey! Rankings in mobile search results changed
April 21st, 2015
.
Check here if your site is mobile-friendly.
Labels
accessibility
10
advanced
193
AMP
2
API
2
apps
6
autocomplete
2
beginner
171
crawling and indexing
141
encryption
1
events
44
feedback and communication
74
general tips
81
geotargeting
1
Google+
1
hacked sites
8
hreflang
3
https
2
images
6
intermediate
204
interstitials
1
localization
21
malware
3
mobile
41
mobile-friendly
5
performance
11
products and services
57
search console
9
search queries
4
search results
105
security
5
sitemaps
43
structured data
11
TLDs
1
url removals
1
UX
1
verification
7
video
1
webmaster community
5
webmaster guidelines
44
webmaster tools
159
Archive
2016
Aug
Jun
May
Apr
Mar
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2007
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2006
Dec
Nov
Oct
Sep
Aug
Feed
Google
on
Follow @googlewmc
Give us feedback in our
Product Forums
.
Subscribe via email
Enter your email address:
Delivered by
FeedBurner
Hey! Rankings in mobile search results changed April 21st, 2015.
