 |
 |
 |
|
09.16.09 SEO And Wordpress Security  By
Michael Gray In recent weeks wordpress security, or more correctly the lack of wordpress security has been getting a lot of attention. While most people consider this a site maintenance issue, it has implications that affect your SEO efforts, in this post I'll explain why, and look at some things you can do to protect yourself, and reduce the damage. From a security standpoint wordpress has always been a piece of swiss cheese, with lots of security holes in it. As wordpress grows in popularity it's attracting the attention of hackers at an alarming level. In June of 2009 wordpress released version 2.8.0, four months later we're at wordpress 2.8.4, that's four interim security related updates in four months. While wordpress has always been very quick to issue patches, they have done very little to prevent any of these hacks from happening in the first place. In this author's opinion this represents nothing less than gross incompetence on wordpress's part. Even more tragic is that this is a top down failure on the part of the entire wordpress development team, and isn't likely to change anytime soon, so it's imperative you understand the problem and all of it's implications. From a pure SEO perspective, the optimal wordpress setup is to use wordpress as a subfolder in the main site (http://example.com/blog), as this allows you to consolidate any inbound link equity into your main domain, increasing your overall trust and authority scores. From a security standpoint this is the most dangerous as many publishers will use the same database for wordpress as they do for their main domain customer, product, and transaction records. If login or access to the admin panel is comprimised, the hacker has access to all of your data. All they need to do is install the PHP MyAdmin plugin and they have full access to your database records to copy, modify, or delete at will, scary I know. Depending on the level of the compromise the hacker may also have access to your file system, to copy, modify or delete your entire website, even more scary.
The slightly suboptimal SEO implementation, consists of placing wordpress on a subdomain (http://blog.example.com) . The link equity is still shared with the main domain, but it's not as effective as a subfolder is. From a security standpoint you can isolate your subdomain more effectively than a subfolder. The truly paranoid can even have the subdomain and database on a completely different server or hosting company by changing an A-Name record. With this type of implementation you've traded a lot of link equity for a lot of increased security. The complete security zealots can go with a blog on a completely different domain (http://exampleblog.com) with almost zero chance of a wordpress hack influencing or compromising your main database or website. However this implementation is only useful in very few SEO situations. With this setup you have sacrificed almost all of the SEO value in the name of security. Is it is possible to retain the SEO value, without completely sacrificing security, here are my tips on how to do it. Backups: Ok technically backups aren't part of security, but if something does go wrong, backup are your safety net. I use wp-DB-backups, to send a backup of all of my important database tables to an email account every night. This way I can roll back to whatever day I want. At the end of every month I archive the backups from the 1st and the 15th and delete the rest. Continue reading this article. About the Author: Michael Gray is SEO specialist and publishes a Search Engine Industry blog at www.Wolf-Howl.com. He has over 10 years experience in website development and internet marketing, helping both small and large companies increase their search engine visibility, traffic, and sales. Michael is a current member of Internet Marketing of New York ( IM-NY.org) and a guest speaker on Webmaster Radio. He is also an editor for the popular search engine new website Threadwatch.org. |
|
| ||||
-- EnterpriseSecurityNews is an iEntry, Inc. publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 2009 iEntry, Inc. All Rights Reserved Privacy Policy Legal archives | advertising info | news headlines | free newsletters | comments/feedback | submit article |
