Importance of server security and some other web technical aspects in SEO

Search engine optimization involves very different disciplines but everything starts with a website and its technical development, hosted in a server built upon specific hardware and software.

Needless to say that at the beginning of an SEO campaign there is big room for the most technical aspects and we must have them under control. Unexpected, very hard to think of it beforehand but a hacked server can ruin all your web ranking work of months.

If the house is not secured it is exposed to danger any time and consequences can be a nightmare. Even worst, it can be like yourself shooting your own foot if the error comes from your lack of attention to it.

Let's review what to watch out and the possible consequences as it is, for sure, under your competence as SEO consultant.

Server security

Ask yourself, who is the responsible of server maintenance and security updates where my site is hosted? Is there an action plan to keep its optimum status?

No matter if the web hosted service is outsourced or not, dedicated or shared, someone must be in charge of its security, so better asking to know the actual status and the policy or protocol to follow in case of danger to make sure it is not a critical first point.

Worth to mention, anyhow, that a big percentage of technical problems in a web site are not coming from server maintenance area but from bugs in the code of the site or bad maintenance.

Security in code

The job of script language at server (PHP, Java, ASPX, ColdFusion, Perl) is to assemble and send a web html page to user's browser. These languages evaluate the data received from forms, insert or retrieve information from data bases or parse files sent by  the user.

Usually script languages are robust enough, but the way we code the scripts can be a very unsafe opening doors to hackers that take the resources of your server in SEO-benefits for their clients.

If your site has been coded from scratch, or close to it, ask your service provider to determine how strong is the web that builds to you without paying a cent more. Secure code is a must not an extra. Maybe an external consultancy can be an option if not really convinced.

Webs based on Content Management Systems, for free or not, provided by third party can have security problems also. In Open Source world patches and new versions are published very fast but this requires from you to be aware of the software evolution.

Black hat techniques

Hard to imagine how many techniques can harm your rankings: malware, defacements, robots.txt and .htaccess hacks, parasite hosting, cloaked hacks, link injection, cloaked redirects… Most of them related to two basic ones: Cross-Site Scripting and SQL injection. Hacker can get access granted to your host account due to code bugs, and once is done disaster is served.

Obviously the more clever the hacker is the more transparent and invisible it will appear, so the problem easily becomes a terrible nightmare bringing down all your work and money invested in a good SEO campaign.

Specific actions

We have started by how anyone can damage your work in its own benefit, but we also have to be extremely cautious while doing maintenance or SEO actions related to web structure and code.

Sometimes there are three people involved: the online marketing agency and its SEO consultants, the client and its marketing department and the group of programmers managing the tech part. Fluid and good communication becomes essential especially between the SEO consultant and the project's technical manager.

The consultant not only advices and asks for changes to improve organic traffic, it is his responsibility to explain it crystal clear to programmers so negative consequences are avoided. On the other hand, the technical responsible must be aware of what every action involves to take care and not act otherwise.

A very typical case is a bad redirection job when getting parameters out in order to have friendly URLs. If this action is not delicately planned and executed, I can tell for sure how the things are going to happen.

Also, very simple human errors as weak user and password like "beta/beta" or "admin/admin are enough to heavily compromise security.

Consequences

Depending on the problem the result can vary from a sudden little fright to the complete disappearance from search engine result pages, 100% banned!

If the server remains stopped due to technical issues or maintenance is not usually a problem if the inactivity period doesn't last too much. Search engines know and understand that any server can fail from time to time so they do not considered it a serious thing. It is quite unusual that there is a downtime in the server and bot comes to index your site, unless your site supports a heavy traffic and fast content changing, as in online newspapers, but in these cases load balancing techniques are applied.

Hacked site effects can be more severe if there is Black Hat SEO or malware distribution behind it. Finding out and solving the problem can be a persistent pain in the ass, since hackers work very hard. Near to total lack of organic traffic, lost of general relevancy or complete deindexation of your site are clear evidences of these type of problems.

Defacements, if removed in hours, are not very important but your reputation as professional and the brand of the client can be seriously harmed especially if it is a well known brand.

Request for reconsideration to Google takes its time if penalization was severe. Once the problem is solved getting your rankings back can also take longer, so it is not only rankings but conversions the important ones as they represent sending money to garbage.

Recommendations

• Check your traffic regularly in search of strange trends changes (going down of course), server logs, strange files at your server you don't recognise, and important files like .htaccess or robots.txt.
• Check if the links pointing to your site at search result pages are truly pointing to them.
• Watch the status of the security of the server where the site is hosted.
• Be sure the service is 99,99% uptime and when the 0,01% possible case arrives you can react fast.
• Verify software updates for your site.
• When technical changes must be done plan them in calm, time before, and make sure everything is perfectly coordinated.