We’ve learned the hard way that if your site gets hit by a virus, the search engines will penalize you. On a few occasions recently, we’ve seen our clients websites hosted by major providers get hit and go down. We notice it when our SERP tracking tools alert us to drastic drops in search engine ranking positions.
If you’re a search marketer or webmaster concerned with organic search rankings, you need to take security seriously. This blog post explains the impact we’ve seen on a client’s SERP rankings and what we did to harden their website.
For privacy reasons, we won’t mention the name of the client or give their URL, but we can share the SERP positions. This graph is provided by AuthorityLabs, one of the SERP tracking tools we use.
As you can see, the blank space indicates the outage of the site. The chart also shows how after the site was restored, the SERP positions in all three of the major engines remained below their previous rankings.
Google’s SERPs still are not back to the top 30 postions.
The restored site was identical, and there was no significant difference in our link building immediately before or after the outage.
How To Protect Yourself From A Drop In SERP Rankings After A Website Outage
As they say, an ounce of prevention…
Since influencing the search engines is so laborious, the best protection from sagging SERPs is prophylactic. Keep your website up and running, and you’ll be safe.
Since this client was running WordPress, we will provide the steps we took to harden their site. Let it be known, though, that if a hacker wants to get into your site, there’s nothing you can do to fully prevent it. As our security advisor says, “There’s way more of the bad guys out there than us security guys. And in some cases, they’re much smarter.”
These steps are intended to “harden” WordPress, to make it less susceptible, but not impenetrable.
Security Checklist for WordPress
If you’re installing WordPress for the first time, use the Secure WordPress plugin, which helps with installation by removing extra information, otherwise, perform these tasks:
Correct file permissions (chmod 644 for files chmod 755 for folders)
Create an admin user with a name other than “Admin” and delete the default Admin user
Change all default passwords (to be complex (14+ characters, including letters, caps, numbers, and symbols)
Use SSH or SFTP, not FTP
Limit search engines – in robots.txt add Disallow: /wp-*
Don’t allow access to wp-admin and wp-includes folder (use .htaccess to prevent)
Disable indexing by adding Options -Indexes to .htaccess
Remove default users and create a new one
WP admin site should only be accessed by trusted ip (can be done in .htaccess)
Remove version from header.php (<meta name=”generator” content=”WordPress <?php bloginfo(‘version’); ?>” /> )
There are also several plugins that can help with closing these security loopholes. It’s best to install these one at a time, to see how they behave and to see if there’s any impact on your site.
If you’re installing a new instance of WordPress, start with WP Security Scan. If you’re working on an existing site, start with Secure WordPress, which will close many of the vulnerabilities listed above.
Note: We are not security experts and suggest you hire one to provide professional advice about your particular setup.
How Do I Get My Ranking Back If My Site Goes Down?
Many hosting providers keep thier own backups, but you need to check to see what their policies are for restoring your site. Some hosting providers don’t backup your site, or may only keep a week or so of backups, which won’t always help.
It’s important that you keep your own backups as well, just in case. Here’s the tools we use: