Tag Archives: security

Google Delisted My Site – Now What?

Google delisted my site in December of 2008.  This was due to my site being in violation of the Google quality guidelines. As it turns out, my site had actually been cracked and hidden spammy links had been added a many of my pages.

Getting back into the Google index isn’t a quick thing to do.  It took almost a month before I showed up in the index again.  I did learn a few things along the way though and I’d like to share them with you.

Avoid getting delisted

The best advice I can give is to avoid getting delisted from Google.  Yeah, I know that’s pretty obvious but if you are trying to run a site to make money, getting delisted from Google can get you the coffin and all the nails required to seal it up. Getting delisted from Google sucks, especially if you are relying on organic searches to find your site. I watched my traffic from organic search drop by over 98% within hours of getting delisted.

Google Analytics graph showing how our visits were impacted by being delisted from Google

Here are a few things to help you avoid getting delisted:

  1. Monitor your site regularly
  2. Upgrade your CMS/Blog software as soon as an update/fix is available
  3. Use strong passwords and change them on a regular basis
  4. Monitor your site regularly

Yes, I said to monitor your site twice.  That was intentional and I’ll explain why.

Monitor your site regularly

If you’re not a full time blogger, you probably don’t login to your site on a daily basis.  Heck, if your like me and just blog for the helluvit, you’re lucky to login on a weekly or even monthly basis at times. It’s important to keep track of your site. One way to do this is with the Google Webmaster Tools. Once you register your site with the tools, you can see many useful things about your site.  The most important one in my opinion is What Googlebot sees. This provides you with a top 100 list of keywords that Googlebot has found on your site.

This is the one thing that I missed and what could have kept me from getting delisted.  Googlebot was seeing a bunch of strange terms on my site.  Words like popular drug names and related words.  I ignored those warnings signs as I couldn’t figure out where they were coming from so I assumed it was something Google had messed up.

If Googlebot sees something, it’s there.  You just need to look closer.

Google has a page My site’s been hacked, now what? that has a lot of different things to check on if you think your site has been hacked.

Upgrade Your Blog/CMS

Make sure you keep up to date on the latest version of your blog/CMS as older versions typically have exploitable security bugs.  This is what happened to me. I had been lax in upgrading to the latest version of WordPress because it was going to require me to change some minor functionality. In the end, the days and weeks I spent trying to recover my site and get back into the Google listings was much more time consuming than the 15 minutes or so it would have taken to upgrade.

Use strong passwords

I can’t stress this one enough. Having a simple password is just asking for trouble. Make sure that all users have strong passwords, especially any users with escalated privileges (like your admin account). There are numerous sites online that will generate a strong password for you. Also, tools like LastPass make it really easy to generate and use strong passwords.

Don’t forget to ensure your database also has a strong password. Lots of web hosting companies provide web based interfaces for your databases. If your database hasn’t been configured to only allow connections from specific IPs, anyone on the net can connect to it. The problem with this is a malicious person can take random guesses at your database host name and if you don’t have a secure password, they can guess their way into your database without even having to access it through your CMS.