We've welcomed another special guest into the Distilled studios this week as Will Critchlow is joined by Julia Logan (you might know her better as Irish Wonder) to talk you through what she knows best - site security particularly as it relates to SEO.
Tune into the video below as Julia shares the best actions to take for integrating security audits into your SEO strategies. You can read the full transcript just below.
What are you doing in terms of SEO security for your site and how you can work to avoid these vulnerabilities in the long term? We'd love to hear from you, dear reader, in the thoughts below or alternatively you can send a tweet across to Julia.
Don't forget you can stream even more awesome video content like this over on the YouTube channel where you'll find all of the latest DistilledLive videos; fill your boots.
Do you want to tell us first off, Julia, what is it you mean when you talk about security from an SEO your perspective?
Julia: Well, SEO security audits is what every website owner should really be starting with, maybe even before they start a site, or if they have an existing site, before developing an SEO strategy, whatever, before wasting any resources on something that's going to be vulnerable later on. SEO security audits is something that helps you make sure that you do not have any vulnerabilities from the point of view of IT security when it comes to the platform that you're using, your site, your server, duplicate content issues, other SEO-related vulnerabilities, un-indexable content that you would like to be indexable, indexable content that you wouldn't like to be indexable, and so on.
Will: Let's look first at the platform level security.
Will: So you mentioned that the platform you use, the server you use, any of those things could be potentially vulnerable.
Will: How are those then exploited by bad actors?
Julia: Since it still takes links to rank a site, especially in the more competitive industries, it's all about the volumes, sheer volumes of links because nobody's talking about the quality of links there really. So the webmasters targeting those niches are after any methods that would have them acquire those links, hacking included. But sometimes it doesn't take as much as hacking, but it's just exploiting the system features of certain platforms, like indexable search and so on, and so on that could be used to the benefit of the sites looking to gain links and exposure.
Will: And that's probably a key difference here between what you're talking about and what you might get from a security professional.
Will: So if you just did a pure security audit, I guess that would pick up exploits that allowed somebody to own your server or those kinds of things.
Will: But might not pick up you can drop a link into an indexable search page for example.
Julia: Yeah. Well, basically, SEO security audits is kind of wider than IT security audits, and it's still wider than just link security or rather link profile audits that everybody keeps talking about these days.
Will: Because a lot of those, I mean, certainly we've come across it. Somebody gets a link warning through webmaster tools.
Julia: Right. And then they rush off to run a link audit. That's too late to run a link audit. Actually, a link audit should be part of an SEO security audit and should be run way before you get any warnings.
Will: Right. Absolutely. And the same on the hacking side of things, I guess.
Will: You know, you see . . .
Julia: You should be reviewing your site for vulnerabilities before you get hacked, because after you get hacked, it's kind of too late, and it can cost you your site and your traffic and your business.
Will: Absolutely. And so this, obviously, a very technical error and something that really needs a professional, I think, to get the full depth on.
Will: But we're talking about how can somebody get started? How can people work out what kind of level of vulnerability they have and where they should focus their attention?
Julia: Basically, there is a list that I have developed.
Will: So we're going to show that on screen.
Julia: Yes. Yeah, that lists some basic onsite factors, offsite factors, and a few other things that any average person can start with. But it's like this whole story with link audits that anybody who hasn't seen more than a few links in their whole life thinks they're qualified enough to actually run a link audit. That's total bullshit. I'm sorry. But SEO security audits actually require a little more knowledge than that. So it's really better, if you suspect that you have some sort of vulnerability that you might not be able to uncover yourself because you don't have sufficient experience in any of the spheres involved in this sort of an analysis, you're better off consulting a professional.
Will: Sure. Well, it's a fascinating area. I mean, I think, the intersection of the technical side of things.
Will: And the, I guess, in some sense it's the kind of twisted creativity that goes into people exploiting that stuff.
Julia: Totally, totally. Sometimes you're looking at a site, and it would be looking just fine from the point of view of your basic list, like the one that I would be showing. But you just sense. It's purely intuition thing because you've dealt with certain things before. You look at the site and you think, "Okay. If I wanted to exploit that site, this is what I would be doing." And then you check your theory, and it suddenly works, you know.
Julia: So that is vulnerability that you wouldn't have discovered unless you had that previous experience of . . . well, basically this mindset.
Julia: You know, of somebody likely to exploit that.
Will: And so what we'll do, as well, I think is we'll link to some other resources that you have suggestions for.
Will: Things that people can check for. For example, there are security distribution lists. I think it's really very sensible
Will: If you're running WordPress, you should be on the . . .
Will: . . . security announcements and hear about the need to upgrade as soon as possible. Are there any other places that if people are really interested in learning more about this, so maybe somebody has a background in one side of it or the other, and they'd love to discover more, where's the state of the art being discussed? Where should somebody turn to learn more?
Julia: There is a couple of places that I have found, and I'll give you the links for those.
Julia: That list recently discovered, obviously, not just recently discovered, but one of those places has an actual database going back years and years and years. Also it's vulnerabilities pertaining to different platforms that have been in use.
Julia: So that would be a nice place to dig into if somebody really wants to get their feet wet about all those vulnerabilities and make sure everything is covered on their own sites.
Will: Great stuff.
Julia: Or basically just get into that mindset.
Will: Yeah. And, I guess, testing it out in your own sandbox . . .
Will: . . . is probably, ultimately, a big part of that. But, anyway, thank you very much. Hope that helps somebody out and keeps somebody's site safe from attackers.