With spammers getting better and better at exploiting sites for spam, sooner or later any site running with normal security may be exploited. If you're on shared hosting you may do everything to protect yourself just to experience that somebody else on the shared server had a hole they could exploit.

So what do we do to minimize the negative effect of being exploited ?

Off course monitoring and backups will make it easy to restore soon, but then google`s probably already been there and the damage is done and your hardworked PR gone or set back for a long period of time.

How about a security plugin that checks/scans for changes in the WP install/db, and not only notifies but also automatically locks Google out when something is compromised ?

http://www.aboutonlinetips.com/wordp...urity-plugins/

If the change was harmless, the webmaster could just accept the change and the plugin let robots in again.

Should be pretty easy to make since there are several plugins that notifies about changes, and all that must be added is a function to control settings for robots access.

Comments ? Do I oversimplify ?



John Myrstad

Great list of plugins.

A lot of basic security tips get overlooked as well. I wrote the guide below a while back:

http://www.hahahaimontheinternet.com...security-tips/

Premium WordPress Hosting

I had once thought about making a plugin that would hash all your files, store the hashes, then periodically check them and notify you about changes. I never got around to it, but somebody beat me to it:
http://wordpress.org/extend/plugins/...-file-monitor/

I have presented the idea to Matt Walters author of the File Monitor Plugin which found it interesting.

WP Firewall seems like a smart solution to intercept and prevent spam injection exploits. Wp Firewall also sends notices upon attacks so it should be possible to include a function to keep robots out in that plugin based on if the site is under attack or not, so I also emailed the seoegghead duo.

http://www.seoegghead.com/software/w...s-firewall.seo

You have misunderstood how PR works. Your PR is not affected by spam links on your page.

Personal blog | Twitter
Menu plugin | CSS Generator | Premium Support | New plugin: Code Comments

@Ryan: Then let in the injection exploiters on your site and watch your PR.

Google quality guidelines:

My PR would not alter at all. However my search rankings would plummet, so no thanks.

You are confusing PageRank with search engine rankings.


stymiee has some nice FAQ on SEO and it's relation to PageRank over at SitePoint ... http://www.sitepoint.com/forums/showthread.php?t=182915 and http://www.sitepoint.com/forums/showthread.php?t=356031

Personal blog | Twitter
Menu plugin | CSS Generator | Premium Support | New plugin: Code Comments

Just for the sake of an academic debate, but your PR will drop. You will get lots of outbound links which distributes your PR link-juice out of your site. That IS the incentive for blackhat SEO gaming like this.

These spam link injections are normally hidden for the webmaster/guest, they are not intended to be clicked, only to steal link-juice, your PR, as it just happened with Css Tricks.

Maybe I should named the idea PR/SERP protection, but the point is that I`m asking for feedback on the idea.

Since the initial post I have come to conclusion that the best method would be to have some kind of monitoring of attacks and file changes, which when the "alarm" goes, cuts of access to robots, notifies the webmaster, and runs a more thorough scan, and eventually lets robots in again if nothing found.

Why block bots at all? Wouldn't it make more sense to just email the administrator so they can go in and clear the problem?

I would have thought that blocking bots would lead to a reduction in rankings anyway since it looks like you don't want your site indexed at all.

Personal blog | Twitter
Menu plugin | CSS Generator | Premium Support | New plugin: Code Comments

Perhaps a system kinda like Akismet, but for your entire site would make sense?

So instead of sending comments back to the processing server, it would send links to your pages instead?

Personal blog | Twitter
Menu plugin | CSS Generator | Premium Support | New plugin: Code Comments