Whether the tools of script kiddies or more advanced hackers; a breach in security can result in a website being flagged as badware by Google. This wouldn’t affect a mom and pop personal website to a major degree but would surely carry a negative view for a site which purports to be somewhat professional in nature.
Supposing one was to sell hosting, scripts themselves or security even; then it would look particularly bad for a customer or client to stumble upon a search engine result page which won’t bring them to their site but rather to a page which suggests that they should pick another result…Disaster!
Of course in real terms, its not a disaster but perception can be everything.
Following are some guidelines which may be helpful.
If you don’t already have a Google webmaster account, then sign up. Ensure too that your account email address is kept functional rather than forgotten.
If using a content management system for publishing, ensure also that heed is paid to the security aspects associated with that particular CMS. Its not enough to publish and forget!
As a matter of good practice, be sure to chmod files and directories with as tight permissions as possible without upsetting the functionality of the site.
Passwords can be a pain, but are so called, for a reason. Make these difficult to crack.
Sometimes, it can be enough to view the source code of a webpage, to find hidden and malicious code. Seeing iframes where they don’t belong is a give away.
Patrol files on your server to see if anything is there which shouldn’t be there. Remove such files once you determine that you or your host are not the instigators. Sometimes, new files are created to quickly help a hacker to quickly find re-entry information such as database names and passwords.
While it is good practice to become familiar with all files and directories of a given cms, some will not be competent to this level. If this is the case, then the total clearance or deletion of all server files and folders may be the quickest option. Once done, known and safe backup copies can be quickly uploaded. Likewise for the database, where undesirable code may be inserted.
While one might feel popular by having hundreds or thousands of users; not everyone is your friend. Limit the ways which your users can manipulate your database, usually by limiting their webform input. If you don’t know how, then ask someone trustworthy.
Get the latest possible update to your software. As well as increased functionality, updates are for plugging security vulnerabilities as they arise.
A reliable host is a great line of defense as well, as some of the better ones will monitor activity on their servers and can spot nastiness. Most of the time though, responsibility is yours. In the western world at least, there are choices of where to shop and set up your stall.
Finally, Google does not appear to punish publishers harshly and tend to help actually. For an established domain, they seem to have a good idea that such hacks are not the intention of good people. If hacked, join the forum at stopbadware.org where these great volunteers may help you to clean out your cupboard.
One thing for sure is that it is difficult enough to get into the serps in the first place. When that is done, you don’t want anyone to find a page which might suggest that your site and all indexed pages of it; are not exactly fit for public consumption. Worse again, would be complaints to you that the innocent surfer suffered personal computer damage and associated malware, by simply visiting your website. What good then, is an S.E.O.?