This aspect of our services borders on one aspect of search engine optimization. But, we focus our services on ensuring that the content in the WordPress websites that we manage does not create a security or performance issue. We begin by optimizing the robots.txt file to ensure that search engine crawlers are only accessing and indexing the areas of your site that you want publicly visible.
We then go a step further and configure settings at the server level to prevent some known bots and script from crawling your site or attempting certain exploits. This is very basic security but does stop a lot of “script kiddies” from using programs found in the dark corners of the internet. Because these scripts are always evolving, we take it upon ourselves to stay up to date on the most recent preventative measures required to block today’s scripts. We also configure the server settings to prevent access to certain directories and files that we know we absolutely do not want the public or search engines to access.
We install additional services to prevent your content from being easily scraped off your site. This feature is valuable for clients that have unique, knowledge-based content on their site. We help these clients by installing some scripts that make it harder for 3rd parties to copy and paste content from the site. Obviously, the words need to appear on the page for users and search engines alike. So, it’s not foolproof. Anyone with a keyboard can easily retype the content they see. And savvy user now how to copy and paste content regardless of these measures. But, it stops basic copying and pasting by your competition which we consider to be a type of security.
We also monitor your site for broken links and 404 errors. Broken links don’t affect security, but they do affect performance. We do this because we want to make sure that an update we deploy does not break any pages in the site. So, we install some simple scanning and monitoring tools that check to make sure there are no internal links that may be creating 404 errors by linking to pages that no longer exist. This helps improve the performance and user experience of the website. Since most developers and agencies do not monitor broken links fastidiously, it also falls on us to inform our clients when they are linking to a 3rd party webpage that no longer exists. This ensures that our clients sites are always working as intended with no hidden errors or issues buried deep in the site that go unreported for extended periods of time.
Spammers like to try to insert links or unauthorized links and content into comment fields in websites. It’s a classic spammer technique that is actually more of a nuisance than an actual security issue. But, a lot of unmanaged spam in comment fields is an indication to users and to search engines that website is low quality. We prefer to disable WordPress comments and encourage companies to carry-on conversations with their target-audience in social media. The exception might be for companies that have an active blog with an audience that is discussing certain content. For these clients we properly configure the comments engine in WordPress. We use 3rd party services to help quarantine spam comments automatically. Finally, we ensure our clients have someone internally who can review and approve legitimate comments prior to publishing them on the site.