March 17, 2015 by Pam Aungst Leave a Comment

Security Flaw in Major WordPress Plugin, + More in This Week’s Latest SEO News

This week we learned about some potential issues Google is having with crawling HTTPS sites, an important update has been made to Webmaster Tools, and a security flaw was found (and quickly patched) in an industry leading WordPress plugin.

More details on each of these top stories in this week’s SEO news roundup.

Latest SEO News – Week Ending 3/13/2015

WordPress Plugin Scare

This past week a critical security flaw was found in popular WordPress plugin SEO by Yoast. This could have been quite troublesome, if not for the fact that it was immediately resolved thanks to the quick reaction time by Yoast.

The only reason we’re even mentioning it is to clear the air about any confusions that may have been caused if you read any part of the story this past week. When the news initially broke, it was up to each individual site owner to ensure the plugin was updated in order to fix the problem.

However, the issue was found to be so widespread (in the tens of millions of users), that WordPress pushed out a forced automatic update of the SEO by Yoast plugin to all sites that have it installed.

What that means is, you no longer have to do anything because everything has been fixed for you. But this does draw attention to just how important it is to keep WordPress plugins updated for the sake of your site’s security.

If you’d like to ensure that all plugin updates are performed automatically, you can specify that in your settings. Just go to the following menus on the left sidebar: Manage > Plugins & Themes > Auto Updates — then make sure auto updates are turned on.

You’ll also want to make sure that you have an automatic backup solution in place, as that is equally as important! There are many popular backup plugins for WordPress to choose from. Just make sure you use a popular, well-reviewed one.

Tell Google About Your HTTPS URLs

If at any point during your site’s history you migrated from a regular connection (HTTP) to a secure connection (HTTPS), you’re going to have to tell Google where to find all your new HTTPS URLs in order for them to be crawled.

According to Google, over 80% of HTTPS URLs that are eligible for indexing are not being indexed because the search giant isn’t aware of them.

To illustrate how large a problem this is becoming, Google Webmaster Trends Analyst, Garry Illyes, posted on Google+ this past week saying: “please tell search engines about your HTTPS URLs!”

What’s the big deal with HTTPS anyway? In August of last year, Google announced it would grant a slight ranking boost to HTTPS URLs, and since then site owners have been migrating their sites to more secure connections.

The problem is that your HTTP URLs will not redirect to HTTPS until Google is notified about them. Instead, what most site owners are doing is migrating to HTTPS and still using the HTTP URLs in sitemap files, and in the rel=canonical elements. HTTPS URLS have to be used everywhere your HTTP URLs are present so Google knows how to find and index them.

Google Webmaster Tools Shows Blocked Site Resources

Do you know what your site looks like through Googlebot’s eyes? You may think it looks just like it does to anyone else, but Google may be getting an entirely different picture of your site that you didn’t intend.

Sometimes things like images, CSS, and JavaScript are being blocked, which means they display perfectly fine on your site but Googlebot can’t crawl them. Blocked resources can become problematic if not resolved, because ideally you want Googlebot to get a picture perfect view of your site as it’s seen by other human visitors.

Google Webmaster Tools will now notify you when it detects blocked resources on your site, and provide you when the necessary steps to fix the problem. If you wanted to manually check when your site looks like to Google, you can always run it through the Fetch and Render tool.

Wrapping It Up

A WordPress security scare reminded us all about the importance of keeping our plugins updated, we were emphatically reminded that HTTPS URLs need to be pointed out to Google, and Webmaster Tools has become even more useful to site owners.

If you had any questions or concerns about this past week’s developments, please let me know in the comments section and I’ll be sure to respond.

Author
Recent Posts

Pam Aungst

President & Chief Web Traffic Controller at Pam Ann Marketing

Pam Ann Aungst, M.B.A., President of Pam Ann Marketing, LLC, is widely recognized as an expert in search engine optimization (SEO). A self-proclaimed “geek”, Pam began studying computer programming at 6 years old, started creating websites in 1997 and has been working professionally in the field of e-commerce since 2005. Referred to by Sprout Social as a “Twitter Success Story,” she harnessed the power of social media to launch her own agency in 2011. Pam has been interviewed by publications such as Internet Retailer magazine, regularly publishes articles in top internet marketing news sources, and speaks on topics such as SEO and social media. Click here to read her full bio.

Latest posts by Pam Aungst (see all)

16 Tips for Forensic SEO Audit Success [Checklist] - September 16, 2019
Is Your Web Developer Spoofing Your PageSpeed Insights Score? - November 29, 2018
A Walkthrough (and Critique) of the New URL Inspection Tool in Search Console - June 26, 2018

Share This!

Not Happy with Your SEO or PPC Company?

If you’re considering replacing your current SEO, PPC, or SEM company, we would be happy to perform an objective audit of your site and/or campaigns so that you can see if you’re making the right decision.

Click to read more about our white-hat SEO services.

We also specialize in Google Ads, Social Media Advertising, and Google Analytics services and coaching.

Get Cleared for Take Off!

Contact us today to discuss your unique SEO & PPC needs. We also offer SEO, PPC, and Google Analytics coaching and training, if you wish to run your traffic-driving efforts in-house.

Contact Us!