Improve Site Security and SEO with One Line of Code
by Scott AllenI was recently doing research in Google for a new WordPress plugin we are developing. I was greeted with page after page of results that read like this:
The Google results show that many sites have their directory contents being listed, and ranked. This tells me that many, many site owners are using default server settings and unwisely revealing the contents of their directories. It is extremely important to hide your directory contents for two reasons: Security and SEO.
The reason these results are showing up in Google is that these sites are using the default setting of most servers, which has Directory Indexes set to on. This means that if there is no index file (index.html, index.htm, index.php, default.htm, etc), the server will create a page that lists the contents of that directory so all the world can see it. You can click on items, sub-directories, etc., and completely cruise through a website, including potentially areas that site owners may wish to keep private. Many people don’t even realize that their sites are exposed like this.
How it Affects Security
A simple but effective truth in website security is, the less info hackers know about your site, the better. It’s important to limit how much information is revealed, because the more a hacker knows about your files and site structure, the better they can target an attack against your site.
How it Affects SEO
There are a couple ways that this affects the SEO of your site. When you have Directory Indexes on, a search engine spider can cruise right through your site, indexes anything in its path. This can hurt you because having extra pages indexed in the search engine that have no real value can bring down the rankings of other pages of your site. SEO experts have shown many times that having junk pages listed in Google hurts your rankings, and when these are removed from Google, the rankings of other pages on your site tend to go up. It also can be a reputation management nightmare if the wrong pages get indexed. You always want to be in control of what pages get indexed, and how. This leaves it up to random chance.
The Fix: One Line of Code in .Htaccess
The solution is to turn of Directory Indexes in your .htaccess file. (If you’re not familiar, .htaccess is a configuration file for Apache servers that goes in the public root folder of your website.)
If the following is not already in your .htaccess file, then insert it at the beginning:
Options All -Indexes
And, you’re done. Now if someone (or search engine bot, etc.) tries to view a directory that doesn’t have an index file, they won’t be able to see the contents. Wasn’t that easy?
Tags:
website security | botnets | WebGeek
If you enjoyed this post, make sure you subscribe to the RSS feed!
Related Posts:
About This Entry
You’re currently reading “Improve Site Security and SEO with One Line of Code,” an entry on WebGeek
- Published:
- 01.16.08 / 6pm
- Category:
- .htaccess, SEO, Website Security
- Related Posts:
- Suppress PHP Errors
- .Htaccess IP Banning - Block Bad Visitors
- Say No to Technorati’s Forced Upgrades - Bad Information Spreads Like Wildfire
- Examining Logs and Sharing Knowledge Can Help Expose Security Flaws
- PHP-Based User Authentication
- RSS Feeds:
- Subscribe to Blog
- Subscribe to Comments
- WordPress Plugins:
- WP-SpamFree: Blog Anti-Spam
- About Us:
- Hybrid6 Studios is a
web design and SEO firm
based in Los Angeles, CA.- Hybrid6 Studios is a
No comments
Jump to comment form | comments rss [?] | trackback uri [?]