A member of Google’s Search Quality team, Duy Nguyen, was interviewed on Google’s Search Off the Record podcast where he described the most problematic kind of spam facing the Internet today.
[00:13:05] John Mueller:
“Yeah. So what kind of things do you still find problematic on the web? Like where does our impact come to its limits or… I don’t know how to frame it.
[00:13:16] Duy Nguyen:
“I would say hack spam is still a problem for the ecosystem. Many sites still run on older versions of CMS or they use outdated plug-ins or templates.
If you think about it… Well, personally, I don’t know anyone that still runs Windows Vista.
And if you have friends that still run Windows Vista, you’d probably judge them, right? So can we do that as the web ecosystem if people still run really outdated CMS? Can we help them to get on a version that is extremely more secure?
A lot of the hack spam that took place today is barely any hacking. A lot of the tools and scripts that people discover like five, six years ago sometimes is still being used today to exploit websites, especially like older websites.
I think at the very least, we should make it a lot more difficult for these spammers to hack into sites and spread spammy or malware content.
Because when users visit your website, like if they visit Martin’s tech blog, they don’t expect to walk away with ransomware or malware.
I think we have enough resources and cooperation in the ecosystem to make that happen. I really look forward to that.”
[00:14:31] John Mueller:
“…there are a lot of small companies that just have their site running like that where it’s like, “Oh, people can’t find my phone number and that’s good enough.”
And they don’t realize that they’re potentially causing a problem for the bigger web just by keeping things running on something that is essentially outdated.”
[00:15:22] Duy Nguyen:
“I would also say that the very least they can do in those situations is to sign up for Search Console. Because then they would have more data where they would realize that, oh, yeah, running this very old version of CMS really hinders the site’s potential.”
Maybe it’s just a whole lot slower if you have a bunch of improvements that Search Console say you should do, it’s just extremely difficult. So now, suddenly they realize there’s a
lot more incentive to keep the sites up to date.
And obviously, if you’re signed up with Search Console, we find hack or any problems, we would notify you immediately. Now we’re pretty fast and we’re pretty effective at
detecting hacks, so, yeah, that’s the least you can do.
And hopefully by signing up for Search Console, you’ll find more incentives to keep your sites up to date, do all these improvements that, in the end, would benefit users a lot.”
John Mueller Suggests Not Using a CMS
Google’s John Mueller suggested that for some sites where content isn’t updated it might be better to have a static HTML site and not use a CMS (like WordPress).
He then asked if a hosted solution outside of a CMS might be a good way to have an up to date site that is resistant to hackers.
Duy Nguyen answered:
[00:18:38] Duy Nguyen:
“Yeah, I think that would be a good solution.
Actually, we just published a number that in 2020, we sent over 140 million messages to site owners in the Search Console. That’s a lot more messages than previous years, right. And the bulk of that was from sites that were coming onto Search Console for the first time.
So a lot of businesses, because of the pandemic or whatnot, realized that they need better online presence.
So suddenly they invest a lot more into building the website. Even simple things like menus were suddenly updated a lot more frequently or now you can order online to pick up or get delivered.
And I notice they also work with a lot more hosted platforms.
So I think that’s a good solution if you don’t have your dedicated team to manage your websites or social media presence. You can go with the hosted platform and that’d probably take care a lot of the overhead.”
Spam that is Problematic for the Web
Duy Nguyen’s answer about hack spam being problematic for the web is a good answer. The damage to site visitors, to other websites and to the rankings of the hacked site cannot be overstated.
Hacking events seem to be becoming more aggressive and widespread and as Duy said it doesn’t have to be that way. Keeping a website fully updated can go a long way to preventing a site from getting hacked.