Popular WordPress page builder, Elementor has a vulnerability called an Authenticated Reflected XSS. This kind of vulnerability allows a hacker to run a script from another site and do things such as steal login credentials.
The vulnerability involves causing a script to be loaded to the vulnerable site (for example through a search box), creating a URL that when followed will execute the script (that is hosted on another site). The hacker then sends a link to someone whose credentials could then be stolen by the hacker.
According to the WordPress Vulnerability Database, the proof of concept is being hidden until February 12th to give users time to update.
Related: Google Exploit: Canonical Negative SEO
The website security company site that discovered the vulnerability (Impenetrable.tech) have published a walk-through of how they discovered the security flaw.
Once they discovered the vulnerability they contacted the publishers of the Elementor Page Builder plugin and the publishers updated it right away.
Only after Elementor was patched did the security site publish an account of the vulnerability.
This vulnerability affects versions 2.8.4 and older. It is advisable to log into your WordPress website and update your site if you use the Elementor Page Builder plugin. The most current version of Elementor Page Builder is 2.8.5.
Once you sign into your WordPress account there should be an update link from the admin navigation ribbon at the top of the page, or you can access your updates page from the link in the admin sidebar to view all available updates.
Related: SEO & Cybersecurity: How the SEO Industry Views the Relationship
Are Blog Comments Useless for Link Building?
Editor’s note: “Ask an SEO” is a weekly column by technical SEO experts Shelly Fagin, Ryan Jones, Adam Riemer, and Tony Wright. Come up with your hardest SEO question and fill out our form. You might see your answer in the next #AskanSEO post!
This week for Ask An SEO, we have a question from Ed in Memphis. He asks:
“Are blog comments useless for link building?”
If you run or manage a WordPress site today, especially one that hasn’t activated Akismet for spam protection, you know all too well that people love to try and comment on blog posts purely for the sole purpose of dropping a link in the comments.
I can see how it might lead some to wonder whether this tactic is an effective form of link building today.
To answer your question, Ed, blog commenting is a useless form of link building today.
In fact, Search Engine Journal’s Roger Montti listed blog commenting as one of 18 link building tactics to avoid.
The Rise & Fall of Blog Commenting for Links
Blog comments were a popular link building tactic many years ago.
You might come across lots of older information that suggests using this tactic because it once worked extremely well.
Please hear me when I say this tactic used to work.
It does not anymore – and hasn’t for a long time.
Like many other popular link building techniques, this one was quickly abused.
Gone were the insightful comments from people who took the time to read the articles and comment thoughtfully.
Instead, blog posts quickly became overrun with spammy, incoherent, generic comments left for the sole purpose of building links with keyword-rich anchor text.
Eventually, spammers developed tools to automate this process, and the spammy comments quickly caused significant problems for site owners.
Most blogging platforms and other content management systems that allow users to submit comments started implementing the nofollow attribute on all links added by site visitors’ comments.
The nofollow tag was announced by Google in 2005 to help site owners combat spam and for publishers to use on sponsored links and advertising sold on their websites.
When applied to an outgoing link, we are telling search engines that we do not endorse the website that this link is pointed to, and no value should be passed within that outgoing link.
Google recently released new attributes, rel=” UGC” and rel=” sponsored” as a way of allowing us to qualify our outgoing links further. (UGC stands for User Generated Content.)
The UGC rel attribute is for sites that allow outside visitors to contribute content or post a response to site content.
Another good example would be web forums.
Soon after, WordPress announced they would be adapting the UGC rel attribute and applying it to WordPress comment links.
Are Blog Comments Useful at All?
Even though blog commenting is useless for link building, when utilized properly, it can potentially result in an increase in traffic to your website.
Within the blogging community, it’s a common way to help gain exposure and form blogger-to-blogger relationships when you engage with others in your niche by posting value-added commentary and support to other bloggers.
As a site owner, user comments on your content can help improve your rankings.
Lots of comments left on a post will not only signal that your content is highly engaging, but it can also provide additional valuable and indexable content that’s a supplement to your own.
Users’ comments can provide additional insights into the topic of that page and typically are rich with targeted keywords used naturally in phrasing.
In particular niches, such as food blogs, the comments on recipes commonly also include the ability to allow visitors to leave a rating on the recipe, a highly valuable functionality.
So please do not use blog commenting as a way to build links to your website.
If you are looking to gain exposure within your niche, I would instead only consider commenting on relevant blog posts where you can add valuable and helpful commentary based on your expertise on the subject.
You might find that other readers will come across your comment, find it informative, and visit your site as well.
How to Optimize AMP Stories for Google Search Results
An official set of recommendations concerning SEO for AMP stories is now available from the AMP Open Source Project.
AMP stories are similar to stories on social media platforms like Facebook and Instagram. The key difference is they can be indexed and displayed in Google Search results.
See: AMP Stories Now Have a Dedicated Section in Google Search Results
AMP stories are just like other web pages in the sense that they have a URL on your web server, they are linkable, and they can link out to other web pages.
Flavio Palandri Antonelli, a Software Engineer at Google, states:
“In particular, just like other pages on your site, make sure your Stories are linked from within your website so that your users and bots can actually discover them. If you are using a sitemap, make sure to include your Stories in that sitemap. If you are posting your regular web pages to social media, post your Stories as well. We could go on here, but the gist really comes down to: Follow the best practices you’re already applying to the rest of your website.”
See: Official AMP Plugin for WordPress Now Supports AMP Stories
AMP stories should be optimized like any other page on your website. What works for regular web pages will also work for AMP stories
With that said, there are some SEO tactics specific to AMP stories that can be utilized as well.
Specific SEO Tactics for AMP Stories
Here are the SEO tactics specific to AMP stories. Keep in mind these tactics aren’t comprehensive and should be utilized in conjunction with the standard SEO work being done for your web pages.
- Metadata: AMP stories have a built-in mechanism to attach metadata to a story. This ensures maximum compatibility with search engines and other discovery features that take advantage of metadata.
- Internal linking: Site owners should generously link to AMP stories from other pages, such as linking to them from the homepage or category pages where applicable.
- URL format: There is no need to indicate in the URL of a story that it is using the AMP stories format. Follow the same URL format as other web pages on your site.
- Page attachments: Page attachments can be used to present additional information in classic article form alongside your story.
- Image descriptions: Use meaningful alt text where appropriate.
- Video subtitles: Consider providing subtitles and/or captions for the videos in your Stories.
How Hackers May Be Hurting Your SEO
It is oftentimes rather easy to sometimes grow complacent as an SEO when it comes to site security, or put all of the responsibility on I.T. departments when it comes to any form of cybersecurity or hacking prevention practices.
It’s a debatable topic amongst many, however, this is defiantly true:
Website security, or the absence of it, can directly and critically impact a site, and that includes the site’s organic performance.
For this reason, website security should not be ignored when it comes to digital marketing plans.
But first, let’s gain a deeper understanding of what hacking, it itself, is, in order to connect the dots on why it should not be neglected.
What Is Hacking?
Hacking occurs when an individual gains access to a specific website or computer network, sans permission.
Unwarranted hacking most often occurs when people are trying to gain access to sensitive or private information, or to redirect users to a specific hacker’s website.
What Are Some Common Tools Utilized by Hackers?
Malware is specifically designed to damage or disable a specific network, with the goal usually being a data breach.
The potential after-effects of a malware attack can be great, including extensive financial losses for an organization.
Website spamming usually occurs when a hacker adds hypertext to a webpage that, when clicked on by a user, will link to the hacker’s chosen destination.
Adding spammy links to a hacker’s website on websites that have a high amount of traffic to them has a chance of increasing search engine rankings.
It is essentially a way to shortcut the system of solidified, ethical SEO work.
Effects of Hacking
The ramifications of hacking can be significant and far-reaching. There are a few more common things that can happen when a website is hacked.
GoDadddy conducted a study a few years ago where they concluded that over 73% of hacked websites were hacked due to SEO spam reasons.
Something like this could be planned and deliberate, or an attempt to scrape a website that is authoritative and capitalize on strong rankings and visibility.
In most cases, legitimate sites are ultimately turned into link farms and visitors are tricked with phishing or malware links.
Hackers may also employ that use of SQL injections, where a site will be turned over with spam and recovery may be very difficult.
This can potentially put your website in the sandbox if Google detects it.
If detected, Google will display a warning message when users try to navigate to the site, and therefore encouraging them to stay away.
It can also potentially result in the complete removal of a site from search engines in an effort to safeguard users.
This will both, directly and indirectly, influence SEO value:
- Visits: Overall organic site traffic will most likely drop significantly.
- Mistrust: Users who know that your site may be less enticed to visit again if they know that your site has had one or multiple security issues, thus also affecting your traffic, and ultimately, your bottom line.
Oftentimes, hackers will implement redirects when a website is hacked.
These will send users to a different website than the one that they navigated to initially.
When users are directed to this separate web address, they will usually find that the site contains:
- Malicious forms of content such as duplicate content that isn’t true.
- Other types of scams like phishing where users are enticed to click on a spammy link and ultimately reveal sensitive information.
If Google follows your site that has been redirected and sees that it contains questionable content, it may severely hurt overall organic visibility in search.
Search engines carefully assess the overall reputation and value of domains and links that link to one another.
During a hack, links will oftentimes be added to a site, and most likely ones with low value, which can negatively affect SEO efforts.
Your website may ultimately be flooded with backlinks from questionable sources, which will most likely decrease the level of trust Google or other search engines has in a site.
Being hacked can put a site at a serious detriment in Google’s eyes. This can affect a site’s presence in SERPs and also result in potentially several manual actions in Search Console if Google flags it.
The kicker is, is that oftentimes they do not. This usually only leads to more attacks, such as via malware, without the webmaster knowing, and puts the site at risk for an even greater loss, both from a visibility and revenue standpoint.
This creates a bit of a conundrum. Being flagged or blacklisted for malware essentially depletes your site’s visibility across the board, at least until the site is analyzed and cleaned and penalties removed.
Yet, not getting flagged when your site contains malware can result in greater risk and penalization.
Common Risks & How to Prevent Attacks
There are a few more common things that put your site at a greater risk of getting hacked:
Installing Plugins or Other Tools From Untrusted Sources or Not Updating Them
Many plugins, such as those used in a CMS such as WordPress, are not all secure.
Hackers are consistently searching for sites that use insecure or outdated plugins and then finding ways to exploit the site.
As a best practice, it is recommended to research a plugin and read reviews before installing it on your site.
Sharing a Server May Also Pose a Risk in Terms of Site Security
This is because someone could easily upload a spammy or malicious file, or even grant access to other hackers.
Non-Secure Credentials May Also Pose a Risk for Data Security
It is recommended that secure passwords are created for online accounts and make them difficult to guess.
Another more advanced method to prevent an attack is through penetration testing. This analyzes and tests your network’s security and any potential vulnerabilities within it.
Everyone is affected by web security. When building a partnership with a website or client, SEOs should be able to provide some advice when it terms to overall security.
If you’re responsible for the SEO effectiveness of a site, part of your role is to ensure that there are security measures in place to protect it.
SEO2 weeks ago
Paid search marketers can find success with top of funnel campaigns
SEO6 days ago
New local SERP live in Europe
SEO1 week ago
Google Ads intros ‘continuous audience sharing’ for manager accounts
SEO2 weeks ago
Leverage Python and Google Cloud to extract meaningful SEO insights from server log data
SEO2 weeks ago
Google: ‘We do updates all the time’ – somewhat confirming February update rumors
SEO3 weeks ago
Google adds Siri Shortcuts to its iOS apps
SEO3 weeks ago
Danny Sullivan to keynote SMX Advanced 2020
SEO1 week ago
Video: Chris Boggs on experience in the SEM industry