There are so many different reasons why positions can drop in the search engines but there are two things you always have control of: your website being online and relevant.
The search engine spiders crawl your site much like a text-based browser such as Lynx would. They crawl through your website following links you build to get to interior pages and they take a lot of the information they crawl into account when deciding if your website should rank well or not. The spiders come back fairly regulary (the time between crawls depends on the website), looking for new content and seeing if your website is still relevant; but what happens if your website is offline, has been hacked or defaced when the spiders come back to crawl your website?
The answer is pretty obvious. Positions are going to drop considerably if your website is completely irrelevant (compromised websites are often stuffed full of irrelevant keywords) or offline. Google does not want its users to find your website if it has been defaced or if it’s offline as it would then be returning useless search results – not exactly Google’s modus operandi!
What can you do to prevent this?
1. Use a reputable web host
Have your website hosted by a good, reliable web hosting company offering at least 99.9% uptime (and can prove it) and to be extra safe make sure they are using something like suPHP which helps prevent insecure scripts from damaging your site. You should also check your hosting company keeps software up to date. There are always vulnerabilities being found and keeping software upto date means they will be using a version which has more bugs patched so fewer vulnerabilities.
2. Keep your scripts, CMS and plugins up to date
Most modern scripts nag you constantly about updates being released and for good reason. Updates are quite often released to fix security flaws/exploits with the script that can let people have free roam of your site, unfortunately a lot of people ignore these messages because they think it’ll take long or it’s too complicated but you must keep all your scripts, cms’s and plugins up to date to minimise the chance of unauthorised access to your website.
3. Use strong passwords
Having your password as 12345 may be easy to remember but it is also extremely easy to crack, you should make sure you use a strong password for every account that has admin access and make sure you do not include anything personal such as date of birth or pet name in the password. Use a password strength checker to see how strong your passwords really are.
4. Remove Meta Generator Tag
Meta generator tags are basically used to declare the name and version number of the CMS/program used to generate the website, for example:
<meta name=”generator” content=”WordPress 3.3.1″ />
This tag is completely unnecessary and all it does is make it easy for people to work out which version of the script you are using and find a vunerability/exploit.
You can easily remove the tag from WordPress using the Hide Generator Meta Tag plugin, Joomla using the ByeByeGenerator plugin and Drupal using the Remove Generator META tag plugin – If your CMS isn’t listed here just Google “CMS NAME remove meta generator tag” and there are plenty of results.
5. Change the table prefix
Many exploits/vunerabilties require the database table names and for common CMS systems, this is common knowledge, for example WordPress prefix is wp_ and so on. If you change the prefix it can make it much harder for hackers to modify the tables directly.
It’s best to read the documentation for your CMS/script before changing this as it can potentially break your site.
6. Don’t use admin as the username
Fairly easy fix but worth doing, change the default admin username from “admin” or “administrator” to something else.
7. Password protect admin directories
Although modern scripts have built in password protection for admin areas it is worth considering adding an extra layer of security by password protecting your admin directories at a server level, you can normally do this through your hosting control panel.
8. Rename the admin directory
Renaming the admin directory from something like /admin to /admin5437538 can make it much harder for people to find your admin directory and if they can’t find it, they can’t brute force it. Presta Shop (and possibly other scripts) actually force you to change this when you first install it.
It’s best to read the documentation for your CMS/script before changing this as it can potentially break the admin area of your site.
9. Remove install scripts after installation
All major CMS and e-commerce systems come with install scripts designed to make installing the script much easier for users, however if you do not remove these from the server once you have installed the script it is a security risk as people could potentially run the script again to install the script again or abuse the install utility to do something malicious.
10. Use a reliable Anti-Virus on your own computer
What’s the point in all this security if everything you do on your computer is being shown or sent to someone else? A good anti-virus and anti-malware are a must on any computer you use to access secure areas of your website.
These are just a few steps you can take to help ensure your website is always online and to try and prevent anyone gaining unauthorised access to deface or add anything irrelevant into your website which can cause a significant drop in positions.