Originally posted by the Webmaster Central Blog.

If you publish anything online, one of your top priorities should be security. Getting hacked can negatively affect your online reputation and result in loss of critical and private data. Over the past year Google has noticed a 180% increase in the number of sites getting hacked. While we are working hard to combat this hacked trend, there are steps you can take to protect your content on the web.

This week, Google Webmasters has launched a second #NoHacked campaign. We’ll be focusing on how to protect your site from hacking and give you better insight into how some of these hacking campaigns work. You can follow along with #NoHacked on Twitter and Google+. We’ll also be wrapping up with a Google Hangout focused on security where you can ask our security experts questions.

We’re kicking off the campaign with some basic tips on how to keep your site safe on the web.

1. Strengthen your account security

Creating a password that’s difficult to guess or crack is essential to protecting your site. For example, your password might contain a mixture of letters, numbers, symbols, or be a passphrase. Password length is important. The longer your password, the harder it will be to guess. There are many resources on the web that can test how strong your password is. Testing a similar password to yours (never enter your actual password on other sites) can give you an idea of how strong your password is.

Also, it’s important to avoid reusing passwords across services. Attackers often try known username and password combinations obtained from leaked password lists or hacked services to compromise as many accounts as possible.

You should also turn on 2-Factor Authentication for accounts that offer this service. This can greatly increase your account’s security and protect you from a variety of account attacks. We’ll be talking more about the benefits of 2-Factor Authentication in two weeks.

2. Keep your site’s software updated

One of the most common ways for a hacker to compromise your site is through insecure software on your site. Be sure to periodically check your site for any outdated software, especially updates that patch security holes. If you use a web server like Apache, nginx or commercial web server software, make sure you keep your web server software patched. If you use a Content Management System (CMS) or any plug-ins or add-ons on your site, make sure to keep these tools updated with new releases. Also, sign up to the security announcement lists for your web server software and your CMS if you use one. Consider completely removing any add-ons or software that you don't need on your website -- aside from creating possible risks, they also might slow down the performance of your site.

3. Research how your hosting provider handles security issues

Your hosting provider’s policy for security and cleaning up hacked sites is in an important factor to consider when choosing a hosting provider. If you use a hosting provider, contact them to see if they offer on-demand support to clean up site-specific problems. You can also check online reviews to see if they have a track record of helping users with compromised sites clean up their hacked content.

If you control your own server or use Virtual Private Server (VPS) services, make sure that you’re prepared to handle any security issues that might arise. Server administration is very complex, and one of the core tasks of a server administrator is making sure your web server and content management software is patched and up to date. If you don't have a compelling reason to do your own server administration, you might find it well worth your while to see if your hosting provider offers a managed services option.

4. Use Google tools to stay informed of potential hacked content on your site

It’s important to have tools that can help you proactively monitor your site.The sooner you can find out about a compromise, the sooner you can work on fixing your site.

We recommend you sign up for Search Console if you haven’t already. Search Console is Google’s way of communicating with you about issues on your site including if we have detected hacked content. You can also set up Google Alerts on your site to notify you if there are any suspicious results for your site. For example, if you run a site selling pet accessories called www.example.com, you can set up an alert for [site:example.com cheap software] to alert you if any hacked content about cheap software suddenly starts appearing on your site. You can set up multiple alerts for your site for different spammy terms. If you’re unsure what spammy terms to use, you can use Google to search for common spammy terms.

We hope these tips will keep your site safe on the web. Be sure to follow our social campaigns and share any tips or tricks you might have about staying safe on the web with the #NoHacked hashtag.

If you have any additional questions, you can post in the Webmaster Help Forums where a community of webmasters can help answer your questions. You can also join our Hangout on Air about Security on August 26th.

Posted by Eric Kuan, Webmaster Relations Specialist and Yuan Niu, Webspam Analyst

Posted by Hillel Maoz, Engineering Lead, Search Console Team and Mariya Moeva, Webmaster Trends Analyst

Originally posted to the Webmaster Central blog

Wouldn’t it be nifty if you could track where your indexed app content shows up in search results, for which queries, which app pages are most popular, and which ones have errors? Yeah, we thought so too! So we’ve equipped our freshly renamed Search Console with new reports to show you how Google understands and treats your app content in search results.

Our goal is to make Search Console a comprehensive source of information for everyone who cares about search, regardless of the format of their content. So, if you own or develop an app, Search Console is your new go-to place for search stats.

Add your app to Search Console

Simply open Search Console and enter your app name: android-app://com.example. Of course, we’ll only show data to authorized app owners, so you need to use your Google Play account to let Search Console know you have access to the app. If you don’t have access to your app in Google Play, ask an owner to verify the app in Search Console and add you next.

Connect your site to your app

Associating your site with your app is necessary for App Indexing to work. Plus, it helps with understanding and ranking the app content better.

Track your app content’s performance in search

The new Search Analytics report provides detailed information on top queries, top app pages, and traffic by country. It also has a comprehensive set of filters, allowing you to narrow down to a specific query type or region, or sort by clicks, impressions, CTR, and positions.

Use the Search Analytics report to compare which app content you consider most important with the content that actually shows up in search and gets the most clicks. If they match, you’re on the right track! Your users are finding and liking what you want them to see. If there’s little overlap, you may need to restructure your navigation, or make the most important content easier to find. Also worth checking in this case: have you provided deep links to all the app content you want your users to find?

Make sure Google understands your app content

If we encounter errors while indexing your app content, we won’t be able to show deep links for those app pages in search results. The Crawl Errors report will show you the type and number of errors we’ve detected.

See your app content the way Google sees it

We’ve created an alpha version of the Fetch as Google tool for apps to help you check if an app URI works and see how Google renders it. It can also be useful for comparing the app content with the webpage content to debug errors such as content mismatch. In many cases, the mismatch errors are caused by blocked resources within the app or by pop-ups asking users to sign in or register. Now you can see and resolve these issues.

To get started on optimizing and troubleshooting your own app, add it to Search Console now. If you want to know more about App Indexing, read about it on our Developer Site. And, as always, you’re welcome to drop by the help forum with more questions.

By John Mueller, Webmaster Trends Analyst

You think infinite scroll is cool? Search-friendly infinite scroll is even cooler! We just announced on the Webmaster Central Blog how to make infinite scroll pages more search-friendly, helping search engines access all the individual items in the category/gallery so the content is available in search results.

With some implementations of infinite scroll, crawlers aren’t great at scrolling down or clicking “load more”, so they may not crawl items displayed after the initial page load. To help the crawler see all the content, we recommend converting the infinite scroll page to paginated series by using the HTML5 History API. (Of course, the pagination is seamless to the user.)


Here’s a demo of infinite scroll with pagination. The demo isn’t production-ready, but the key search engine-friendly points to note are:

• Coverage: All individual items are accessible. With traditional infinite scroll, individual items displayed after the initial page load aren’t discoverable to crawlers.
• No overlap: Each item is listed only once in the paginated series (that is, no duplication of items).

For the full details, check out our new post on the Webmaster Central blog.


John Mueller is a Webmaster Trends Analyst in Zurich, working with webmasters and Google engineers to make the web better. In his time off, he builds robots with his kids to take over the world (or at least mow the lawn).

Posted by Scott Knaster, Editor

By Maile Ohye, Developer Programs Tech Lead

To help you capitalize on the huge opportunity to improve your mobile websites, we published a checklist for prioritizing development efforts. Several topics in the checklist reference relevant studies or business cases. Others contain videos and slides explaining how to use Google Analytics and Webmaster Tools to understand mobile visitors' experiences and intent. Copied below is an abridged version of the full checklist. And speaking of improvements… we'd love your feedback on how to enhance our checklist as well!

Checklist for mobile website improvements

Step 1: Stop frustrating your customers

• Remove cumbersome extra windows from all mobile user-agents | Google recommendation, Article
• JavaScript pop-ups that can be difficult to close
• Overlays, especially to download apps (instead consider a banner such as iOS 6+ Smart App Banners or equivalent, side navigation, email marketing, etc.)
• Survey requests prior to task completion
• Provide device-appropriate functionality
• Remove features that requires plugins or videos not available on a user’s device (e.g., Adobe Flash isn’t playable on an iPhone or on Android versions 4.1 and higher) | Business case
• Serve tablet users the desktop version (or if available, the tablet version) | Study
• Check that full desktop experience is accessible on mobile phones, and if selected, remains in full desktop version for duration of the session (i.e., user isn’t required to select “desktop version” after every page load) | Study
• Correct high traffic, poor user-experience mobile pages

For all topics in the category “Stop frustrating your customers”, please see the full Checklist for mobile website improvement.

Step 2: Facilitate task completion

• Optimize search engine processing and the searcher experience | Business case
• Unblock resources (CSS, JavaScript) that are robots.txt disallowed
• For RWD: Be sure to include CSS @media query
• For separate m. site: add rel=alternate media and rel=canonical, as well as Vary: User-Agent HTTP Header which helps Google implement Skip Redirect
• For Dynamic serving: Vary: User-Agent HTTP header
• Optimize popular mobile persona workflows for your site

For all topics in the category “Facilitate task completion”, please see the full Checklist for mobile website improvement.

Step 3: Turn customers into fans!

• Consider search integration points with mobile apps | Background, Information
• Investigate and/or attempt to track cross-device workflow | Business case
• Logged in behavior on different devices
• “Add to cart” or “add to wish list” re-visits
• Brainstorm new ways to provide value
• Build for mobile behavior, such as the in-store shopper | Business case
• Leverage smartphone GPS, camera, accelerometer
• Improve sharing or social behavior | Business case
• Consider intuitive/fun tactile functionality with swiping, shaking, tapping

Maile Ohye is a Developer Advocate on Google's Webmaster Central Team. She very much enjoys chatting with friends and helping companies build a strategic online presence.

Posted by Scott Knaster, Editor

By Maile Ohye, Developer Programs Tech Lead

If you've ever helped a friend recover their hacked site, you know it can get fairly complicated – beyond just the technical issues. First, recovery might involve answering your friend’s general questions like "Why would someone do this to my site?" Second, you might wonder “What’s the process to have the ‘This site may harm your computer’ warning label removed from search results?” Our new Help for hacked sites series includes articles and 80+ minutes of video to help you, and to help you help others. In the overview video, these common questions are addressed:

• Why would someone ever want to hack my site? (often asked by our trusting friends :) )
• How was someone able to hack my site?
• What's the process for fixing it and how long will it take?

Help for hacked sites also provides more detailed information on specific issues, such as background on the malware infection type Error template or Server configuration if your site was hacked to distribute malware.

To avoid ever needing this resource yourself, please implement a security and maintenance plan for your site if you haven't already.

• Be vigilant about keeping software updated.
• Understand the security practices of all applications, plug-ins, third-party software, and so on, before you install them on your server. A security vulnerability in one software application can affect the safety of your entire site.
• Remove unnecessary or unused software.
• Enforce creation of strong passwords.
• Keep all devices used to log in to your servers secure (updated operating system and browser).
• Make regular, automated site backups.

We’d like to thank the developer community for sharing tips on site recovery as well as replying to forum questions to assist others with hacked sites. Special thanks to Redleg and Denis Sinegubko for their amazing contributions.


Maile Ohye is a Developer Advocate on Google's Webmaster Central Team. She very much enjoys chatting with friends and helping companies build a strategic online presence.

Posted by Scott Knaster, Editor

By Maile Ohye, Developer Advocate

If you’re at a startup, you might be wondering how to make your site search-friendly. But you’re probably too busy coding and drinking caffeine to do SEO research. So here are a few quick tips:.

• Don’t worry about the meta keywords tag. Google search ignores it.
• Spend some time on your titles and meta descriptions. They're useful.
• Most importantly, check out this video (or just the slides) and gain SEO peace of mind. It only costs 10 minutes.

There are more tips available at developers.google.com/startups. Best of luck! It’s great that you're pursuing your dreams.


Maile Ohye is a Developer Advocate on Google's Webmaster Central Team. She very much enjoys chatting with friends and helping companies build a strategic online presence.

Posted by Scott Knaster, Editor