Yes, Google's got your back -- especially, if you're a WordPress fanatic. A new security feature from Google Webmaster Tools is in the works. The big G plans to test out this feature starting with WordPress-powered sites aiming to alert Webmasters on whether their Web sites have any vulnerabilities and, therefore, can be easily hacked. The main way of deciding if you’re a hacker target is by checking what version of WordPress you’re running and whether it’s time for an upgrade.

Extending Webmaster Tools

As Google states on its Webmaster Tools blog, “Recently we’ve seen more websites get hacked because of various security holes. In order to help webmasters with this issue, we plan to run a test that will alert some webmasters if their content management system (CMS) or publishing platform looks like it might have a security hole or be hackable.” Google wants to start by alerting about 6,000 Webmasters by sending them a message via the Google Message Center that is provided as part of Webmaster Tools. The message will look something like this: google--message-example.jpg

WordPress Gets to Go First

Since Google considers the blog publishing platform WordPress to be one of the most popular pieces of software on the Web, the test will start with this platform beginning with a specific version 2.1.1, which is known to be a prime target for hackers. So, if you’re so lazy that you don’t keep your software up-to-date, Google will set you straight. Or, will, at least, attempt to do so. To those of you on WordPress: the latest available version is 2.6.2. So, get your act together now and let Google work on something more exciting than chasing cybercriminals. Google has always been about safety, though. Earlier this year Google brought the Safe Browsing diagnostic to the rescue of those affected by malicious SQL injection attacks, which could make your site host and/or redirect to malware.

Blogging Platforms Go to War

There’s no better time to launch an assault other than when the enemy is recovering from a wound. Several months ago, following the initial reports of WordPress vulnerability, Movable Type didn’t waste any time and posted a blog outlining why MT supersedes the competition: “Movable Type has a proven track record of having excellent security and an established reputation for fixing any known issues quickly. And that history of security is by design.” MT went on to quote the U.S. Department of Homeland Security that supposedly came to a conclusion that Movable Type has “the best security track record of any popular installable blogging software.” This news came with a pretty graph (but no link to the original source): MT security
MT vs. WordPress Security Report (Source: Movable Type)

The funny thing is that the U.S. Department of Homeland Security and a handful of other U.S. government agencies appear to be using WordPress as the blogging platform of choice, as reported by several sources. Ironic, huh? But Google new feature, especially when expanded, may after all be very useful. Just this morning, various sources reported that WordPress went down after it was hit with a denial-of-service attack. Some of the services and blogs were quickly restored, others are still being worked on as of the publish time of this article.

What the Blogosphere Peeps Think

Not surprisingly there’s a flurry of comments related to this announcement by Google. While some people wonder if Google would extend the same friendly gesture to other platforms like Drupal, others seem to doubt the whole idea by saying “How are you testing things like this? It's easy to spoof or remove the generator tag that wordpress inserts into the head.” Some users voiced their concerns of getting blocked by Google, if the almighty decides the site is hackable: “”As long as it's only reading the meta data I'm cool, but if it's actually checking for any exploits like a vulnerability scanner would it would get blocked by the firewall and then next thing you know I'm no longer ranking because Google can't find me.” That is a very valid point! Not that Google said anything about this in their recent post. Granted, it may not be easy to back up several years of your earthy existence and get the courage to upgrade to a new version, but do it. Excuses like “Sometimes it's also not an easy process to upgrade a site from an older version of WP to a newer version, given the function changes and such.” simply don’t count. There is plenty of ways to do a sensible upgrade by going for an upgrade of specific files and functions and doing other tricks. There’re also several WordPress plugins available to make your site more secure. Lastly, WordPress itself has a word or two to say about security and vulnerabilities, and what to do to prevent a hacker attack. Go ahead, protect yourselves.