Wordfence can affect SEO in both positive and negatives ways. The positive far outweighs any negative aspects. This article goes through how Wordfence helps your website SEO.
We also discuss two main issues that can make Wordfence affect SEO, and how to prevent them. But we’ll look at the good points first.
Wordfence Protection From Seo Plugin Hacks
If you’re interested in SEO, you probably have at least one WordPress SEO plugin. Unfortunately, plugins are a major target for hackers to exploit and get into your website.
Wordfence protects you from plugin hacks in several ways. It alerts you if your version is out of date, or has even been removed from the WordPress repository due to issues.
Many plugin hacks try to add files to your site that look like they should belong to the plugin. WordPress monitors for suspicious files. It even monitors the date of the files, in case they are replaced by malware.
Of course, these defenses apply to all plugins. What about SEO plugins, specifically?
The Wordfence Folk Actively Research SEO Plugin Hacks
Because some SEO plugins are hugely popular, they are actively tested for hacks by a Wordfence security team (the company calls this the Threat Intelligence Team).
When the Wordfence team identifies a vulnerability, they notify the plugin developer immediately. The Wordfence developers also jump all over this new problem to add protection to the Wordfence plugin.
I’ve pulled out the SEO-specific vulnerabilities identified by WordFence within the last few years. If you want the nitty-gritty technical details, I’ve added a link back to the Wordfence vulnerability page.
|Publish Date||SEO Plugin||More Info|
|July 10, 2020||All In One SEO Pack||technical details|
|March 23, 2020||Rank Math SEO Plugin||technical details|
|March 25, 2019||Social Warfare Plugin||technical details|
|November 26, 2017||Yoast SEO Plugin||technical details|
|July 13, 2016||All In One SEO Pack||technical details|
|May 06, 2016||Yoast SEO Plugin||technical details|
By the way, if you don’t see your favorite SEO plugin on this list, that doesn’t mean that Wordfence hasn’t protected against problem installs. There are other companies that test and identify plugin vulnerabilities. I’m showing the ones that the Wordfence security team published.
A colleague asked me why I included Social Warfare in the list. I did so because I think most website owners who use social sharing plugins are hoping to highly-shared articles get a boost with SEO.
Wordfence Affects SEO Positively By Protecting Your Search Ranking
Let’s take the worst-case scenario where your website is hacked with malware. When search engines detect this risk, they will take steps to protect their users.
I’ll run through what Google can do. The other search engines e.g. Bing will behave very similarly.
The least drastic effect is to push your posts and pages down in the search rankings.
Your website may be added to a database of known threats, known as the Google Safe Browsing Database. When this happens, your potential visitors see a warning in their browser that the site has been compromised.
If you’ve seen this warning elsewhere, you’ll know that it is very alarming. And it can cause major reputational damage that lasts long after you’ve fixed the issue.
I mentioned that your rankings will drop. At worst, you will be blocklisted.
This means that Google will not show your site posts and pages in the search results. Direct links will work (although users will get a warning). But it will be as if your website doesn’t exist for organic search.
You may think that this is unlikely to happen to you. Unfortunately, it may be more common than you think. GoDaddy, a massive web hosting provider, ran a survey on their customers who had suffered a malicious attack within a year period. As GoDaddy is a budget service, their customers tend to be small to medium businesses.
A sizeable 10% of websites that had been attacked were blocklisted.
How does Wordfence protect your ranking in the search engines?
A major part of Wordfence is the scanning feature that runs through the files on your site. The scan looks for malware or malicious files and scripts.
How can these files get there? Sometimes, an administrator login and password have been compromised. But it can also happen in the way we discussed in the previous section – through compromised plugins.
Wordfence Affects SEO Positively By Protecting Against Bad Bot Traffic
If you watch your traffic through Wordfence, you may occasionally see bursts from places you don’t expect. When I put a new site live, I tend to see a quick spike from China or Russia. Yet I’m usually not targeting those countries.
I’ve discussed what’s going on with these early spikes in this article on watching for bots using Google Analytics. The early spikes usually from services that monitor for new domains and websites to try to harvest contact details. I don’t worry too much about a few hundred hits that don’t happen again. I consider these bots to be “minor suspects”.
Major Problems with SEO and Indexation
But what if you get a steady barrage of bot traffic over a period of time? This puts unwanted load on your hosting servers and can cause all sorts of problems. I’ll discuss one SEO issue specifically.
The GoogleBot is one example of a good bot that you want to come visit your site and have a look around. Especially the new parts.
The GoogleBot crawls your site and looks for new or updated posts and pages. This process is what indexes your website content and makes it available to appear in Google Searches.
But the GoogleBot tries to be a polite visitor that doesn’t trash your house. When it recognizes that your web pages are under significant load, it goes away without looking around. If the GoogleBot does not access your site, your pages will not be indexed.
How does Wordfence protect you?
Wordfence uses multiple methods to protect against bad bot traffic from flooding your website.
Defiant (the company behind Wordfence) maintains and grows a list of bad actor IP addresses to block from accessing your site. But the software is more sophisticated than just using a list. It looks for common patterns of traffic behavior, or “signatures”, to identify new threats.
Wordfence Protects Against SEO Spam Attacks
I mentioned that GoDaddy studied 11 months of hacking incidents across their many customers. The second most common type of hack was an SEO spam attack.
But, what exactly is this referring to?
This is where a hacker takes advantage of your SEO to drive traffic to their own targets. They inject their own links into your pages to hijack your web traffic.
This is a horrible experience for your users. And if the Search Engines spot it, your site will end up being blocklisted.
Obviously, the hackers must be able to access and update your files to insert their links. One likely source is a vulnerability in your plugins, your theme, or WordPress itself. We’ve already reviewed how Wordfence protects against plugin vulnerabilities. It acts in a similar way with thems and the WordPress software suite.
Keep Aware Of Activity And Threats On Your Website
An interesting finding in the GoDaddy study was that 30% of the hacked website owners didn’t make occasional checks for issues.
When you install Wordfence for the first time, a quick look at the dashboard can be quite a shock. I’ve got a very young site, and there have been seventeen brute force login attempts today alone.
I suspect if those 30% of website owners were shown these kind of attack details, they’d be more keen to take proactive steps to protect their sites.
It reminds me why I use strong unique passwords on every site when it’s so much more convenient to be less stringent.
You’ll notice that I don’t have the premium service activated. I don’t bother with upgrading until the site reaches some proper traffic and revenue.
Using Wordfence To Recover SEO After An Attack
Let’s say that the worst possible event has happened and your website was hacked. The rankings have tanked, and you suspect you’re stuck on the Google naughty step.
Personally, I’d hire an expert to clean my site. I could make a good fist of it myself, but this is not a time to do a “good” job when “perfect” is needed.
But I’d always run my own checks when the work is complete. To recover your SEO rankings, you must be sure that malware, spam, and malicious links have been completely removed. This is where a full Wordfence scan comes into play. You want to see a clean bill of health before you take steps like submitting your website for review by the search engines.
Negative Affect: Wordfence And Yoast SEO In Conflict
Up until now, I’ve discussed the positive effect of Wordfence on your website SEO. But everything doesn’t always come up roses.
Occasionally, Wordfence and another WordPress plugin will have technical conflicts. I’ll focus here on the very popular SEO plugin from Yoast.
Back in 2016, users with both plugins reported that Yoast seemed to be falling over due to the presence of Wordfence. This was happening after a Yoast update. The SEO plugin would tell worried website owners that “Your homepage cannot be indexed by search engines”.
This was thankfully a trivial and temporary issue that went away with another Yoast update.
In 2020, I and other users noticed that half of Yoast seemed to be “missing”. The meta box and keyword box disappeared. The readability and SEO checkmarks went AWOL.
Isolating plugin problems to interaction with Wordfence
But how did we know that Wordfence was part of the problem? The trick with investigating plugin conflicts is to methodically deactivate and activate combinations of plugins. It’s tedious, so hopefully someone else does it first!
But if it has to be you, I’ve got some guidelines for temporarily removing Wordfence here.
Thankfully for me, this particular issue was investigated meticulously by another website owner who posted the details on the WordPress forum. A Wordfence representative quickly jumped in to help.
The quick fix, if you’re wondering, was to enable Wordfence’s learning mode until the company rolled out an update. I’ll address that in another article.
The takeaway here is that conflict problems have happened in the past and undoubtedly will happen in the future. But Wordfence support staff are active in investigating reported issues.
Does Wordfence Negatively Affect SEO Through A Performance Hit?
The speed of your website pages plays its part in SEO and rankings. Google has made it clear that it is putting greater emphasis on response times for indexation and ranking.
This means that website owners must be super-careful about adding plugins that put a drag on their sites. So, how does Wordfence impact performance?
I’ve written a separate article on whether Wordfence slows down your website. There are some circumstances when it may have a noticeable impact, and the article has plenty of tips on how to mitigate this.