Blog

Attention webmasters: Google wants you to know your site has security vulnerabilities. As part of their online webmaster tools, Google is now providing free notifications of common web server security problems.

Here’s how it works: As Google’s search crawler indexes your site content, it also compares the signature of your server software against a database of known vulnerabilities. When you log in to your webmaster account, you will see any new warnings in your message center. Why is this important? Google search expert Matt Cutts describes the situation:

There’s been a recent trend of spammers hacking websites, and most of the time that happens because the webmaster or site owner didn’t update a piece of software that runs their website. If you think you can install a piece of software on the web in 2008 and run it forever without upgrading, I’m sorry to say that your website will be at much higher risk of getting hacked.

Initially, the free analysis only looks for an older version of the popular blog software WordPress, which is known to contain security holes. (The newest version of Wordpress plugs these holes, but many site administrators have not upgraded.)

Presumably Google will add more vulnerabilities to their database over time, but for now this service is limited to Wordpress sites. The full disclosure missing in last week’s announcement of this service is that Google owns Blogger, their own competing blog software. Could this be some underhanded PR tactic against the competition? Of course everyone knows Google can do no evil. It must be a coincidence.