Google Search Console Goofed And Sent False Alerts on WordPress


Sometimes I scratch my head where exactly Google is going with its search console. While I do believe it's an amazing service to detect malware on sites and prevent those sites from being listed in search results, I'm not so sure I want Google actually scanning sites looking for issues.

Case in point was a premature alert that went out to me and, I'm guessing, tens of thousands of sites that stated they were running a version of WordPress that was not secure. The problem? It was a false positive and the vast majority of the sites were actually running the latest version of WordPress. While I'm not privy to the methodology Google was using to validate the sites, it does appear that caching may have been an issue. Since cached pages are common throughout the Internet and with WordPress sites, it caused quite a stir.

The problem, of course, was that many of the recipients of those emails were clients who pay for advanced hosting and security, and also have an agency, like ours, working to ensure our clients are safe. When they receive an email like that, it tends to cause quite a disruption. Thankfully, Google immediately responded in their webmaster forums that they, indeed, had caused the issue.

Hello all — on behalf of the teams driving this effort, please accept our apologies for the confusion we've generated. We do know of cases where we've sent messages to owners of WordPress instances that have been upgraded to a more recent version since our last crawl — we did suspect that there would be a number of these cases before we kicked off the messaging effort. Juan Felipe Rincón, Google

The mea culpa was appreciated, but still, it seems a bit bizarre that Google would just launch something like this on their own. A few threads later in the conversation, the WordPress security product manager connected with the Google team and said they'd love to work together on this. I'm not sure why that didn't happen first of all, but thank goodness it's heading in that direction.

While I have no doubt Google has the resources to accomplish such work, I'm really not sure I appreciate where the company continues to tread. I love the fact that Google provides tools like Search Console, Analytics, Tag Manager, and others to help us improve how users are interacting with our sites. But when they actually step over the line – as in this case and with AMP, SSL, Mobile, and other initiatives, it seems like they're stepping on our toes more and more.

I'd like Google to do what they do best… provide highly relevant organic and paid search results. But I wish they would leave it to businesses to provide the user experience they want for their clients. What content management system they utilize, what site formatting, whether or not Javascript is running, or even whether its buttons provide enough padding on a mobile device seem a bit outside of their bailiwick.

Making recommendations is fine, and providing the tools to provide those recommendations is even better. But when Google begins warning or even penalizing sites that don't behave the way Google wishes them to seems a bit overreaching for me.


  1. 1

    Google is like the Department of Education. If schools want federal dollars they have to follow specific standards that may or may not fit their community’s best interests. If you want the benefit of showing up in search results you have to adhere to Google’s rules even if it doesn’t fit into your best interests. I think diversification of search engines is a must so we don’t have one mammoth company bullying people into submission. Google does a lot of great things that benefit the tech community but they also are acting in their own best interest at all times.

  2. 2

    I don’t know… I received the notice as did some of my clients. I don’t think it’s an issue. If it happened over and over and over I’d be a little more concerned. I give them a pass on this one.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.