Google has now started sending out warnings to users that are running outdated and vulnerable software installations. Which is what we have been doing for years in order to ensure our clients are not at risk.
This action from them has probably been initiated due to the continual problems caused by webmasters who just don't take security seriously. There was recently a mass defacement involving hundreds of thousands of websites using the Wordpress content management system (which we don't use) called the REST API Vulnerability. And no doubt this has now driven Google to take this action.
The message users are receiving (depending on what software they're using) is this:
"Google has detected that your site is currently running Joomla 2.5, an older version of Joomla. Outdated or unpatched software can be vulnerable to hacking and malware exploits that harm potential visitors to your site. Therefore, we suggest you update the software on your site as soon as possible".
So let's just recap on the warnings Google are now issuing:
1. Sites should be mobile compatible.
2. Sites should have HTTPS/SSL security.
3. Sites should be running up to date and secure software.
I'd also add that every site should have it's own security firewall installed......which could well be the next step Google will take.
Let me emphasise that Google are not saying that you have to have a site of the technical complexity of Kyero or eBay etc.....they're just making it clear that it should reach a basic level of professionalism and responsibility.
Saying that......I've actually had people who are knowingly in the position above actually ask me how they can improve their Google positioning. Just let that sink in! They fail all of the basic criteria that Google requires, they've received multiple warnings to that effect.....yet they want to be recommended by them.
Bottom line is if you can't demonstrate professionalism in your online presence then Google (and users) will just not take you seriously. Think of it this way: Most of you at one time or another will have experienced the damage caused by viruses, trojans, ransomware etc when your computer gets infected by malware. Where do they come from? From infected websites on the internet!
Google want to get this under control, and they will now penalise sites who refuse to accept their responsibilities regarding security. They're certainly not going to be recommending sites they class as dangerous to their users.
I'd go so far as to say that they will eventually take the view that if you're not part of the solution then you're part of the problem......and you'll end up becoming invisible. Others are following too.....because I've had warnings flash up from Facebook that I may be leaving there to visit a site that is classed as dangerous. So all the big players are getting behind these security initiatives.....it's not something you can ignore.
If you're a client, then we've already notified you of your status in each of the criteria. If you're not a client, then your current web developer should have kept you up to date on all these developments to ensure you were protected. If they haven't, then get in touch and we can run some checks for you.