What is a Sitemap, and How it May Put Your Website at Risk

Nov 5, 2018 | Website Management

Recently, we’ve covered how Google works. That article was dedicated to revealing how the search engines are working, and what is, if any, the connection between them and our brains. We figured that the search engines are more of sorting engines, showing only the relevant information through billions of possible pages. These pages were previously crawled and stored, thus the engine is not searching simultaneously with you. Yet, it looks through the stored files, trying to find those that are relevant to your search.

Much like a librarian will look among all the stored and ordered books to find the one that you told him you need.

Not like the librarian, Google is able to look through the table of contents of each and every “book”, which helps the user to look not only at “books” that he has heard of already.

While the librarians know the book title and are able to find its number in the lists of the library, they are not obligated to be familiar with the content of the book. Which means that if you are looking for a book that explains how the sharks are hunting, you’ll have to check every book about sharks.

But whether you’ll find the information you need in the first or the last book depends more on luck than on anything else.

On the other hand, Google is a librarian that has read a larger or smaller part of every book that his library possesses. The search engines are librarians that are also unable to turn the book to the next page, so they jump from chapter to chapter using the table of contents.

On the web the books are websites and the table of contents is called sitemap.

 

What is a Sitemap

The utility of the sitemap should be clear by now. Still, it is important for every webmaster to truly understand it if he(or she) wants his(or hers) website to be visible for the search engines.

Simply put, the sitemap is a navigation for the search engines, represented as a list of pages of a specific website.

According to Wikipedia, “there are three primary kinds of sitemaps”

Sitemaps used during the planning of a Website by its designers, human-visible listings, typically hierarchical, of the pages on a site, and structured listings intended for web crawlers such as search engines. Where the later is the one we are interested in. Specifically, the one that Google introduced, also known as XML Sitemap.

In the sense that we are concerned with, the simplest possible answer to the question what is a sitemap is the following:

A sitemap is an XML file. It consists of website navigation, represented as a list of pages. In this file, the webmaster is providing the Search Engine with information about pages, media, and other files on his website and how they are related between each other. The XML sitemap file helps search engines to more properly read a website. Thus, they are able to rank it to more relevant queries.

Google is claiming that, if your site’s pages are properly linked, their web crawlers can usually discover most of your site. Yet, they are advising the webmaster to create and upload a sitemap, because that “can improve the crawling of your website”.

 

How to Create Sitemap

Now that we figured creating a Sitemap is a must to every webmaster that wants his contents to be visible for people in the search engines, it is only fair to cover the topic on how to create one.

If you are using WordPress to create your website/s, I highly recommend you to do the following:

If you decide to use Yoast SEO, which will surely make your life easier, you’ll have the opportunity for the plugin to create a sitemap for you.

Doing so is a process of just 6 steps.

  1. Log in to your WordPress website.
  2. Click on ‘SEO’
  3. Click on ‘General’.
  4. Click on the ‘Features’ tab.
  5. Toggle the ‘XML Sitemaps’ switch.
  6. Click ‘Save Changes’

 

How a Sitemap Might Put Your WordPress Website at Risk

Although the sitemap is apparently a key part of your website performance it may put your website at risk.

This is a widely neglected fact. I don’t know whether webmasters are missing it due to ignorance or they know, but still are not engaged enough to take care of their sitemap.

When speaking about internet security I will never get tired of repeat the fact that you are obligated to yourself, your website and your audience to use a strong password, so that your website won’t be taken over and thus, your audience’s data won’t be compromised.  

In most, if not all, CMS’s the author archive page is being indexed in the search engines, and it is presented in the sitemap.

Which, as you probably guessed, is dangerous. If anyone is able to see your username, they’ll be more likely to guess your password (through a brute-force attack, or otherwise).

Thus, it will be best if you remove your author’s page from the sitemap and that way to protect your website in one more way.

If you have Yoast SEO installed, to remove your username’s archive page from the sitemap, you should follow these steps:

 

  1. Log in to your WordPress website.
  2. Click on ‘Users’
  3. Find the user you want to remove from the sitemap.
  4. Hover it with your mouse, and click ‘Edit’.
  5. Scroll to the bottom of the page, where the Yoast Settings are located.
  6. Find the ‘Do not allow search engines to show this author’s archives in search results.’, and check that option.

 

Conclusion

Your website’s security is the most important thing you need to take care of. Not ‘when you are famous enough to worry about such things’, not ‘tommorow’.

Your website’s security should be important from day one. And while for someone to use your sitemap to find your username and thus to be able to attack your website more precise is not the most possible scenario, it is possible.

Removing your (and to all of your users’) name from the sitemap shouldn’t be the first, and certainly, it can’t be the only measure you take to prevent your website from being taken over. Still, it is a measure that will make you feel more secure. Even if you that, no one is able to promise that an attack won’t be successful. Therefore:

  • Use a secure and reliable hosting
  • Use strong password/s
  • Install security plugins
  • Hide your username archives from the sitemaps, so they won’t be publicly available

And learn more on how to make WordPress Secure

Create great content, and stay safe!

Lazar Shishmanov

Lazar Shishmanov

A writer by avocation, web enthusiast by choice. In love with almost every type of art. 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Share This