I previous wrote about how Google Ads is not impacted by the Log4j security vulnerability but many sites and servers are. So if you have a website that needs to have updates because of the Log4j security issue, do you have to worry if you need to take down the site and Googlebot is unable to reach it?
If you take down your site and Google cannot crawl it, then it might impact your rankings. Google has spoke about how to handle site outages including using the 503 status code and maybe making a static site - a lot of this advice from Google's John Mueller then would work here.
John Mueller of Google shared a Twitter thread with new advice on how to handle taking your site offline to fix any Log4j security vulnerabilities.
(1) Make a static version of your site:
... ideally (strongly recommended) use the same URLs, then very little changes for search. Dynamic functionality usually doesn't play a role in SEO (exception: some search pages). Same URLs = no redirects needed = same content, bolding, headings, internal links, etc. (...
— π§ John π§ (@JohnMu) December 15, 2021
(2) Copy the site and also read the advice for pausing your online business:
... If you can't do that for the whole site, doing it for your primary pages is better than nothing (check Search Console & Analytics). We have more similar tips at https://t.co/uddzHNZwPB from several years ago, I think. (...
— π§ John π§ (@JohnMu) December 15, 2021
(3) Host it on the same domain, but if you can't use 302s for temporary redirects:
... If you need to host the static content on another hostname, 302 redirects are best, but all of them will "move" the content (for indexing) after a few days. If you can avoid redirects, it's much better. (...
— π§ John π§ (@JohnMu) December 15, 2021
(4) Don't worry, temporary outages will be fine in the long run:
... Also, temporary technical issues are not a sign of a low-quality website. Sometimes things break, it happens to us too (eeks, sorry), our systems will work to get things indexed & ranking once your site is online normally again. Good luck!
— π§ John π§ (@JohnMu) December 15, 2021
What is Log4j? Apache Log4j is a Java-based logging utility originally written by Ceki GΓΌlcΓΌ. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks. On December 9, 2021, a zero-day vulnerability involving arbitrary code execution in Log4j 2 was published by the Alibaba Cloud Security Team and given the descriptor "Log4Shell". It has been characterized by Tenable as "the single biggest, most critical vulnerability of the last decade".
Forum discussion at Twitter.
