The back story: last month, we rebuilt an older website for a newer customer of ours.

Shortly after the new site went online, the customer’s marketing agent contacted us with a long email she had received from their previous web development company.

I was asked to respond to the email since a large portion of the email was in reference to Search Engine Optimization. Below is the sanitized version of this email thread (names and addressed removed to protect the guilty), with the quoted text from the previous company.

Scott told me about this email that you had sent to him and Mark and I wanted to take a moment to go through this with you.

#1   I don’t know who this guy is… if he is the previous web guy, or just somebody “cold calling” you out of the blue.  So I’m just going to respond to the topics as they come along.  My answers are all inline with the original e-mail.

Date: July 9, 2013, 11:00:17 AM EDT

Subject: Aaron & Jessica’s Buggy Rides

Hi Laura,

I figured this would be easier than communicating through LinkedIn. When the site was redesigned all of the data that was written and coded for the site was erased. The site currently has no meta descriptions, no meta tags, no meta keywords, no alt texting on the  images,

Meta Descriptions & meta tags are in place where appropriate. Meta keywords are no longer of any SEO value to Google. The only time we would consider using meta keywords is if we were targeting the old, mostly unused search engines.  When we took on your site we committed to doing a reasonable amount of SEO.   Pictures get alt tags, Meta descriptions, tags are put in place on the locations where it is important and “wordsmithing” is also performed. Here is the standard we follow:  httpss://


and the URL structure that the links were pointing to coming into the site are no longer valid for some pages because those pages no >longer exist.

This is totally correct. When we rebuilt this site a new structure was put into place. This structure was sent to Google the day we went live so that they knew exactly what pages were valid.  IF somebody goes to an outdated link they automatically get an error message. Here is an example.

I need to step in here and further explain that I followed up with the customer via the telephone and explained this in further detail. When a website is “moved” in a manner such as this, the “standard” is to take all of the old site’s links and, via a special file called the .htaccess file, connect the old links to the new links so that the search engines can still see the old links while learning the new ones. However an “acceptable” practice with smaller, less visited sites is to simply take down the site, put the new site in place and take the temporary hit in Search Engine ranking. With the entire site changed there will be a period of flux where the site’s rankings will take a hit before being adjusted by said search engines. If the site had been extremely busy or had very large amounts of links, we would follow the standard.


There were major alerts sent to the Google Webmaster account for this website and we have been able to keep the rankings from sliding too much while we work this out with you. But eventually all of those rankings will drop off the search engines completely because Google has no idea what the site is about if there is no back end coding to tell them what the site is about.

Google has a tool named Google Webmaster. It helps a site’s webmaster make sure that the site is functioning within Google’s rules.  There can only be 1 (one) webmaster account for a given website. This is controlled via a system of authentication that Google provides. Basically I have to upload a file into the website folder that has a serial number in it. I tell Google that I am the webmaster for, it tells me “prove it” and gives me a serial number. I put the serial number where Google wants it and when Google sees it, Google gives me access to the webmaster tools for this website.

This was done for the day we took the site “live”. So it would be impossible for the previous web guy to get alerts when the Webmaster Tools were no longer assigned to his Google account.

Jumping in again…When we build a site we use robots.txt to keep Google & Bing away from the site until we have the content the customer wants. When we go live, we change the robots.txt file to allow the search engines to see and index the site. Additional other checks and steps are part of this process and we have an in house document that is checked by two separate staff members to make sure all of the steps are taken care of to ensure that a site has “gone live”


We can go ahead and fix this but we have to charge for our time to do so or discontinue SEO services on this site effective immediately. We would prefer not to discontinue as we feel this new site will help his rankings and we can get him even better placement than before but without the coding we are wasting our time and yours.

I will leave this to you and Mark. We performed all the basic keyword placement & structuring on the site that we perform for all of our customers.

I didn’t further discuss this with the customer, we have a meeting planned for this. However, in my opinion, having this company continue to work on the website after it has been finished will be counterproductive. They weren’t involved in the planning process for where the website is going in the longer term and to be honest, I don’t really trust them after reading their letter and seeing their “retention tactics”.

 Here’s a chart of how many keywords the site was ranking for in the search engines. See the big drop in the heart of the startup of the season? That’s due to the new site going live without the code in place.
 Here’s a chart showing search engine traffic from December til now. We were gearing up and the new site just caused the traffic to tank and it’s only due to the efforts we have done with the search engines that we were able to stop the bleeding.

I am not sure what efforts, with other search engines these guys are performing. We focus on Google & Bing. Respectively they hold 84% of the entire world’s search engine market. And with all of the other sites we manage we almost never see traffic from Yahoo or any other search engine. So we choose to focus on where the people are.

The problem with this chart is fairly obvious: how is he getting web stats on a website he isn’t hosting? The website is on Aim’s server. So we have [possession of] the raw traffic logs.  The analytics are in our company’s analytic account, so he doesn’t have access to this. There ARE external traffic monitoring systems.  But none of them are very accurate. Here are two web sites that talk about these systems:

The reviews are not glowing for these tools. Some of the tools do have some merit. But at the end of the day the numbers shown are flawed. Without a tracking code, or access to the server logs, nobody has any real number on web tracking but you and us.


AIM claims that they build search engine optimized sites from the ground up but clearly either they overlooked it on this site, as there is no data on the WordPress template that they used. There isn’t the proper plug in’s installed or if they are installed they have not been set up properly.

This is real simple. Our WordPress sites have as much administrative data removed as we can remove for security reasons. The less a hacker can learn about our sites, the more likely he is to go elsewhere, to an easier target. So if he can’t see what plugins we have, perfect… This is but one of the pieces in our security plan.

This is a big one, there will be security experts that will jump on this and say you can’t simply hide behind a nameless Content Management System and expect to get away with it. They are totally right. Security through obscurity is one very small part of the overall process.


Also, Jack will need to make sure that if this site is a wordpress template and it’s hosted on a public hosting company like bluehost or Rackspace that the site has the right security plug ins installed or the site will be susceptible to being hacked.

ALL of our web sites, Joomla, WordPress, and custom code based have a rather large security suite installed.  I spend around 3 hours per web site securing it after it is “done”.  Maintenance efforts revisit security issues every 3 months when we perform off site backups. Our websites are on large bulk hosting companies and we make no effort to hide this fact from anybody.  In the rare case that a website has special security needs or very large volumes of traffic then we have other special dedicated hosting systems on that that we can use for those special needs. Otherwise we keep it simple, and cheap for all involved.


We’ve seen it time and time again. Open source site builders like WordPress are great and make it so you can build a site cheap but that comes at a price. I’ve seen a lot of sites get hacked or get a virus because they were WordPress sites hosted with public hosting companies.

I totally agree, WordPress in the hands of a hosting firm that doesn’t take the extra steps to secure the system can be hacked. There are also some public hosting companies out there that are very sloppy in their own server security. Aim currently uses HostGator and I have been working with HostGator on my own for over 10 years. Great company, very security minded. No website is 100% hack proof. But we do take a lot of extra time to make our websites much less of a target.

If you would like to talk to me about any of this I’ll be in the office for the rest of the day and would be happy to address any of your concerns.

P.S.  Web site security is a passion of mine.  I had my own web site hacked years ago and ever since then I have spent a large amount of time keeping abreast of the security issues.  I have a “web site security site ” as my home page.  So I know whats going on out there on a day by day basis.  If you would like for me to show you the security system in place on the web site please call me and I can walk you through the interface.  I know you wont understand everything you see but you will clearly be able to understand that there is a rather big, complex security system in place and that it is working.

Again this is an over simplified answer to the customer’s question. But in this case my customer admittedly knows very little about web site security (which is why she hired us). It’s also my job to find a common ground that the customer and I can interface on. I need to explain to the customer in terms she understands that we do take quite bit of time to deal with security when it comes to her web site.


To be fair, I have omitted all of the information about the previous web company that contacted my new customer. There is no reason to get into a he said, he said debate. They were clearly trying to win back the customer’s attention.  We would have made a similar effort at Aim. But what we will not do is attempt to confuse the customer by mixing today’s relevant facts with charts, information and rules that only muddy the waters. We are not perfect.  Our customer’s websites aren’t making them all millions of dollars from our grand efforts. But with every website we build, we give consistent effort towards building a solid foundation. Our websites stand on their own merit and are built following the standards put forth by the web community and all of the current major players guidelines within the world of search engines.