For my next online “challenge” I received a very worrying message from the Google webmaster tools last week: Google had “noticed” that one of my health sites had blocked access to Googlebot over 13,000 times!

This is what the message said:  “Googlebot couldn’t crawl your URL because your server either requires authentication to access the page, or it is blocking Googlebot from accessing your site.”  They concluded by saying that if that was intentional, fine – otherwise I might like to fix it!

When we all spend so much time and effort trying to make our sites attractive to Google, it’s depressing to say the least, to find that something is blocking access. It's even more depressing when it turns out you're blocking Google yourself – which is what emerged.

That particular site is hosted with Hostgator, so I asked for their help and they replied to the effect that my .htaccess file was blocking Google and other search engines. It actually included some code to specifically do this!

Hostgator responded very quickly and were very helpful. They edited the file to remove the offending code and I managed to follow the Google webmaster instructions to inform Google that unblocking should have been completed.

Of course that didn't solve the mystery of how it had happened in the first place!

My biggest worry was that there had been a breach of security at Hostgator and someone had been able to edit my .htaccess to insert that blocking code. It certainly wasn’t the type of thing I would have known how to insert even if I wanted to. My passwords and username are not easily guessable, although I suppose there are some clever pieces of hacking software out there.

I quizzed Hostgator further, they checked their logs for me and they said there had been no breach at their end, which I'm happy to believe as only one blog was affected – the blog where I had added a new plugin. Hostgator said it looked as if the plugin I had recently installed security had done the blocking and advised me to change the settings. I'm not going name the plugin because when I looked at the settings I couldn't see any that would have had that effect. (I contacted the plugin support team for advice but had no reply – fair enough, it IS a free plugin.)

However, I would be interested to hear from the more experienced bloggers in the community which security plugin they recommend. It needs to be light-weight in both impact on this blog, which already runs like treacle, and on my brain – ditto!

Update: Someone on a help site I use has recommended Better WP Security, so I added that instead of the earlier one and keeping fingers crossed!

Which security plugin do YOU recommend?

Update April 2017: I never did solve the problem of security on my site until I moved to away from shared hosting. Read the story of my move to managed WordPress Hosting.