Simple IP-Detection Bad for SEO

In general, Perishable Press enjoys generous ranking in Google’s search-engine results. The site’s many pages bring in lots of traffic for some great keywords, and a direct search for “Perishable Press” returns the first spot, with eight featured site links even. And recently, after switching servers, traffic increased even further. Things were going well, and it seemed like the perfect opportunity to finally renovate and redesign the site. So I dive in..

And then approximately 24-48 hours after beginning work on the new design, BAM – suddenly Google cuts my traffic by 75% and removes most of my pages from appearing in the search results. For example, the home page was not among the search results for “perishablepress.com” – so obviously something bad had happened, and my long-standing, reputable website had been penalized by Google.

What happened

While designing the new site, I needed a way to detect IP address for any requests for the home page:

http://perishablepress.com/

During development, requests for that URL returned the root index.php file with the following PHP logic:

<?php // IP-based WP-loading

if ($_SERVER['REMOTE_ADDR'] == '123.456.789.0') {

	define('WP_USE_THEMES', true);
	require_once("./perish/wp-blog-header.php");

} else {

	define('WP_USE_THEMES', true);
	require_once("./press/wp-blog-header.php");

} ?>

The new design is happening via second installation of WordPress in its own subdirectory, /perish/. The previous site also exists in its own subdirectory, /press/. So during development, I needed a way to load the new WordPress installation for my IP address, and the old WordPress installation for all other IPs. And that’s exactly what the above logic handles so elegantly.

Google don’t like it

After implementing the IP-detection, I continued site development and everything was working great, until about 24-48 hours later when I noticed that my pages were being excluded from the search results, seriously decreasing traffic from Google. Just prior to the traffic drop, only three significant changes were made to the site:

  • Installed new subdirectory WordPress
  • Setup IP-based loading of WordPress
  • Removed a canonical redirect of /press/ to root

The removal of the canonical redirect resulted in one page of duplicate content (on both /press/ and home page), but that wouldn’t be reason for such drastic measures from Google. After much scrambling to determine the issue, it became apparent that Google had detected the IP-detection script that I was using to conditionally load WordPress for the site’s home page.

I don’t have any solid evidence to support this, but my best guess is that Google somehow detected the script, disapproved, and penalized my site by dropping it from the search results. I would have contacted someone at Google to verify this, but apparently they are too big to be bothered with us humans.

Why Google hates them

Since discovering/reasoning all this, I’ve removed the IP-detection script and will continue with the redesign live & in real-time. While we wait and see whether or not that in fact resolves the issue, it is interesting to consider why Google penalizes something as simple as an IP-detection script. Here’s what Google Webmaster Central has to say about cloaking, sneaky Javascript redirects, and doorway pages:

Cloaking refers to the practice of presenting different content or URLs to users and search engines. Serving up different results based on user agent may cause your site to be perceived as deceptive and removed from the Google index.

Although it doesn’t mention IP addresses, the take-home message seems to imply that any form of cloaking – via user-agent, IP, referrer, etc. – is strictly forbidden. I get the logic behind this policy, but a quick message in the Webmaster Tools dashboard would have been so absolutely helpful and time-saving.

Here is an example of a simple message that would have saved significant time, energy, and resources:

We have detected you detecting us. Please stop or we will shut you down. – Love, Google

Something as simple and automated as that would alleviate much stress:

  • You can’t just “contact” Google and ask them what’s up
  • You’d know why your pages no longer appear in the search results
  • You’d know that Google requires action
  • You’d have a good idea of how to resolve the issue
  • You’d know that Google has the “shoot first, you deal with it” mentality

And so even better than an “oh-by-the-way” message would be Google sending notification before killing your site. Why not give people a chance to resolve potential issues before just sending in the terminators to wipe them out.

Lesson learned, moving on

Moral of the story: If you need to serve different content to different users, use something more stealth than a simple PHP script to make it happen. If Google even gets a whiff of anything it doesn’t approve, it will shut you down with absolutely zero notice.