I’ve worked in SEO for over 15 years and when I visit a site can’t help but look under the hood for SEO issues
Considering this part of the site is a forum the SEO isn’t too bad (some of it is good, which is rare for forums), but you have a semi-hidden link to discourse.org in the code.
View source of a topic for example and you’ll find:
> <noscript data-path="/t/using-certbot-on-a-centos-6-server-tutorial/39760">
> ... code removed ...
> <footer id='noscript-footer'>
> <p>Powered by <a href="https://www.discourse.org">Discourse</a>, best viewed with JavaScript enabled</p>
> </footer>
> </noscript>
I’m sure you know the noscript tag is for when javascript is disabled, but the content should match the javascript version of the content and I don’t see a text link to the Discource site (your CDN provider?).
Google will penalize sites for gaining hidden links this way and this could have a impact on this sites SERPs since you are potentially linking to a ‘bad’ site (you are OK as long as they are OK, if they get a Google penalty you might get a penalty as well: you’d be linking to an untrusted domain). It’s not worth the risk (if you pay Discource for the CDN it’s a sucky business move as well), I would remove this semi-hidden link ASAP. Replace it with a simple notice “Best viewed with JavaScript enabled”.
This sort of hidden linking is greyhat SEO at best. I’ve created free WordPress themes in the past with a Powered by Link in the footer (not semi-hidden like this one) and because my themes are used on tens of thousands of sites it generated millions of backlinks. Google penalized the site so badly I had to use another domain, so you can imagine what they might do with a semi-hidden link!
Discourse is the open source software behind this forum.
I don’t think there’s an SEO issue here. Tons of popular and successful products do this, including WordPress with their “Powered by WordPress.com” footer. IIRC Drupal does this too.
The link is within a noscript tag, it's semi-hidden, you have to either view code source to find it or turn javascript off. 99% of users here will never see the link, that's a potential SEO issue, Google is meant to see the same as your users see.
This is a known (very old) blackhat SEO technique, even if their intention wasn't to game Google, having millions of semi-hidden backlinks is gaming Google.
JavaScript: Place the same content from the JavaScript in a tag. If you use this method, ensure the contents are exactly the same as what’s contained in the JavaScript, and that this content is shown to visitors who do not have JavaScript enabled in their browser.
Those links have the potential to damage this site, why take the risk, what's the gain keeping the semi-hidden links?
Also even if Google decides it's OK and never downgraded discourse.org (note I haven't checked if they might already be carrying a penalty for this) this site is linking out to a site with no gain to this site: this uses this sites link benefit for no gain and waters down anchor text benefit of other links for no gain.
WordPress etc... tend not to use semi-hidden links. It's the semi-hidden nature of the links which are the main issue.
Discourse, like many other single-page applications, serves different markup to crawlers like Google. What you’re seeing when you visit the site isn’t necessarily the same thing Google will see. In this particular case, the footer is included in a regular, non-hidden <p> tag in the crawler version.
Check the Google cache of indexed webpages : there’s a little downward arrow next to indexed URLs with the “Cached” link. You can see Google does cache the semi-hidden link.
Can also see them specifically for this site via this search:
You are right the link isn’t semi-hidden to Googlebot (that was lazy of me not checking the cache earlier).
This is cloaking and is worse as the semi-hidden noscript text link isn’t served to Google at all and is only shown to real users not using javascript. This means Google considers the “Powered by link” as standard body text and will pass full SEO benefit through the link.
This is serving Google different content to your visitors: basically same SEO impact, but for another reason.
“Powered by (link to Discourse), best viewed with JavaScript enabled”
and other visitors only need this information inside a noscript tag?
From a completely whitehat SEO perspective Googlebot could be served the content it has now without the “Powered by link” etc… (Googlebot doesn’t need the information) and real users can be served the noscript link as long as it has a rel=“nofollow” tag to pass no SEO benefit to the Discourse URL (even though Google would never see it). This would indicate Discourse is not trying to game Google.
Though better still is remove the link completely: no SEO risk at all.
Just takes one report to Google for them to review Discourses link building practices (1.7 million backlinks is a big deal) and I’ve seen plenty of businesses penalized for less than this.
I don’t know enough about SEO to say whether Google would treat this as malicious, but my understanding of how this works is that the target of those backlinks would be penalized, i.e. discourse.org. I don’t think that’s a concern for Let’s Encrypt.
From a practical point of view, the footer is part of Discourse’s source code and cannot be changed easily in configuration, AFAIK. I don’t think this is something worth maintaining a fork over. If you feel like it, you can bring this up in the Discourse Meta Forum.
Thanks for your concern and your detailed explanation! I agree with @pfg: would you raise this on https://meta.discourse.org/, since that way the Discourse maintainers will see it?
Although the Discourse site would be hit the worst with a penalty, Google does penalize sites linking to bad sites. Google considers the webmaster 100% responsible for the links from a site, it’s the webmasters responsibility for what their site links to, basically link to bad stuff and Google doesn’t trust you as much. You could find all your links are downgraded because you have a hidden sitewide link to a penalized domain (this is only an issue if Discourse gain a penalty).
For the record if letsencrypt.org was one of my sites I’d edit the forum script to remove the link ASAP: better safe than sorry and more importantly if you guys have serious SEO problems you might not continue to give free SSL certs away and that has a negative impact on me
Let’s hope they take my advice, now I’ve posted about it there’s a good chance someone will report them to Google and if Google sees it like I do, it’s a penalty.
BTW interesting description of the relevant commit:
Put the 'Powered by Discourse...' message shown to crawlers and no-js visitors in a footer element so that SEO something something.
That looks iffy, the link appears to have been added for SEO reasons, guessing the person who committed it didn’t fully appreciate what they were doing: from a blackhat SEO perspective you’d add it for the millions of free backlinks.
As I look into this further I’m more convinced than ever this is a deliberate act to game Google while hiding it from Discourse forum users like you! Check this threads Googlecache and note the links to discourse.org (posted by jsha above) do NOT have a rel=“nofollow” tag which the script adds to other links.
Hmm, just double checked the above and the results aren’t consistent, so might be a poorly coded script not adding nofollow to all links. I see some links with nofollow others without nofollow, if this is a bug in the forum script it potentially leaves you open to comment spamming for backlinks. Basically if comment spammers figure out the format to use for links for them not to be nofollowed your forum could be spammed to death!
Right, back to real work, have a server full of domains to create free SSL certs for
I left a comment regarding the nofollow behaviour on your blog (tl;dr: working as intended as a measure against comment spam). Pity the Discourse Meta topic is gone - while I don’t think that the current behaviour is malicious, I can see that there’s a certain risk (primarily for Discourse) depending on how whoever reviews reports on Google’s end would perceive the situation, so looking into possible alternatives should be something to think about for them.
I’ll close this since there’s not much to be done from our end.
