Site icon Bill Hartzer

Be Careful: Widget Vendor Tries to Give Themselves GSC Access

watch the code

Be careful of all of the code that others request that you add on your website, even supposed trusted SEO-related tool vendors. If you don’t fully understand the code and why it’s being place on your website, then it’s your responsibility. The tool vendor may be giving them access to your website or even to Google Search Console without an explanation.

In one case, the widget vendor gave JavaScript code to add the website. One JavaScript script for the head section of the site, and other JavaScript for where their widget is supposed to appear. However, the tool vendor also provided their Google verification meta tag, to be placed in the head section of the page along with the JavaScript code. Most unknowing website owners will simply copy and paste this code, because it’s given to them to install on their website.

In a phone call to the vendor today, and after I questioned them wanting access to Google Search Console, they admitted that they had provided the code to the website owner. Their explanation, after being questioned about it, was “sometimes website owners want us to help them take care of issues on their website.” This is completely unethical, in my opinion, to say the least.

The tool vendor provides JavaScript code that will provide a widget on the website owner’s website. It pulls certain data from third party websites (it scrapes that data without permission) and marks it up with Schema markup. There really is no need for any additional access to the website or access to the website owner’s Google Search Console account.

I can see a few reasons here, that would explain why this tool vendor would want access to the Google Search Console of the website:

I honestly cannot see any reason that is legitimate as to why an SEO-related tool vendor who provides a widget for a website ONLY (only a widget) needs access to Google Search Console, claiming that they are the website owner. Furthermore, to just provide this code to an innocent unknowing website owner with no explanation is unacceptable in my book. The tool vendor does not provide any reporting information that would be pulled from Google Search Console, so there’s no need for this access.

At this time, I’m not going to publish the tool vendor, and only refer to this vendor as a tool vendor that provides schema related markup for websites. They provide a widget that shows certain scraped data from other websites.

Be careful of all of the code that others request that you add on your website, even supposed trusted SEO-related tool vendors. If you don’t fully understand the code and why it’s being place on your website, get someone who knows the code and what it’s doing.

Exit mobile version