Automating Google Webmaster Tools Validation (PHP)

In order to claim a website with Google’s Webmaster Tools you have to verify you own it or at least have access to the file system. In order to do so Google gives you a file to upload to the domains www directory that is something like this: google9bf026a5h34deb40d.html

It use to be this file was completely empty returning nothing. However this probably lead to some hacking abuse where certain websites were not properly configured to give an empty page for 404 (page not found.) It doesn’t take a genius to figure out such a website could easily be registered as your own as the call to the validation file would return exact what Google was looking for.

The validation file is no longer empty and Google won’t accept empty files they now must contain the following:

google-site-verification: google9bf026a5h34deb40d.html

You can see the name of the file is now part of the content which helps eliminate validation hijacking

Suppose you got a lot of Google friends or accounts that you want to allow to have access to your site with their webmaster tools. Updating their individual validation files can be a chore so here is an easy way to automate the process.

This example is not exact you will need to adjust it to your own needs.

First add a line in your .htaccess file.

RewriteRule ^google ([a-zA-Z0-9]+).html$ googlevalidateme.php?v=$1 [NC,L]

Then have a PHP program called googlevalidateme.php

<?php
echo 'google-site-verification: google'.$_REQUEST[v].'.html';

So with this example any calles to googlexxxx.html will pass xxxx as a value to googlevalidateme.php which will return the correct validation code for Google.

Of course you might want to improve this with a call to a master list someplace so that unwanted others can’t validate and spy on you.