The Web Security Guide Every SEO Must Read

 


Web security is a major headache keeping businessmen awake at nights. Imagine waking up to the reality of having your client’s website hacked. Not only does that mean your business as an SEO expert goes away, but also that getting the website back on track will be an onerous task.

 

Traditionally, website security has been kept separate from SEO, apart from a few basic responsibilities on the part of SEO service experts (such as not establishing links to and from malicious websites). Because the lines separating different aspects of World Wide Web and business are diminishing, no SEO expert can ignore website security anymore. This guide is an attempt to scrape past the surface of this discussion and bring out some valuable insights in the process.

 

Why Bother?

 

Well, imagine having your or your client’s website accompanied by an unsavoury warning from Google, alongside the search result.

 

This generally happens when Google’s bots believe that your website might have harmful code that could, for instance, install malware on the computers of visitors. The reasons could run deeper, though. You’ll find an equivalent notification in your Google Search Console account too.

 

This is just one of the potential security related warning that Google could publish alongside your search results. Google’s support portal contains an extended list of other messages; here’s an illustration.

 

I would never risk my computer’s security by visiting such a flagged website; will you? Nobody will, and that will take all your SEO work down a deep pit! Instead, take complete control of each of the aspects of site security that link closely with SEO.

 

Have A Secure Website Via HTTPS

It’s clear that Google treats HTTPS websites as a lot more secure than others. This is how HTTPS protocol makes web info exchange more secure.

Since 2016, Chrome browser explicitly marks non-HTTPS web

 

sites as unsecure. That’s reason enough for every SEO expert to push their clients into doing everything necessary to immediately move to the HTTPS ecosystem.

 

Now, is your client’s website secure? Here’s a 2-step check:

 

i)                    Make sure the SSL certificate is properly installed on the server

ii)             Make sure the website’s URL are being pushed to their HTTPS versions

 

Type http://www.[yourwebsitename].com and hit Enter. If your server configuration in terms of redirect rules is properly set up, the page will be automatically redirected to https://www.[yourwebsitename].com. If it doesn’t, there’s a problem that needs immediate addressing.

 

Note: Though WordPress is considered very secure, an exceptionally large number of website based on the platform have been hacked in the recent past. Ensuring HTTPS protocol activation for your WordPress websites, hence, can’t wait any longer. Using plugins such as Really Simple SSL, the above 2-step process becomes even easier to manage for WP, as explained in this very descriptive tutorial on how to use HTTPS on WordPress.

 

Content Security Policy

Webmasters deal with a lot in terms of having to secure the website against possible attacks especially when content gets updated frequently like in the case of content repurposing or regular addition of new products as in e-commerce sites. Two of the commonest form of attacks that can happen are data injection attacks and Cross Site Scripting attacks. Any additional security layer that can help mitigate or report such an attack is worth the efforts. Content Security Policy (CSP) is precisely that layer. It can effectively block out external scripts as well as inline scripts from untrusted sources.

 

As an SEO expert, you can easily go out of the way and check whether CSP is in place for your client’s website. CSP is implemented via an HTTP header containing rules for all kinds of data assets. For example, an HTTP header to allow CSS and scripts only from default source (Self) will look like (allowing Google Analytics script as an exception):

 

How To Prevent A Site From Getting Hacked?

Don’t blame your clients if they want your help in keeping hackers away, even though that’s not a primary responsibility of an SEO. Think of it as an opportunity; you put in 5% extra, and in turn, significantly improve the client’s websites’ immunity against hackers, which eventually keeps on getting you their business.

Here’s a quick list of site security best practices that help you make your clients’ website hacker proof.

  • Check whether the CMS software, or the website builder code, is upgraded to the latest version.
  • Educate your client/their website admins about spam, brute force attacks, cross site scripting, SQL injections, etc.
  • Change passwords often.
  • Not use any unsecured or unproven 3rd party tools to link to the client website for analysis, etc.
  • Don’t publish server level technical information in error pages; error pages should say something like ‘page not found’.
  • Enable validation of inputs on the browser side as well as server side, to ensure malicious codes don’t infect the server.
  • If your client website allows users to upload files, recommend safekeeping controls to ensure no scripts are uploaded alongside.
  • Use a mix of web security tools to safeguard your clients’ websites; more on this later in the guide.

What To Do If Your Client Site Is Hacked?

Alright; the worse has happened, now what? Your response will depend on the nature of the security flaw, which could well be indicated by the warning message that Google appends to your website’s search result.

To check the details, log in to Search Console, go to the Security Issues section, and check the details of the URLs that appear to be compromised, along with the specifics of the kind of security breach for each URL.

Here, you’ll need to clearly communicate to your clients so that they know they need to bring in web developers and programmers to take care of the security problems with the website. Also, recommend them to contact the web hosting provider too, who can offer valuable insights and contacts, based on knowledge of other websites that might have faced similar problems.

Google, in its official help video for webmasters whose website may have been hacked, recommends them to seek technical expertise to sort out the technical issues. The amount of time taken to get over the hack will depend on:

  • The level of tech expertise of your client’s team
  • Amount of content affected (site-wide spamming, for instance, needs more time for removal)
  • Extent of damage/complexity of the hack

How To Keep Your Rankings Safe If Your Client Site Gets Hacked?

Quick and comprehensive actions – that’s the golden rule to remember to make sure the hack doesn’t cause an SEO nightmare for the website.

 

Note: If the entire site has been hacked, take it offline by asking your web host to configure it so that a 503 error page is returned for access made outside the infected directory. Don’t go for robots.txt disallow, because that won’t block the website for users who visit using your URL (only stops the web crawlers).

If you are aware of the compromised URLs, the task is easier:

  • First, remove the infected URLs from the index using the Remove URLs option in Search Console.
  • Then, do a quick scan for crawl errors, and re submit your website’s site map.
  • Once the website admin and the security team have removed the malware and acted upon the issues highlighted in Search Console, I recommend you submit your website to the Search Console Security Issues report for a review.
  • A successful review would be indicated by such a message in your Search Console:

 

Also, depending on the nature of the security breach, you will need to restore your WordPress website to an older version, or even consider moving the website to a more secure hosting provider.

 

 

Comments

Post a Comment

Popular posts from this blog

SEO Services for Small Businesses: Grow Your Brand & Increase Sales

In today's highly competitive digital landscape, standing out online is no longer optional, it's a necessity. Small businesses often struggle to compete with larger companies that have extensive marketing budgets. However, an effective Search Engine Optimization (SEO) strategy can bridge this gap, helping small businesses enhance their online visibility, attract local customers, and compete effectively without breaking the bank. This comprehensive guide explores the transformative benefits of SEO services, the advantages of partnering with an expert SEO agency, and essential tips for choosing the right provider. Why seo services need  for small business SEO is not just a marketing trend; it's an essential digital strategy that can significantly impact your business's success. Studies show that 68% of all website traffic originates from Google searches , highlighting the importance of ranking well on search engine results pages (SERPs). With a well-implemented SE...
Read more

Technical SEO Services: A Complete Guide to Optimizing Your Website

In the competitive world of digital marketing, having a visually appealing website is not enough. Your website needs to be technically optimized to rank higher in search engine results, load faster, and provide seamless user experience. This is where technical SEO services come into play. In this guide, we’ll explore everything you need to know about technical SEO and how it can improve your website’s performance. What is Technical SEO? Understanding the Basics Technical SEO refers to the optimization of a website’s infrastructure to improve search engine crawling, indexing, and ranking. Unlike on-page SEO , which focuses on content, and off-page SEO, which involves backlinks, technical SEO enhances the website’s backend elements to boost performance and visibility. Why Technical SEO Matters Improves search engine visibility Enhance website speed and performance Ensures proper indexing and crawling Reduces bounce rates and improves user experience...
Read more

SEO for Small Businesses: Everything You Need to Know

Image
Search engine optimization (SEO) is a vital component of any digital marketing strategy. For small businesses, it offers an affordable and effective way to increase online visibility, attract local customers, and grow their brand presence. In this comprehensive guide, we’ll explore what SEO means, why it matters for small businesses, and actionable steps you can take to improve your rankings in search engine results. What Is SEO? SEO or search engine optimization is the process of improving a website’s visibility on search engines like Google, Yahoo!, or Bing. By following SEO best practices, businesses can rank higher in search results, drive organic traffic, and reach potential customers without paying for ads. Why SEO for Small Businesses often operate on tight marketing budgets. SEO is a cost-effective strategy that can: Increase website traffic: Higher rankings result in more visibility and clicks. Boost local foot traffic: Especially beneficial for brick-and-mor...
Read more