A hacked website can take on many looks. It can be as seemingly meaningless as adding spam to your header code to sell shoes or it can be as nefarious as collecting user data as a way to steal someone’s identity.
When it comes to website security, you can’t take a relaxed approach. According to a study by GoDaddy, 73.9% of hacked sites are hacked for SEO purposes. This means that hackers are looking to generate traffic to their sites by piggy-backing off your site.
In every instance though, both the public’s trust and Google’s trust in your brand are tainted. And that will take time to rebuild.
Little Hacks With Big Consequences
When I first started in SEO, a colleague reached out for my help with his hacked website. His company, an environmental consulting firm, was now promoting Viagra and Cialis through its website. The hacker(s) had gained access through a flaw in an outdated version of WordPress.
Even after updating to the latest version of WordPress the hacker was still able to gain access to the site through a backdoor he left for himself. This repeated a couple more times before we had to reinstall a clean version of WP.
This may seem like a relatively harmless hacking, but it does demonstrate how easily a website can be breached and controlled by a malicious entity.
Everyday Day Attacks
Facebook, Equifax, Marriot – all organizations who had their user data stolen. There is no worse feeling than finding out that your personal information now belongs to some unknown hacker.
are quickly becoming have become an almost everyday occurrence. In fact, 30,000 everyday occurrences. It’s been reported that over 200 cyber security attacks happen every hour of every day. And if notable company’s like Facebook and Equifax have exposed your data to hackers, history shows that your website will be hit sooner or later.
If you’re sitting there saying your website doesn’t process credit cards or take payments, you still need to make security a priority.
What’s at Stake
Hacking happens. Regardless of whether your website is a brochure for your services or an established eCommerce shop, you are responsible for protecting your users’ information. Even if it’s as seemingly innocuous as an email address.
- Highjack it and hold it ransom
- Extort your users with private or sensitive information
- Collect names, emails, and other critical data for financial fraud
What you need to know in order to keep your users and your data safe.
What does security have to do with SEO?
It comes down to trust. Trust that your website is reliable and not duping visitors with shady content. It’s as simple as that. It’s a fundamental piece of any business transaction. Because website security and SEO go hand-in-hand. And if Google can’t trust you and your website visitors can’t trust you then what do you have? Without trust people won’t do business with you. That’s why it’s part of E-A-T. Without trust, your site will struggle to maintain a sustainable SEO strategy.
So how can your website build trust?
Although having an SSL certificate is not a ranking factor, it is an extremely important trust factor. Google has taken steps to protect it’s Chrome users by instituting protocols to warn when they are accessing an unsafe or insecure website. Mozilla Firefox goes even further and will block access to any website that appears suspicious and may contain viruses or Trojans.
And although skimping on an SSL certificate won’t visibly impact your SEO performance, diminished traffic and engagement will.
That little lock in the corner of your address bar wields a lot of subtle power. Not getting that all-powerful icon can be from something as seemingly innocuous as an insecure image or a contact form that isn’t properly encrypted.
What can you do to protect your site and visitors
Beyond using strong passwords and changing them regularly, there are quite a few things you can do to keep your site safe from hackers. Be sure to make all hyperlinks, image links, and forms secured with SSL. If you don’t see the little lock in the address bar then that page isn’t fully secure. Consider getting a dedicated private server. This will greatly reduce your exposure to server attacks. You should also run regular backups of your site.
… And if you’re using one of the big CMS platforms
- Change your wp-admin URL page to something unique
- Don’t use Admin as a user login
- Keep your plugins and WordPress up-to-date
- Ensure your plugins come from reputable sources
- Install a security plugin, like WordFence
- Add extra protection with two-factor authentication
- Remove unused contributors
- Force devices and apps to log out
- Keep your browser and operating system up to date
- Keep your antivirus software up to date
- Report vulnerabilities
- Two-factor authentication
- Limit apps that can write to your store.
- Set access limits and set permissions in your store admin area
- Back up your content
Keep Your Website Safe
As my parking garage door reads: Security is everyone’s priority.
No website is too small to be hacked. Don’t take your website’s security for granted. Hackers are always coming up with new ways to steal peoples’ information.
Your organization’s reputation and revenue are at stake here.
These types of attacks can negatively impact your reputation and bottom line. To quote one article on the topic:
“Of more concern to companies is the theft of intellectual property, such as trade secrets, copyrighted material, product designs, customer lists, inventions and the like. Such information is valuable, both in terms of present revenue and future potential revenue.”
Don’t leave your company and your customers at risk to hackers. Being diligent about your website’s security isn’t a daunting task and it will help to grow your business.