“Website security” – let’s be honest: when was the last time you seriously thought about it? When was the last time you or your SEO team spent two seconds on the latest website security trends?
Businesses may be spending billions of dollars on SEO right now, but a significant percentage of companies with websites don’t even think about website security.
Why Website Security Is Important
As an entrepreneur, you’ve probably spent hundreds or even thousands of dollars over the years on marketing and SEO, but the weakest link in the digital marketing chain is clearly website security:
A recent Google survey shows that Americans know less than they think about website security: 55% of Americans 16 and older have an A or B rating for online safety and security, but 70% of them mistakenly identified its appearance as a secure website.
A Harris Poll survey in March 2019 shows that 97% of millennials answer at least one of six questions about website security.
Ransomware attacks: a type of malicious software designed to block access to a computer system until a sum of money is paid – increased 195% in small and medium-sized businesses since the first quarter of 2019.
The sad truth is that no one really cares about site security until they are faced with a real threat from malware or ransomware attacks.
While people have many easy and affordable ways to stay safe on the web, small and even large businesses see this as a cost they don’t want to pay and a complex process they don’t want to learn about, so they’re not willing to be proactive.
With this threat looming over all commercial and service sites, it is becoming increasingly critical to spend time and money protecting the site. Because if your website is compromised, your entire business will be compromised.
First Step Towards a Secure Website
The basics of website security start with SSL / TLS over your existing HTTP.
SSL stands for Secure Sockets Layer and, in short, it is the standard technology to maintain a secure connection to the Internet and protect all confidential data that is sent between two systems, preventing criminals from reading and modifying any transferred information, including possible personal data.
TLS stands for Transport Layer Security and it is just an updated and more secure version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you buy SSL from Symantec, you are actually buying the most up-to-date TLS certificates.
HTTP stands for Hypertext Transfer Protocol. In its most basic form, it allows communication between different systems. It is most commonly used to transfer data from a web server to a browser, to allow users to view web pages. It is the protocol that was used basically for all the first sites.
HTTPS stands for Hypertext Transfer Protocol Secure. The problem with the normal HTTP protocol is that the information flowing from the server to the browser is not encrypted, which means that it can be easily stolen. HTTPS protocols address this by using an SSL certificate, which helps create a secure encrypted connection between the server and the browser, thus protecting potentially sensitive information from being stolen during its transfer between the server and the browser:
Switching from HTTP to HTTPS is not complicated or time-consuming. With HTTPS, servers and clients can continue to talk in the same way, but with full encryption of their requests and responses (that is, data):
However, not everything is safe and secure with this added layer of encryption. SSL certification does not guarantee total security. Even HTTPS sites face their fair share of phishing attacks.
This is the reason why you should take the proper measures to keep your website secure and not just rely on HTTPS for complete website security.
How to Add HTTPS to Your Website
Here are some simple steps you can take to switch from HTTP to HTTPS:
Purchase an SSL Certificate:
Buying an SSL certificate is not that difficult. First, check with your web hosting company. Does your hosting plan include a certificate? If the price and type of certificate meet your requirements, talk to them about adding it to your service.
Alternatively, you can search for certificate authorities. Look for preferable prices and types of certificates. Then buy and verify your certificate. SSL certificates can be of many types, including DV, OV, EV, multiple websites, and wildcards.
Digicert’s CertWizard can guide you on what type of SSL certificate you need:
Verify and Install the Certificate:
After purchasing the SSL certificate that meets your requirements, it’s time to verify it. Verification can take from a few minutes to a few days, depending on the type of certificate.
After receiving information from the certificate authority, download the files.
The installation process will depend on the source of your certificate. The web hosting services usually take care of the installation and speed up the steps for the webmaster.
This is how you can install the certificate you purchased outside of your web host:
- Log in to your web hosting administrator account.
- Go to the option “Install SSL certificate”.
- Enter the SSL certificate, your domain name that requires SSL, and your key (your Certificate Authority must provide the key and the SSL certificate).
- Click “Install”.
Validate the SSL Certificate:
The next step is validation and for that, you need to log out of the hosting manager and website editor interface. Then check the address bar – does it show HTTPS tag? In addition to the HTTPS address, you should see the following:
- A green padlock in the address bar
- Your business name (EV certificates)
- A green address bar (EV certificates)
The onsite security seal of trust or trust badge.
You must use an SSL verification tool to ensure the security status of your website.
Update Your Sitemap:
Generating a new XML sitemap is not a challenge. You can do this in your Google Analytics account. Check the default URL of your website in the “Property Settings” in the “Property” option of your administrator account.
Update the http:// to https:// and save the change.
To update the sitemap, visit Webmaster Tools:
- Go to the Search Console
- Click on settings – the gear icon on the top right
- Select “change of address”
Google will walk you through the next steps to update your sitemap, including selecting your new site and confirming 301 redirects. Click “Submit” when you have finished making your changes.
Buying and installing an HTTPS certificate is fairly straightforward for all site users. The steps we outlined above are relevant for all versions of WordPress and also for some other CMS platforms.
If you have a reliable web hosting service provider, you should speak to them for a quick installation and seamless migration of your website from HTTP to HTTPS, adjusting your hosting plan.
How Can a Hack Impact a Website’s Organic Traffic and SEO?
Attackers do not distinguish between sites in terms of size and attack traffic. Here’s how it can affect your traffic and SEO:
Blacklisting, when your site is removed from the search engine index, is one of the most serious consequences of malware attacks. Since most sites are not notified, they can be repeatedly attacked by ransomware and malware attacks. Several websites have persistent vulnerabilities that make them subject to SQL injections, XSS, CSRF, and phishing attacks.
Not receiving any notification can mean a continuous loss of money, reputation, and visitors when Google identifies the anomalous behavior and blacklisted the site. Being blacklisted is the end of all traffic and SEO for any website. However, it is a way to start from scratch with a clean website.
Errors in Crawling:
Scraper bots crawl websites to extract content, block search engine bots, and participate in data theft. Your SERP ranking can also be affected when scraper bots create duplicate content elsewhere. They can create 404 and 503 errors in your Google Search Console. They are responsible for creating infinite loops that consume a lot of resources.
When you find duplicate content, file a DMCA complaint with Google. Routine scanning of log files with premium tools can produce an exhaustive list of bots crawling your site. Identify their origin to separate good and bad bots.
Criminal hackers can receive SEO spam through SQL injections, which can cause your site to be blacklisted or completely change the appearance of your site in Google SERPs. They can also slow down your website, which is one of the main ranking signs.
You need security plugins and SEO tools that can detect malicious activity in real-time on your website. Fixing the vulnerabilities is absolutely essential. Check out paid platforms that offer full website monitoring, like Sucuri, the industry leader in WordPress security (it’s a paid service, but it offers limited scanning on WordPress for free).
At the end of the day, you shouldn’t make Google your antivirus. Google flags untrustworthy sites and blacklists those that pose a threat to users, but relying on Google updates is not a proactive way to take care of your site’s security and SEO.
If you want to improve your SEO and improve your website traffic, always start with HTTPS. Therefore, consider investing in a website surveillance system that monitors in addition to the SSL certification of your website.