Web security is a serious concern no matter who you are. From a businessman to a personal-email-account-holder, web security is crucial for everyone. Not only the stakeholders but the people indirectly connected to a business or a web presence are also affected by the threats of web hosting. One such party is the SEOs. Yes, the SEOs we’re talking about. Apparently, an SEO (Search Engine Optimizer) is the one who manages to rank your web presence on top of search engine results. A web security threat to a business owner, no matter big or small, means a gigantic threat to the SEO who has done the optimization efforts for the web presence. You must be wondering how?
Hacking is sometimes for SEO purposes only
You heard me right! Hackers hack a website for the sake of ranking. A study by GoDaddy says that 73.9% of hacking is done for SEO purposes. What hackers do it, they hack a site, add links to it along with new web pages and they can even start an altogether new site to show on Google. How this affects the SEO you ask? Well, this practice lowers the rankings of the website thus blacklisting it and the person who’s behind the website’s ranking.
What should you do?
Well as an SEO my practice is to ensure that whatever I work on is fully secured. As aforementioned, a threat to my client’s web security means a threat to my career. One blacklisted website and all my efforts go down the drain. There was a time when an SEO did not have much to do with web security except for making sure that no link is established to a malicious webpage. However, with the passage of time things have changed. Web security has to be your biggest concern if you’re an SEO.
So what I do to make sure that a website I’m working on is secured and safe to work on.
Make sure your client’s website is secured via HTTPS
It is quite evident that Google considers an HTTPS website more secure than the typical HTTP. This is because, through the HTTPS protocol, the web information exchange is safer. It is since 2016 that Chrome browser marks any websites that are not HTTPS as unsecured with prominent red text. So before taking a project, make sure your client’s website is fully secured. Here’s how you can check that:
- Ensure that the SSL certificate is properly installed on the server
- Ensure the website’s URL is displayed with the HTTPS version
What if you find out that your client’s website is not secured? Talk to the client and explain the hazards of not having proper web security measures. Back in 2017, I found out one of my clients’ website had serious security issues and I convinced him in every way I could to have proper security measure. I even introduced him to coupons for web security Since the client had money issues with the business. Coupons helped him get the services on discount and he was lucky to have some additional facilities too. so I highly recommend every SEO out there to make an extra effort and check on the client’s web security.
Apart from an SSL certificate, here are some other shortcuts that you can use to ensure your client’s website is hack-proof:
- Educate your client or the concerned authorities about how hackers can attack; tell them about spam, brute force attacks, cross-site scripting, SQL injections, etc.
- Ask them to change passwords often
- Change passwords to your accounts too
- Refrain from using any unsecured, third-party tools to link to your client’s website
- Make sure error pages should have a message no more than “Page not found”; do not to print any server level information on these pages
- Validation of inputs should be enabled on both browsers as well as server side; this will ensure that malicious codes do not infect the server.
- Proper controls should be there if the client’s websites allow users to upload files. This will ensure that no unwanted scripts are uploaded.
What if your client’s website is hacked?
Imagine waking up one morning and looking at a warning on Google alongside your client’s website. This would be your worst nightmare, right? Well, the worst has happened, what to do next? The first thing you should do is log on to the Search Console and check for the level of a security breach. As an SEO, you do not have much to do in this. However, you immediately need to call on to the client and ask them to reach out to the concerned programmers and developers and find out the flaw and the cause of this security breach.
How to make sure the website’s ranking is intact if the website is hacked?
The quickest possible thing to do if your client’s website is hacked is to make sure that the security breach hasn’t affected the SEO of the website. If you find out that ranking will be affected by the breach, follow these steps;
- First of all, find out the infected URLs
- Remove the infected URLs from the index
- Next, make a quick examination for crawl errors and re-submit the website’s sitemap
- Once you find out the malware is removed and the website is free of any issues, make a thorough security review of the website
A successful security review message means the review is complete and your website is safe to go.
In my career as an SEO, I have faced many challenges and web security is one of the newest but the most challenging. Although web security concerns are not among an SEO’s responsibilities in order to have a reputable ranking on search engines, SEOs need to thoroughly study the web security of their client’s website they’re working on in the future.
Let us know if you found this article useful and if you have any other concerns in mind regarding web security.