Website security isn’t glamorous. It’s not good looking, or fast moving, or the bit that makes your clients sit back in their chairs and say wow. It’s just not. But maybe it should be. Because as well as quietly protecting you from a whole world of potential threats, great website security has a secret: it’s amazing for SEO.
The more secure your website is, the better it ranks in searches, the more visible it is to its audience and the more chance it has to achieve big wins for your brand. All that at the same time as locking down your data, looking after your customers and keeping you up and running. Get it right, and it’s impressive stuff. But where’s the best place to start?
Make sure you’ve got an HTTPS site
HTTPS stands for hypertext transfer protocol secure, and it describes the way information is transmitted between websites and users. The ‘secure’ part refers to the in-built encryption that protects information from prying eyes in transit, and it was added because the original HTTP left this vulnerable.
Because HTTPS is now seen as a real must for website security, it’s favoured by search engines and browsers. In fact, it’s been a signal in Google’s ranking algorithm since 2014. While probably at least 300 different signals affect a site’s Google ranking, we know HTTPS is one of them and not having it can seriously dent your visibility.
In fact, in 2017 Moz reported that half of all Google page one organic listings are HTTPS and, according to a recent update, Google Chrome now flags non-HTTPS sites up as not secure. If your website is flagged in this way, there’s a real risk consumers won’t trust you with their data and will lose confidence in your brand. Google is actively pushing HTTPS, and it’s bringing consumers along for the ride.
So, shifting your website up a gear from HTTP to HTTPS is a must. It gives you authority and credibility, and it means your customers are more likely to click through – buying into your website’s content, products and brand. But how do you do it?
Get an SSL certificate
To turn your HTTP website into a secure, search-engine-preferred HTTPS one, you’ll need an SSL certificate. It adds the S for secure and makes sure hackers can’t interrupt the connection between you and your customers, accessing personal information or bank details. It proves you’ve got your security covered and customers can trust your website. Even better, it’s quick and easy to get through your website hosting provider.
There are several different kinds of SSL certificate, each giving you a different level of security. Choosing the right one means considering what kind of website you’re running, what data it’s handling and how much you want to pay. As with pretty much anything, the more you pay, the more advanced the product. Let’s take a look.
If you’re running a brochure site or blog…
Relatively simple sites that don’t handle payments or customer details can often get all the protection they need from a Let’s Encrypt SSL. The best bit about these is that if you’re using a control panel to manage your websites (like Nimbus Hosting’s STORM platform for creatives) you can usually get a free Let’s Encrypt SSL in seconds. Done and dusted.
Let’s Encrypt are earning a strong reputation and constantly bringing in new security features, but it’s worth remembering that they offer a fairly basic level of protection – the minimum expected these days. In fact, more and more phishing sites are finding ways to get Let’s Encrypt SSLs and make themselves look legitimate, even when they’re not. So, if you want to give customers real confidence, it might be a good move to step things up.
If you’re handling customer data…
The moment you start collecting customer data through your site, you need to up your security game. Certificates like RapidSSL make stronger security affordable. They’re also compatible with more browsers, including mobile, which means more people will be able to see your website, buy into your brand and benefit from the security you’ve provided.
If you’re taking customer payments…
When you want people to make payments through your website, you need to have your security all sewn up. If customers don’t feel confident their details are safe, you’ll lose their sales, and if their details get into the wrong hands on your watch – that spells trouble for everyone.
But even really top-notch security is easy to put in place these days, thanks to premium SSLs like GeoTrust True BusinessID with EV. Top-of-the-range options like this really highlight how secure your websites are because they actually verify that your business exists, not just that you own the domain name.
To show that, they name your company in the web address bar and give you a green bar in the search engine, just like banking websites. The result? Customers can see their details are safe, so they’re more confident buying, browsing and building a relationship with your brand.
Getting the right SSL is a quick win with a big impact on both security and SEO. But it’s not the whole story. There are lots more ways you can boost your site’s protection, reduce the risk of it getting blacklisted after a hack – and protect its search rankings.
Update your WordPress plugins and extensions
Hackers actively look for outdated WordPress plugins and extensions because they’re more vulnerable to attack. It’s a good idea to regularly check yours are up to date and install a security plugin like All in One WP Security & Firewall or Wordfence. They monitor your site’s activity for potential hacks and include a firewall to block malicious traffic permanently.
Keep an eye on your server capacity
If your server starts to get clogged, whether with genuine or malicious traffic, it can stop Googlebot and other search engine bots crawling your site effectively. That means they won’t be able to see your website properly and you could slip down the search rankings.
To protect against this, get into the habit of analysing your job files. Tools like AWStats can show you all the bots that have crawled your site. Individually they shouldn’t use too much bandwidth, so if one is using far more than the rest, that’s a red flag. You can do a reverse DNS lookup on the suspicious IP address to get a host name and find out if it’s malicious.
Tighten up your security network
Make sure your security network is really robust and includes important measures like limiting the number of login attempts within a set period, automatically ending expired sessions and scrapping form auto-fills.
It’s also a good idea to use a web application firewall (WAF) to protect your site by filtering, checking and blocking malicious traffic. And finally, wherever you and your team are working, make sure your connection is encrypted with a reliable VPN.
Stay vigilant, whatever your size
In March, the Evening Standard asked me to comment on the tens of millions of hacks recorded by major organisations like the Natural History Museum, Imperial War Museum, Kew Gardens and Tate. I told them that cyber criminals were now going to extreme lengths to obtain confidential information. These landmark organisations were protected by their firewalls and security systems, and smaller organisations need to follow their lead.
SEO aside, website security is an area where everyone needs to stay vigilant, however big or small the ship you steer. If you’re building sites for yourself, your brand’s credibility and visibility are on the line – and strong security shows best practice in action. If you’re creating them for clients, tighter security helps protect – and showcase – everything you’ve designed, built and sweated over.