How Website Security Impacts Your SEO Investment
Google and other search engines have stepped up aggressively in identifying sites containing malware, link farms, and other content designed to cause damage to a visitor’s computer. One of the favorite methods of spreading malware is to infect legitimate sites, making it much harder to identify a pattern of sites that can cause damage to your computer.
From an SEO perspective, given the significant rise in the number of bots and viruses that infect PCs coming from legitimate websites, if your website falls prey to one of these attacks, it can cause you to be removed from search results for a long time. If you site becomes flagged as a source of malware or any other type of security threat, it can cause your SEO efforts to be put back by months, since engines will either remove your pages from their indexes, or warn users of any perceived threat from visiting your site.
This is in addition to the reputational risk of having your site become a victim of malware – which is especially painful if you manage credit card or ecommerce transactions, and are expected by users to be completely secure. Unfortunately, securing a website isn’t easy since naturally it’s online constantly, and there are some truly inventive ways to hack through it. Since there are a wide variety of web platforms out there, it’s hard to provide specifics that apply to everyone, but here are some ways to improve your odds of beating the hackers:
- Use secure passwords: most security starts with a strong password. A strong password buys you time against brute force attacks (for example, it takes under 2 seconds to brute force the password “giants” but over 200 years for “RanK$nG#On3!-2010″). If your site has other administrative users, enforce minimum password requirements to ensure there are no weak links. Don’t write passwords down, don’t share them, and change them frequently.
- Don’t use obvious usernames: “admin” and “root” are the most common administrative users – choosing a different name makes it harder to identify an admin account.
- Keep your CMS up to date: if you use WordPress, Drupal or Joomla! – or any other content management system – keep abreast of the latest security patches and apply them quickly.
- Use security plug-ins: again, for CMS users, there are some truly excellent plug-ins that can make your platform much more secure. Check what’s available for your software and install recommended plug-ins.
- Back up your site regularly: it’s remarkable how many web sites have no back up whatsoever, even ones with significant investment. Ultimately, if your site is compromised, your back up will be the first thing you need to restore your data.
If you have any form of user-generated content on your site – such as blog comments, forums or user reviews – it’s important to monitor activity to protect against comment spam, malicious links and anything else intended to lead the visitor from a legitimate location to somewhere questionable. Be vigilant in deleting this content, and use technology such as Akismet or reCAPTCHA to deter bots and spammers. Some sites also restrict IP addresses by country, since certain destinations are notorious for stealing site content and causing other issues. If your company has no business opportunities in a certain country, it may help to block requests from IP addresses originating there. Additionally, adding your site to Google Webmaster Tools only takes moments to set up but Google will then routinely monitor your site for evidence of malware.
Hacked sites are becoming a major problem, and can derail your progress in developing your online presence and search engine optimization. There are many technical elements to managing a website and securing the server effectively but even taking these basic precautions gives you a significantly better chance of avoiding becoming a target.
Recent Comments