Positive and Negative impact of website security to SEO ranking

Search engines care a lot if your website is secure and safe for your customers. I know that many people don’t understand why their website is being targeted in the first place and therefore never feel about security as anything critically important (until they get hacked), but there is more in that than just spending time and money on feeling safe.

This is basics! Moving over to secure connection (HTTPS) should already be essential. Google has officially confirmed that they boost rankings for HTTPS sites already in 2014.

Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.

Few months ago (early 2017), Firefox and Google Chrome started to call HTTP connections insecure. You can see it by yourself - all the regular HTTP pages with a login functionality are marked as “Not Secure”.

Search engines and web browsers are giving out a clear sign. Your website will have better reputation and will be positioned higher in search engine results if you take care of your visitors safety. If not.. well, it’s your own loss.

There are many reasons why search engines can apply penalties (negative SEO) to your website ranking. If you don’t take care about security, you might end up with your site being wiped from search engine result or even have it completely blocked.

Honestly, this makes sense. If you don’t care about your website and you don’t care about your visitors — why should Google or any other search engine care about you?

Still don’t care? Well, get used to the SEO penalties!

Image from an article where a website owner had to confront the consequences.
Snapshot from defaced websites on Google search.

A major issue among websites running on outdated CMSs like WordPress, Joomla, Drupal and so on. The issue with outdated software and lack of protection can make it easy for automated bots to attack your site and deface it with sometimes rude content that gets indexed by the search engines. Even if the search engine don’t apply penalty for that, your visitors definitely will!

If you don’t have spam protection and you frequently get comment spam under your website posts, keep in mind that Google will hand out a ranking penalty (User-Generated Spam penalty) just for that. It doesn’t mean you’re a spammer — but your site users are, so it’s completely up to you to clean up spammy content people and bots post to your website.

SEO Spam is probably the most popular way for ill-intention hackers to gain financial profit by hacking your website. SEO injection (like Canadian pharma spam) can be executed because of plugin and theme vulnerabilities. If the website have been compromised by the hacker, they can create sub-pages and hide links and keywords into the source code, making it invisible for you to see, but accessible to the search-engine crawlers.

Screenshot of malware infected website.

More and more sites which get infected with malware will be detected by the search engines. Site will be added to numerous blacklists, website will be marked as dangerous and the access will be blocked by the browsers and by different antivirus vendors. It’s one of the worst case scenarios, but it’s far from being rare.

It’s not just about cleaning up your website to get the ranking back, you need to get your site removed from every blacklist and ask for search engine to re-index the whole site. Without talking about the complexity of malware cleanup, the whole process of recovering the site can take some considerable amount of time. This can literally shut down your business!

NB! To protect yourself from attacks mentioned above, SSL(HTTPS) is not enough! It’s important to keep the software updated to have all the latest security updates as soon as possible. To stay ahead, consider using a security software which applies firewall and hardens the website security settings.

So, which one do you prefer: no ranking or good ranking?

It’s all up to you! You can choose Negative SEO by closing this article and thinking: “Pfff, Why the hell would anyone hack my small website?”.
You can follow these 5 steps real quick and prevent nasty incidents with a SEO boost as a pro bono:

  1. Start from the basics and secure your site — don’t use default usernames like admin and start using passphrases rather than passwords. Keep your software updated and don’t download themes and plugins from un-trusted sources — building a wall around trojan horse and yourself doesn’t really make sense.
  2. If you haven’t transferred your website from HTTP to HTTPS yet, do it now. It’s FREE!
  3. Make sure to know your hosting provider. Stay away from free-hostings and look for the reputation and customer feedback.
  4. You probably don’t visit your website every day, so go ahead and ask for free monitoring service! Sometimes it might be surprising what you‘ve had on your site for months.
  5. Most of the attacks against websites are automated, so take your step and automate your security, too! Use software like Sucuri, WebARX (if you want regular monitoring, too) or WordFence.
  6. And the most important step — don’t leave it for tomorrow, do it now!

Liked the article? Hit the ❤ button and don’t forget to follow!
If you’re responsible for the company website — I will personally offer a free trial of monitoring and protection for your website. Stay safe!

Passionate cyber-security entrepreneur. Founder of @webarx_security.