Building a winning website is hard, and comprises of many components. Plus, every client wants great page speed, uptime, UX, design, and marketing to make the business profitable. However, many VPS owners forget to focus on security - from SEO aspect. Until they get hacked and the rankings drop...
How website security directly affects SEO
Keywords, meta tags, contents, backlinks. All of these terms are worth noting, especially if your websites are down, poisoned or flagged by Google.
Marketers often skip security in their SEO strategy. Alternatively, it could be that they might not even know where to start with these things. So, that’s exactly why we’re making this checklist to ease their (and your) job, as website hacks have a permanent impact on your Google ranking.
Prevention is key, especially when you host multiple websites on your VPS, so basically you’re responsible for the whole server’s security. Still, first things first, let’s take a look at the disaster scenarios about how bad security can kill your SEO.
1) Crawling errors
When we talk about bot traffic, the first thing that comes to people’s mind is robots.txt. Robots.txt is a great idea to control your traffic, but let’s face the truth: even some good bots don’t respect that file, not to mention botnets.
Human visitors mean only 44% of the traffic of an average website. And 29% are malicious bots attacking the site or preparing attacks.
As malicious bots use the same server resources as legit visitors, bigger waves can completely overload your server which stops serving the sites altogether.
You can notice this from customer complaints, or strange 404 or 503 errors in your Search Console for pages that work just fine.
2) Being flagged by Google
Being flagged by Google is one of the worst scenarios many marketers can imagine: thousands of dollars spent on advertising with unavailable landing pages and permanent downtime.
Please don’t make Google your malware scanner.
But have you ever thought about that being flagged is the best thing that can happen if an infected website occurs though?
One terminated website and the ranking penalty is not the worst that could happen. These painful flags help you to recognize the weak points in your security and evolve a pro-active solution so they won’t happen anymore. Not getting flagged while your sites are malware-infected leads to greater damages by hackers and stricter penalties by Google. That’s definitely not something you would want.
According to GoDaddy’s (2018) report, search engines are blacklisting only a fraction of the total number of websites infected with malware. 90% of cases are not flagged. So if you are, please consider it as help.
3) Ruined user experience and website failures
However, Google shouldn’t be your number one priority with risk evaluation… your visitors are less forgiving.
When you’re doing SEO, responsiveness and reliability are key expectations to live up to. Visitors expect your website to load lightning-fast, be available all the times, handle their data with care (hello HTTPS!), and not to show random black-market pop-up ads for them.
However, infections do not always affect visitors this directly. For instance, Blackhat hackers are pros when it comes to hiding malicious content. SEO spam, also known as spamdexing, means manipulating search indexes so they include content they wouldn’t find otherwise. Also, they’re willing to do anything that leads to faster rank-ups, even if it lasts for a short time.
So the point is, UX is like oxygen, but Wordpress hacks, DoS attacks, malware and phishing content can not only ruin your SERPs but have a depressive effect on your company brand and income - and this is what makes the longer to restore, if even possible.
4) Blacklisted Server IPs
Blacklisting is not the only risk from Google’s side. If you use your server to send out emails or marketing automation, you must have met with IP blacklisting in some form. The usual case is that an infected server starts sending out spams, the recipients flag those emails and the different providers update your IP reputation scores upon them. In the worst-case scenario, your IPs get blacklisted which means they fail to connect and you end up with tons of unsent emails and blocked connections.
It’s worth setting up monitoring for regular RBL (Realtime blacklist, DNSBL or RBL) checks, but it’s too little, too late if you ask me. Prevention is key. Clean websites don’t make such a mess.
Own you SERPs with server security
Why monitoring is not enough? - you might ask.
Well, I have some questions, too:
- Do you know exactly what to monitor?
- Why would you dedicate manpower for something that can be 100% automated?
- Do you know how to prevent a re-infection after you kill malware?
- Wouldn’t it be better to sleep well, without shouting monitoring alerts in the middle of the night?
So monitoring won’t SOLVE your problems, it will just point at more of your weak points that you’ve to know of - at max. Don’t wait till your customers ring the bell about defacements, phishing contents, slow website response, and stolen data… or till your KPIs drop. Prevention in server security is key.
How to mitigate SEO risks by improving VPS security
I collected you a checklist, which - many great marketers say - gives you a great base for SEO, concerning security.
1) Secure your customers’ sites with SSL and use HSTS in addition.
Don’t wait till they ask for it, as it is you who will suffer a churn if data gets stolen. Think ahead. Moreover, Google prefers HTTPS sites over HTTP ones, so even a free solution (like LetsEncrypt) is worth to provide.
2) Update all the plugins, extensions and apps you run on the servers and websites.
Vulnerable Wordpress, Joomla, and Drupal sites are easy wins for hackers. It is alarming enough that at least 67% of web apps have a major vulnerability that could allow for the deployment of malware. Believe us, many are not exposed to only one of them.
The more service you run, the more risk you’ll have, so it’s recommended to find a good web application firewall, just like BitNinja’s:
WAF - Product tour
3) Filter malicious bots
Search Engine Watch regularly raises the attention for content scrapers. If you find it in your backlinks or trackbacks, that your content has been posted without your permission on a spam site, file a DMCA-complaint with Google.
However, your best defense is generally to identify the source of your malicious traffic and block access from these sources. One great solution you can use is trying BitNinja’s 7-days free trial to see what’s the case for your current traffic and how seriously your server is attacked. Its IP Reputation list has attack history about over 15 million IPs worldwide, including these very active botnets for example:
- Mirai botnet
- Hexa botnet
- Hello Peppa botnet
- File uploader botnet
- IoT botnet
- GPON router botnet
- Cutwail botnet
4) Take care of your local network security, use a password manager and educate your colleagues
Many people are surprised to learn that weak passwords are a major cause of malicious hacking. If you use ‘pa$$word’ as a credential, no security software can save your a$$.
So please just use safe passwords, change them from time to time and handle them in a password manager if possible.
Prevention is the key
If you still believe that security has no effect on your SEO, then, you didn’t read this article carefully. Don’t let hackers ruin what you have worked on for months/years! Also, for every second you spend without powerful security, you are giving a green light to the bad guys…
So, don’t waste your time! We are here to help and you can try for FREE how BitNinja will eliminate the cyberattacks on your websites. Believe me, you’ll see incredible results only within the first few hours!