A recent report by web host GoDaddy has found that almost three-quarters (73.9%) of websites are hacked for SEO reasons, with cybercriminals attempting to incorporate links to other websites and even add new landing pages altogether. This can have a devastating impact on a publisher’s SEO as the leading search engines such as Google and Bing regularly scour the web for sites affected by SEO spam and blacklist them. This drastically reduces a website’s visibility for its relevant search terms.
Furthermore, GoDaddy found that only 50% of webmasters are currently monitoring their website for potential hacking events. This means that one in two websites could be unknowingly attacked – an alarming statistic indeed. Search engines such as Google are driven to make the internet a safer and more enjoyable place. In recent years, Google has been advocating the use of Hyper Text Transfer Protocol Secure (HTTPS). Webmasters simply have to obtain an SSL certificate for their website to ensure that all data on their website is encrypted in transit, thwarting the potential for data leaks or misuse by criminals.
A mammoth recent study by some of the leading names in search marketing saw over one million Google search results studied to investigate any potential correlation between page-one rankings and sites with HTTPS. The report found that there was a link between websites with prominent page-one rankings in Google and those with HTTPS encryption. Search Engine Land also recommends a lesser-known security layer for your website called HTTP Strict Transport Security (HSTS). Put simply, when pairing HSTS with HTTPS encryption, you can create a website or web application that is almost hack-proof – great news in the eyes of Google spiders.
HTTPS is not 100% flawless. There is a risk of websites being exposed to SSL stripping – a technique used by hackers to change their encrypted connection to an older version. This is typical when a website has landing pages with 301 redirects that rely on the redirect sending users to the HTTPs version of the page rather than the HTTP version. However, using HSTS alongside HTTPS forces a website to load via HTTPS only. It completely discounts any connection attempts made via HTTP. HSTS can also improve your website’s page load times which are also a known ranking factor in Google.
Websites featuring web apps that don’t want to be impacted by downtime – which affects your search rankings – should also consider investing in a web application firewall (WAF), which protects from application layer attacks such as distributed denial of service (DDoS) attacks and SQL injections that can compromise sensitive data and prevent legitimate users from accessing online services. Most WAFs are available as a managed service, allowing it to operate quietly in the background whilst learning and fine-tuning its detection of security threats.
Unfortunately, falling victim to cybercrime can happen to us all. Believing steadfastly that it simply won’t happen to your website is absolutely the wrong stance to take. Be proactive and protect your website and its users and you’ll be richly rewarded with an improved online presence in Google and other leading search engines.