Can website security influence your website’s rankings? Website security is as essential as you locking the front door of your brick and mortar business.
It’s just not as visible.
Many make the mistake of thinking, that because their website is not yet huge or they are not famous, nobody would try to hack into their sites. But this is not the case.
Every website can be affected. And every affected website can lose rankings if this happens. Scroll down and read about unbelievable devastating website security issues we experienced that brought down our clients ranking results.
Devastating Website Security Issues – From 22,200 Faked Pages To Becoming A “Sex Site”
Website Security Issue #1: Hundreds or Thousands of Faked Pages on Your Website
22,200 pages later … One of our clients just experienced this few weeks ago. She had a WordPress theme she didn’t like and wanted to switch to another one. The new theme reacted unreliable from the beginning. The frustration increased over time and she decided to try another WordPress theme with the hope this one would work better. But it did not. It became worse. Just after she had the new theme installed, it crashed after uploading an image to a blog post. She called the hosting company and had to install the old theme, then re-install the new theme … she had to do this process several times. We looked into the number of indexed pages to see if there are other factors that would create an instability for the site. This was the moment we detected the 22,200 indexed pages of her website. None of them were hers but all spam pages, linking out from her site to spam site results. The “fake pages” were created by hackers several months ago, during the time which she first began experiencing the challenges with her original dysfunctional theme. Once we set up a site security service on her website and it was cleaned up, her new theme finally worked out without any further issues. Unbelievable, right? We checked out her rankings we found that due to the 22,200 spam pages on her site, several of her ranking results had gone down. In Google Webmaster (Google Search Console), many of her first content keywords with high significance were content from the spam pages. Right now she is working on creating fresh new topic related content to prove to the search engines that her website has relevance for her main site’s keyword and to bring her site back to the higher ranking positions. * * *
Website Security Issue #2: Visitors Click on Your Site and come to A “Sex Site”
Our client sent us an email asking for advice. She shared that her web store visitors emailed and called her, telling her that they were redirected to a sex site as soon as they clicked on the search result in the SERPs (search engine results pages) or when they manually typed in her website address into the browser bar. Our recommendation was to sign up for a website security service, such as Sucuri, where we have had good experiences. Our client decided to contact her hosting company asking them for advice. Her hosting company responded that they had taken care of the issue and fixed everything so her web store would show up again. Unfortunately after this action, she still had plugin issues that could not be fixed. Cleaning up your website after a hacker attack is essential, not a choice. Not all issues can be easily detected. A deeper malware analysis is necessary. And a cleanup does not prevent a future hack. If your website is your business online, it’s a good investment to get a website security service that also puts a firewall in place. Our client was lucky because it was detected early on and did not change the ranking results of her web store online. * * *
Website Security Issue #3: Spam Links within Your Website’s Content
Hackers came into our client’s website through a not updated contact form plugin. They implemented hidden spam links in our client’s opt in form. Google Webmaster (now Google Search Console) detected them and sent him an email, letting him know about suspicious hidden content on his website. We used several free malware detection software tools but the results in all of them came up as “no malware”. However, when we went to his website, we could see the spam links appearing in blue and then disappearing. Our client hosts a membership and affiliate plugin on his website where his members and affiliates can create their own accounts. This in itself is a security issue on its own, because the more users you have on a website the great risk at providing a loophole for a hacker to get in. Our expert team recommended to our client to sign up for our preferred website security service to put in place a firewall that helps to prevent future hacks as much as possible. A firewall can protect your website from hackers getting in through loopholes, but it does not protect you from hackers figuring out user passwords (there is nothing that can protect you from this). An additional benefits of signing up for a website security service is the unlimited amount of site cleanups. So if it cannot be fully prevented that hackers access any website through easy to figure out passwords, at least you have the reinsurance that your site will be cleaned up any time it may happen (consistent backups and asking your users to change their passwords more frequently helps). * * *
Website Security Recommendations
My friend and WordPress trainer Kim Shivler from White Glove Web Training Services wrote a blog post where she shared the website security points below and her recommendations from a web developer perspective. Here ours from an SEO & online business view.
- Backup your site: Always! Most of our clients did not backup their sites before they started working with us, and just like everything in life, you don’t need it UNTIL you need it. When we have new clients with us, we make it a requirement that steps be taken in order to prevent the possible loss of the amazing content they have created due to a hacker attack. We want to avoid the potential need of the rebuilding of their site. For our own sites or our clients sites, we use the UpdraftPlus Backup and Restoration WordPress plugin.
- Install a security plugin: That’s another thing most of our clients did not have in place. Hacker go in and out and nobody knows nor sees them. Then the website security issues, described above, happen and what a bad wake up call! Installing a website security plugin in WordPress is a five minute thing. Setting it up properly is the ticket. Kim from White Glove Web Training offers free training videos to help you do this on your own. Contact Kim from White Glove Web Training to find out when her next free live security training will be, so you can prevent the headaches of website security issues.
- Keep your site up-to-date: Updating your website, its theme and plugins doesn’t mean you should do every theme update or plugin update immediately. It is always best to wait for few days as there may be a bug or minor glitch, and the company releases another update.
- Respect passwords and login information: You want to take yourself serious so that others do too. The most common passwords in the past were “password”, “12345”, your dog’s name, and so on. You get the point, right? Passwords are your locks. They secure your site. The easier it is to “guess” your login information, the easier it is for somebody to access the back end of your website, many times this is done just for fun and challenge of hacking, but worse is when it’s done with malicious intent.
- Force strong passwords: Strong passwords include numbers, letters and special signs. LastPass is a paid service that helps you to create and remember powerful passwords.
- Create separate accounts for users: One fits all? We don’t think so. As the website owner, you want to have an administrator access. If you have a web designer, a web developer, a virtual assistant, or an SEO expert helping you with your site, each of them needs a separate account. In this way you can see who is logged in, who did the last change to a specific page and by deleting the account, you can choose in a minute who does not have access anymore to your site.
- Change passwords often: Christmas comes once a year. Your passwords should be changed more often than this. Try to change them at least every month. As soon as a website security issue happens like described above, you need to change all your passwords, your website’s, your FTP server’s, your cpanel’s password immediately.
- Delete unused plugins and themes: Unused plugins and themes are loopholes for unwanted visitors to get into your website. The less loopholes you have, the smaller is the risk of somebody getting into your site.
- Delete the admin user: Because “admin” is known by any hacker, this is the first thing you want to take care of. If not used delete it immediately.
- Sign up for a Website Security package: In the last few weeks we experienced that more than 15% of our clients had to deal with website security issues like the ones above. The best way to prevent this is having a firewall in place that secures your site. We tested the Sucuri site security and so far, this one was the most economical, easy to set up and functional security service we could find.
To find the website security recommendations my friend and WordPress trainer Kim Shivler shared, go to https://whiteglovewebtraining.com/7-ways-to-make-wordpress-more-secure/ where she also posted short video presentations to some of the topics. * * *
Conclusion:
At a minimum have a website security plugin installed on your website to help prevent ranking losses, and don’t wait to get an email from Google search console (former Google Webmaster) that your website was hacked or a phone call from a customer telling you that a sex site comes up instead of your website. A manual professionally done website cleanup can cost you a minimum of $80 per case. The most economical way to protect your website today and to get it cleaned up as many times as needed, in case the hacker found a way to get in, is to sign up for a website security service. They often start with 50 cents a day. Sucuri Website Security is an absolute priceless peace of mind to have and one which I personally, as well as my business partner, who is a WordPress trainer and website guru implement for our own sites. Sucuri Website Security is a great website security service including malware detection, malware cleanup, and malware prevention plus a firewall for your website.
P.S. On this page there are affiliate links, which provide us a small compensation when sign up. We give back by educating and sharing valuable information like up-to-date industry information, our blog posts and social media posts like this.