The security of your website should always of course, have been a top priority, helping to protect your customers and their information. However, now that Google are beginning to penalise sites which have been hacked, it is even more important to ensure your site is secure.
Google announced last week “We are aggressively targeting hacked spam in order to protect users and webmasters.”
“The algorithmic changes will eventually impact roughly 5% of queries, depending on the language. As we roll out the new algorithms, users might notice that for certain queries, only the most relevant results are shown, reducing the number of results shown.”
So what can you do to make your websites more secure and ensure your customers are protected without SEO performance being impacted?
Audit your website
The first thing that we would recommend is to find out if your website has already been hacked. There are a number of ways to do this and various tools available that can help:
- Google Webmaster Tools – will highlight any SPAM or Malware which has been added to the site content
- External third party scans will also analyse your site to see if it has been blacklisted. Tools include Securi and Quttera
- Your web browser indicates that your site may be compromised.
- You notice strange traffic in your web logs such as unexplained big spikes in traffic, especially from other countries.
If the tools highlight a potential issue, don’t panic there are steps to take to remove the issue and improve security.
If your site has been hacked
We would recommend the first thing to do would be to turn off your website and direct customers to a holding page, explaining the site is down for maintenance. This may seem dramatic, but this is to protect your customers as well as ensure you can resolve the issues in an efficient manner. The site shouldn’t be down for more than 24 hours anyway.
Follow these steps:
- Contact your tech team (if you have one) and advise them of the issue. Allocate someone to manage this project to ensure clear communication, ideally this person should be a web developer (not designer) as they may need to audit the code and server technology
- Take a record of all login details, including:
- CMS logins (WordPress, Magento etc)
- FTP logins
- Database logins
- Server logins
- Email logins
- Examine log files to highlight when/how the website was was hacked
- Audit every file within your website, you will be looking for any code which looks abnormal
- If you use a CMS like WordPress there are plenty of plugins available to help scan your site and highlight any potential code which may be ‘Look See Security Scanner’
- Remove any code which you believe is Malicious – but make sure it doesn’t affect the website
- Change all passwords and login details, remove any unused accounts
Once all of the above have been done and you are confident the hack has been removed, then turn your website back on.
If Google has applied a manual action
If Google has penalised your website due to the hack or you have seen ‘Site may be hacked’ in Google webmaster tools, then you need to perform a reconsideration request to have the penalty lifted.
Within the reconsideration request, you should state everything that has been done to remove the hack and protect your customers. Once submitted you need to wait for a reply.
Long term site protection
Whether your website has been hacked or not we would still recommend the following steps, to help protect your website:
- Enforce secure passwords for all users – other peoples logins are one of the weakest links for any website, Ensure that anyone in the company who has access updates their logins at least once every three months
- Updates – if you use a CMS like WordPress or ecommerce platform like Magento, then there will be regular updates to the core code as well as third party plugins. Ensure that your site is updated regurlarly
- Perform regular site scans – there are a number of server based tools and utilities available if you want to do this in-house, but there are also a number of professional third-party security experts who can help protect your site. Securi and Sitelock are just a couple and offer Malware, Anti-virus and firewall protection for a monthly fee
- Protect your computers – if you login to your website then your PC/Laptop or even your smartphone could also be a channel for malicious software to penetrate your website. As such, ensure you perform regular scans (at least once per week) on your own computers and have strict software update policies in place
Resources invested to protect your website and internal network will pay dividends helping to reduce the risk of your site being hacked and therefore being removed from Google listings.
In today’s world, no site is 100% secure. The primary thing to remember is that your website could be hacked at any time and you need to plan how you would respond.
As Google continues to focus on delivering a good consumer experience, they are becoming stricter as to which sites are shown within their search results and if your site gets hacked then you could be removed from Google for both SEO and AdWords traffic.
As a website owner or developer, it’s your responsibility to ensure that your website (and all that come in contact with it) is secure in order to reduce the risk of a hack. This requires investing in the development of the right technology, personnel and processes to ensure that ‘security’ is at the forefront of everything you do with your website.
If you are concerned about your website’s security or have been contacted by Google with regard to issues with your site, then get in touch with us today and see how we can help.