Website Security and SEO
More recently, relatively speaking, users have become far more aware and indeed smarter in the way they use the Internet and engage with websites, so having a visibly secure website (https with a padlock icon in the browser bar) is a good place to start.
User confidence aside, there's a real and consistent threat that's lurking around the Internet - you've heard of Hackers, right? Well, just in case you haven't, they're very real and on average, there's a hacker attack on a website every 39 seconds, hackers steal 75 records every second and hackers produce 300,000 new malware apps every day.
Website security really does matter.
Is Website Security Important for SEO?
Well, reading the above, it's abundantly clear that website security is evidently important, but what's the link between website security and SEO?
The search engines, like Google for example, are a business - and businesses want to stay ahead of their competitors. This means that they're always striving to deliver better results and a better experience. As with any brand, part of this experience is that of 'trust'. Trust is earned, not given, so with the ever increasing security threats that exist online, the search engines are now actively including website security metrics as part of their SEO ranking signals.
By including web security metrics in their ranking algorithms, the impact of websites that are not secure can be bad - bad in a way that less weight is given to non-secure sites, that is 'http' sites and more ranking weight is now given to secure sites, the sites where the URL starts with the secure 'https' protocol.
If you don't have an SSL certificate and only serve traffic via the http protocol, your SEO will suffer and your ranking in the SERPs will dwindle.
In addition to the addition of an SSL certificate (which allows traffic to be served via the secure https protocol), another critical factor is that of database security, and making sure that your site is not subject to things like 'SQL injections'. Poor security on database driven sites really can be a huge problem. By using SQL injections, hackers can exploit database vulnerabilities and interfere with the database queries to retrieve sensitive data and even hijack web servers. At the very least, that's a GDPR nightmare you really don't want in your life. Even more critically, with this level of server access, hackers could cost you and your users £000's by stealing payment data and hijacking PayPal addresses etc etc
Beware of Cheap Websites and Hobbyist Web Designers
When it comes to security, the chances are that website security issues haven't even occurred to the hobbyist or enthusiast web designer. Not wanting to take anything away from people wanting to earn a living, but in so many cases the lower cost, self built websites are disasters waiting to happen. It's so easy to build a drag and drop website on a free platform with little or no actual professional experience in this field, but the various 'free' widgets and plugins can be extremely dangerous when it comes to website security.
According to a study undertaken by Sucuri (a renowned website security company) approx 90% of the websites that were hacked in 2018 were WordPress websites.
Ask yourself the question - why are so many widgets and plugins free on 'open source' website platforms? A possible answer may be that they make their money in other ways... They are not regulated - and in many cases, they're installed on websites with full access to sensitive databases, without any thought whatsoever to security. Scary.