It is always important to have clean and secure website in order to prevent it from search engine blacklisting, to increase its credibility and authority in the eyes of search engines like Google. Here are the top SEO recommendations and tips for website security.
Migrating from HTTP to HTTPS
From August 2014, Google started considering HTTPS as a ranking signal like many other ranking signals for the website. As security is a top priority for a Google and Google also wants to keep everyone safe on a web, it gives preference to HTTPS sites while ranking them on search engines. HTTPS sites are the websites that use SSL encryption for its each page. Having “HTTPS:// ” URLs for sites is the indication of everything on this will be confidential and it would present authentic data. In fact, it uses TLS i.e. Transport Layer Security Protocol which has 3 key layers of protection such as –
- Encryption. Encrypting the exchanged data i.e. data between client and server to keep it secure.
- Data Integrity. Data cannot be modified or corrupted during transfer without any detection.
- Authentication proves user communicates only with the intended website.
HTTPS:// is useful for site that uses banking transactions or other e-commerce functions. It is must to have HTTPS:// URLs for payment gateway pages to hide credit card information. Not only such e-commerce sites or payment gateway pages but having any website or each website pages SSL secured adds value to website credibility.
Moreover, having traffic that transfers through HTTP site to HTTPS site is considered as referral traffic even though somebody lands on a site as “direct visit”.
Thus it helps in increased rankings, security and privacy; and referrer data too. So it is advisable to migrate from HTTP:// to HTTPS:// to protect website as well as confidentiality of use. Read here how to migrate websites from HTTP:// to HTTPS://….
Hiding URL extensions
Don’t show URL extensions such as .html , .aspx, .php etc. in the URLs of the website. They allow hackers to understand the technology you use to build your website. It becomes easy for them to know the exact vulnerabilities into your website and they can have focused efforts towards your website in order hack it or to inject any spam or virus into the website.
For example,
http://www.xyz.com/about-us.html –> Wrong
http://www.xyz.com/about-us.aspx –> Wrong
http://www.xyz.com/about-us.php –> Wrong
http://www.xyz.com/about-us/ –> Correct
Avoid third party scripts or widgets on site
You will need many widgets or plugins or third party scripts to build the website. But do not use scripts/widgets/plugins that you don’t trust. Many hackers or spammers use such scripts to injects virus into your website that can corrupt or spoil the data on your website. Injecting malicious JavaScripts is also known as Cross-site Scripting or XSS.Wordpress and Drupal are two major CMSes which are vulnerable to such attacks.
Don’t link with the sites you don’t trust
While SEO optimisation of the website you build number of backlinks to your website as a link building practice. You also run link exchange program as a part of link building. Many newbies in the SEO think that building thousands of links will increase search engine presence of the website. But its not true. Linking with low quality, low authority sites, maybe sometimes sites with adult content can completely mess up your website. These low quality, low authority website may run any script on your website and can show unwanted content on it. Moreover, with frequent updates of Google Penguin algorithms, Google can easily penalise the website and remove your site from Google search results.
Don’t allow spam comments
Allowing spammy comments to your blog, forums or while receiving any feedback from readers can be biggest threat to the website. Spammers or hackers are able to inject viruses by running any script through comment box. Sometimes they do so through “website name” field in the comment feature. Best practise to avoid spam through comment box is to not allowing any HTML in comment box.
Having proper designing of databases with correct validations and its security privileges
Use form databases with proper validations. For example, in the name field don’t allow too many characters and don’t allow special characters too. Please, understand that person’s name cannot be more than 35 characters. Also, for the field like emails, phone you will need proper validation that accepts standard formats. Don’t allow any HTML in message field.
For each databases that you should create different user accounts. Assign only read and write access to them instead of giving all privileges like create database, create tables, delete tables or right to access any files on server. Never give root access of databases to anybody.
Stop content spoofing
Hackers do attack on page content and modify it for malicious purposes. At some point later this content looks like legitimate content on the website. Attacker finds injection vulnerability for such reason. Most of the time attackers use web applications that gives some recommendations to users. For example, product bundles on e-commerce websites.
Product bundles are the recommendations which tells users that you should or you would like to buy or that tells you might interested into these particular products or stock too. If such recommendations are coming via link to you, you should be careful. Because attackers find vulnerable parameter into that link and slightly modifies the parameters or valid request which you cannot notice easily. After clicking this link it automatically create webpage which looks like page from e-commerce website that you trust and you think this recommendation is coming from genuine website. If you do any transaction from such link, you may get cheated and loose money.
Along with users, website owner should keep track on such things, because, say, you are using a parameter “buy+product” in URL; attacker can modify it to “sell+product”. So, it is better to have encrypted path for such web applications. Also, in some cases, these spam links also considered as website’s own link( as it is from same domain, but only parameters are changed ahead of domain or any folder path) and may lead in loosing website’s authority.
SiteLock feature to hide identity
Features like SiteLock has ability to find any malware as well as it removes such malware found on your website. It keeps your site clean, prevents search engine backlisting and helps to keep your business running.
Hiding Whois information
This protection helps you to hide your contact information such as registrant’s name, address, telephone and fax numbers and email address. This information often used by hackers and spammers to compile the mailing lists and steal domains. Displaying this information may lead to many frauds and identity theft as well.
Passwords
Keep changing passwords of server logins, control panel, admin panel, FTP logins, any CMSes (WordPress,Drupal, Magento etc.) and database logins of your website. Also, keep changing passwords for email logins, Analytics tools like Google Analytics, Google webmaster tool account, Google tag manager accounts. Hope, these tips will help you to have completely safe online business ! Thank you !!
Leave a Reply