Don’t Forget About Website Security Right Now Because Hackers And Scammers Are Very Active
When it comes to your website, security is often an overlooked topic. Right now, with the current coronavirus pandemic impacting our lives and dominating our news and discussions, we are all very distracted. The bad guys and the hackers know this and can take advantage of the situation while our attention is focused elsewhere. Make sure your website is secure and protected against these threats with some simple and often free solutions. As the saying goes, “An ounce of prevention is worth a pound of cure” and that holds true for this topic here. Taking the time to make sure your website is protected can save you many headaches and a lot of time down the road.
Don’t miss an episode – listen on Apple Podcasts, Google Podcasts, Spotify, iHeart, and more!
YOU’LL LEARN
- Always be aware of website security, especially in times of great distraction
- Security issues can impact your customers or users and your search engine visibility
- Your website should be secure with SSL security
- If you are using WordPress, keep WordPress updated to current releases
- Make sure all WordPress themes and plugins are updated to avoid security vulnerabilities
- Use security plugins for WordPress to easily strengthen the security of your website
- Audit user access, credentials, and password policies to understand who has access to your website
- If your website is compromised, your web page speed can be impacted severely
- If your website is compromised your email addresses can get blacklisted and prevent emails from being delivered
- An exposed website can be hijacked and used for phishing scams, or to charge you a ransom to restore it
- You can use software to monitor your website and watch for any unauthorized changes
Here is the transcription from Episode 56 Website Security During The Pandemic – The Bad Guys Are Taking Advantage While We Are All Distracted;
Jesse Dolan:
Welcome back to Local SEO Tactics where each week, we bring you tips and tricks on how to get found online. I’m your host, Jesse Dolan, here back with you this week without Bob. We’re enjoying our continued lockdown here, and this week we’re going to talk about website security. With everything that’s happening here with a lockdown, coronavirus, COVID-19 going around, pretty much saturating the news and our daily lives, it’s easy to get distracted by it and not focus on other things and that’s the theme we’re going to carry into here today, as it relates to your website and SEO. And with that is security, is really where we’re going with this, website security. It’s easy to be distracted either running your business, trying to survive, trying to make payroll, just trying to get through each day, trying to figure out what tomorrow is going to be like here, and quite frankly, this is the kind of time where it’s ripe for anybody with a malicious intent to strike.
Jesse Dolan:
This has implications for your SEO and for your visibility and exposure for your websites in a lot of ways, which we’re going to get into and hopefully this is timely because if you haven’t explored these areas for your website yet, this is surely something that you’re going to want to take note of and take some action on. This is not going to be overly complicated stuff. It’s just going to be a kind of a good punch list to make sure that you’re protected, that you’re set up the right way and protect your website and that asset, so it continue to perform for you. You can continue to build on it and get exposure. As we’ve talked in previous episodes, everybody’s going online right now. People are trying to find you and your business or your client’s business, if you’re an agency, online, be it social media, your website and things like that.
Jesse Dolan:
So more than ever, protecting that asset is important, and again, with all the distractions and everything else we’re trying to do in our lives, things are just very unusual for everybody right now. Even though we’re a number of weeks into it, it’s still weird and you would just want to make sure you’re guarded. So let’s dive into this and peel away some of these layers here, and make sure everybody’s protected and sitting in a good spot. So first things first is, why does this even matter to SEO and visibility? And we’ll dive into some of these topics a little bit more granularly here, but just as an overall arching concept here, it’s just like you’re building, a physical building. If it doesn’t look good, if it’s not operating, if doesn’t feel secure, customer is going to run away.
Jesse Dolan:
And even further, if they can’t get in, if they’re locked out somehow or somehow something bad, you get broken into, your front windows get broken, and you have to shut down for a day, you can’t do business. Very, very similar with your website, if something’s looking wrong, if people aren’t trusting it or if something even worse happens, and it gets taken down or compromised, you’re not having that ability to interact with those customers, and have them find you and experience your business, and what you have to offer and all that great stuff. So that’s one half of it, which is just that interaction with the customers. The other half is the interaction with Google and really any search engine. But as always, we mean Google, when we talk about search engines here, that’s 80 plus percent of the market.
Jesse Dolan:
So the thing with that is, if customers can’t access your website, if you have things wrong in your website or other things Google is looking for, they’re going to push you down on the search rankings, right? So this is important not just to maintain your search rankings, but also to interact and have that good customer experience. So first things first, web security, the… Gosh, I’m trying to remember which episode it was, I’ll link to it in the show notes. We have an episode where we’re talking about web security, with SSL security or SSL certificates on your website. It’s a little bit old news, but just to reiterate, your website needs to be secure with a SSL certificate to really rank in Google nowadays. It’s pretty rare you’re going to get an unsecured website, a ranking. Google just came out and said that, that’s a ranking factor.
Jesse Dolan:
That’s something that if you are not a secure website, they did put an annotation in the Google Chrome browser. They’ve made it more evident to people when a website is not secure. And so not only is that a factor on the front side for SEO, and the reason they’re doing that is because your website should be secure, to either transact, credit card processing, customers are filling out maybe contact forms or other sensitive information, or just to guard your website, so it is secure, so it can’t get hacked in various ways. So Google decided to make that a ranking factor and make that a user experience visibility factor, because of how important it is. They didn’t just decide, oh, security should be a big issue here. There’s multiple reasons why they did that.
Jesse Dolan:
And so really it all starts with that basic, making sure your website has that SSL security certificate installed on it. If you don’t know how to do this or any of the things we’re going to be talking about today, feel free to reach out to me. Go to localseotactics.com, click on one of the feedback buttons, ask a question, fill out the contact form. However you want to do it, we can definitely help you out and walk you through that. So your SSL certificate is going to be something that you’re going to work with your web hosting company, whether it be GoDaddy, we prefer a SiteGround, obviously. If you’ve listened to the show, you’ve heard us talk about that before, they’re fast, they’re great tech support and everything else. But your website hosting company is going to be where you’re going to need to go, to make sure that you have SSL certificate installed in your website.
Jesse Dolan:
And let me actually reiterate that. You shouldn’t go there to check, you just got to pull up your website. If you’re using Google Chrome, right to the left, you’ve got your web URL up in your browser tab. It’s going to say the name of your website, let’s say www.localseotactics.com. Just to the left of those characters, you’ll see a little lock box icon, a little picture of a lock. If you have the lock, that means your website’s secure. If you don’t, or if it’s unlocked and depends on your browser is, and what you’re using, website is not secure. So if you’re seeing it not secure, that’s when you’re going to want to reach out to your web hosting company or to somebody like us or another agency to help you get that solved. Start there, that’s like 101, everything else is foundational built on top of that, so definitely make sure that’s taken care of.
Jesse Dolan:
Next, if you’re using WordPress, and I’m going to be assuming you’re using WordPress as I always do going forward, because that’s what we recommend. Within WordPress, you’re going to have the actual core application of WordPress, and then plugins that are on WordPress. You’re going to want to keep those updated. So it’s kind of a cat and mouse game. Every time there is some exploit or a hole in security that a hacker finds, they exploit that. And then the developer, whether that’s the developer of the theme of the WordPress that you’re using or WordPress as the core engine itself or one of these plugins, they then have to update their software, their coding to patch that hole, to keep the bad guys out of it. So with your website, if you’re not logging into it on a regular basis to check, now’s a good time to jump in there and see. Make sure you’re updating to the current version of WordPress. Make sure if you have any themes that need to be updated, you’re updating those and make sure if you have any plugins that need to be updated, update those as well.
Jesse Dolan:
A little tip, depending on… Every WordPress website is going to be configured different. So some are a little more stable than others. But as a general rule, if you do have some updates, if you go up in the top left corner of your WordPress dashboard, click on the link that actually says dashboard, and it’s going to tell you if there’s any updates. If there is, you can just do them right there. You can also go down on the left hand side down to plugins, and update your plugins in that area. I prefer doing it through the dashboard myself, and I like updating plugins one by one through that dashboard area, just because sometimes if you update, let’s say, six plugins at the same time, sometimes there’s a bug, maybe they’re not compatible with each other. Maybe there was some kind of a bug in the coding for one of them that crashes another. So I like to do them one by one just to make sure it all runs smooth, and there’s no issues to mess you up unintended there.
Jesse Dolan:
But you can be alerted to all of that, right in that dashboard spot, a little red icon is going to pop up telling you how many that you have to update, and you can take action right there. That’s going to be another critical step in making sure you’re secure. That’s just like updating the software on your Mac or on your PC or your laptop or your iPhone or whatever it is. And comparing WordPress to the iPhone, that’s a good example, your core iOS software update, that’s like WordPress. That’s kind of the engine that runs everything. And then your apps on your phone are like the plugins on your WordPress. So if you have Facebook on your iPhone, you have to update the Facebook app whenever Facebook releases an update, same thing on your plugins.
Jesse Dolan:
So do the SSL security, make sure you’re keeping your website and your plugins updated. And if you’re not using WordPress, if you’re using some other content management system or their application, there should be some similar version of updating and keeping things up-to-date. You’re going to want to do that to stay ahead of that cat and mouse game, and make sure you’re not left vulnerable in any areas.
Jesse Dolan:
Another thing that you definitely want to do is, have some security plugin installed, if you’re using WordPress, to take it to the next step. One very popular one out there is iThemes Security. Let’s see here, we’ve got this list, a couple other big ones, you’ve got BulletProof Security, All In One WP Security, there’s a lot of other ones. You can just do some Google searching for trusted WordPress security plugins, top WordPress security plugins, and I’ll link to these ones on the show notes here. A lot of them, as long as it’s well known and you can check before you install a plugin, you can see how many people have downloaded it in the WordPress panel, you can see what kind of reviews are out there. You’re going to want to pick a trusted one, because we’re talking about security here, right?
Jesse Dolan:
You don’t want to pick a security plugin, to protect your website, that’s not trusted. That’s just asking for trouble. So pay attention to the reviews, pay attention to the amount of downloads, installs. And also if you’re not going with one of these ones I mentioned, which are the big ones out there, check and see when the last time this plugin was updated. Before you install that, you can clearly see when is the last time it was updated, is it compatible with your version of WordPress and things like that. If you’re installing a security plugin that hasn’t been updated in the last year, that’s probably not a really good idea. So pay attention to that. And what these plugins are going to do is, lockdown various elements of your website. With WordPress, there’s a lot of files, and a lot of pieces of information that are out there in addition to what you see on a webpage.
Jesse Dolan:
These plugins are going to close all those doors, for lack of a better way of putting it, and they’re going to conform to a lot of best practices, to really lock some things down or even alert you in some cases. Maybe if something got changed that you weren’t aware of or things like that. I’m not going to go through all the features on those, because this isn’t a podcast about promoting any particular security plugin. Depending on what you’re looking for, if you’re going with some of the trusted ones that I mentioned here or some other ones through your own research, you’re going to see what those features are. They all vary a little bit. At the end of the day though, they really lock it down.
Jesse Dolan:
It’s like for your house, you can lock your doors. But then if you have an alarm system or a security system where you can tell if people are opening windows, you can tell if they’re opening doors or tampering or maybe motion sensor lights outside and in critical areas, that’s what this is doing. It’s adding that next layer of defense to your website, and that’s going to be pretty important for you to do too, definitely recommend that you do that on your website. If you don’t have any kind of a security plugin, do that. If you’re not sure if you have a security plugin, reach out to us. We can help you check real quick. There’s some tools online you can use to analyze it and tell you what is running on your website, and answer that without really anything too invasive. Happy to help you out with that here in this time.
Jesse Dolan:
Another thing that you’re going to want to do is just make sure that your users of your website… It’s something that’s under your control. If you’re the only person that manages your website and logs into it, then that’s fine. I would say in that case, make sure your username and password is up to date. Make sure you’re keeping it somewhere secure. Maybe even change your password. If you’ve had the same password for 17 years or forever, maybe it’s time to change that, if you’ve shared it with some people, and you just want to be secure. If you don’t care about that, then that’s fine too. But if you do have multiple people on your WordPress website as users, now is also a good time to jump in there, and take an audit of that.
Jesse Dolan:
Who have you granted access to in the past? Are they still active? Do these credentials still need to be out there? Because anybody that has keys to your house, can get into your house, and anybody that’s a user to your WordPress website, can log into your website and either make changes or potentially it can be compromised, then the bad guys can login. So take advantage of the time right now to do an audit on your users, and make any changes necessary there or at least document it, so you know what it is, what the status is of it right now. I think maybe I should take a real quick step backwards to why are we being secure? Why are we worried about it? So your website gets hacked, what does that even mean?
Jesse Dolan:
Why do we care about this, in addition to the headache of it all, which is something that’s definitely real for your time and energy and money. And there’s real implications if your website does get hacked, to the performance of your website and again to the SEO ranking. So let’s just take a pause here, and run down through some of these situations, if you’re exposed, what can happen? So a couple of things. If your website gets hacked, generally what the bad guys are looking to do, let’s make the assumption they’re not after credit card information, or they’re not trying to steal anything. They’re just looking to hack your website, to get into your server that your website is hosted on, to be able to use that and leverage that. They maybe, will be using that to send out spam emails. That’s a very common thing. If a website gets infected, a server gets compromised and that server now is using that IP address, and the hardware on that server, if you will, to send spam emails all around the globe.
Jesse Dolan:
We all get these emails all the time, right? This is a very common way for them to do that. That’s how the bad guys don’t get tracked down, that’s why they can’t stop this, is because they will pop up and infect computers and servers, and use them to broadcast out spam emails. Why is that bad for you? It does two big things. One, if that’s coming from your IP address or even your domain, sometimes your own dotcom, you can get blacklisted on the spam filters, and you can have some real big problems on your hands for your own emails getting delivered. Secondly, that can severely slow down the performance of your web server. Your website, maybe you know a nice fast website, loads quick all the time. After you get infected and this kind of traffic is on your server, because it’s being used not to show a webpage and a website, but it’s being used to send emails.
Jesse Dolan:
Now the horsepower on that server is taken up by that malicious activity, and your website is going to load really slow. If your website loads slow, you’re going to get bad rankings, right? We know that, that’s a ranking factor is the speed of your web pages and how fast they load. So if your server/ website is compromised and is loading slower, you won’t see that impact maybe tomorrow. But as soon as Google figures out your website is slow, maybe before you even know that it’s hijacked or compromised, your rankings, they’re going to start to drop. In addition to that, even if your rankings hadn’t dropped yet and it’s loading slow, that’s pretty bad for users. The more we go onto mobile, the more people kind of transition to that, which is continuing to happen day after day, we have less patience, right?
Jesse Dolan:
We’re not going to wait for that thing to download. So you also have a user experience issue there, at the same time. And if they’re not using your website and server to send out spam, it could have other malware injected into it for tracking, for phishing, for all kinds of other ill-intent situations, but they’re going to have the same kind of effect. They’re going to crash your site, they’re going to slow it down. They’re going to cause problems on your IP address or your server, and other things in the background there. So whatever the intent of them leveraging your hardware, your software, for whatever evil purposes that they have, the impact for you is going to be slow performance or completely down and offline or you’re going to get blacklisted, and your web rankings are definitely going to drop, if those things are happening.
Jesse Dolan:
So that’s the reason that this is a big deal for us. It’s not just to be secure to eliminate that headache, which is a real thing, but also this keeps your website running good. This keeps your rankings where you want them to be, and allows you to move forward, instead of having to clean this up. Now in the most extreme scenario, your website and webpage can actually get hijacked and that’s the worst. Not only are all these malicious things happening in the background, but also if a customer tries to visit your website, they may be seeing a page that’s not yours. Whether that’s redirecting to another website, like in a phishing scenario, where they think there may be going to your webpage, and they’re checking out on a third party page that looks like yours, but their credit card information is getting stolen or another version of that kind of hijacking is, your website’s taken down and replaced with a page that just says, pay XYZ person this much Bitcoin or this much in a wire transfer to get your website back.
Jesse Dolan:
That’s going to suck. Right? That’s again, a huge headache. Huge turnoff for your customers. Can you imagine visiting a website that has that, and then being comfortable going back there down the road. That’s an uphill battle. So those are some of the most common and really big things that we’re talking about here, on why these different types of security, and these different layers of security are important for your website. A couple of other quick best practices here too, just to round it out. You can use something like uptime monitor. We’ve talked about that in a previous episode.
Jesse Dolan:
There’s other versions of software out there that does this. Some are free, some are paid, but basically they can monitor your website to see if you have downtime, if your website comes down in the middle of the night for some reason for an hour that you’re unaware of or something like Watchtower can tell you if there’s changes. So again, if your website got hacked, whether there is some change in the code in the background, maybe not visually on the page, but just some background code, it can alert you with that or if something actually does change on the page visually, it can alert you to that as well. So uptime monitor, Watchtower, I’ll link to those here on the show notes. There’s other ones out there. Those are just the two that we’ve mentioned before, and the two that I’m pretty familiar with. You can do all kinds of different configurations on these and alternate versions of those products, to really fine-tune what it is you’re wanting to monitor.
Jesse Dolan:
But if you just think about that, how cool would it be to know if your website comes down or if something changes on it? Sometimes you’re going to make the change yourself, so you just dismiss that and say, well, I know about that. But it’s a pretty cool feature just to keep eyes on it, when you’re not looking. Another thing you might want to do right now, is just run some tests on your website to see what the speed is, just to get a baseline, webpage.test.org is our favorite. We talk about it all the time. Just run it, so you can see what your speed is right now. Save it away with some of this other information, if you’re recording it just to get a baseline, so down the road if something happens, that’s just another area that you’re able to fall back on with a baseline, to see what kind of changes are happening.
Jesse Dolan:
Another great practice here, we talked a little bit earlier about users for your website. Right now, if you’re in a scenario where you have one login for your website, maybe it’s username name is admin and the password is password. And if there’s multiple people, you and your associates are all logging into your WordPress website with the same login making changes, stop doing that. Go into the WordPress dashboard, create users for each person and make sure you’re very clear on who’s using it, when they’re logging in, what they’re doing. There are some tools out there, some of these plugins to let you see who logged into your website, at what time, track user changes, user activities and things like that.
Jesse Dolan:
But definitely if you’re sharing your login information, number one, that’s bad for security reasons. Because if you’re sharing it, unless you’re doing some kind of encrypted email communications, there’s a chance that can be intercepted. Secondly, if you’re sharing with multiple people, you have completely lost any audit ability to find out what was compromised, who was compromised and how. And third, if you do change your password, everybody gets locked out, right? So, that’s a bit of a hassle. And the last best practice here is not so much directly on your website, but more kind of a step before that is your computer, whether you’re on a Mac or a PC. Back in the day here, a couple of years ago, Macs were well known. One of the things that touted was that they don’t get infected like PCs do. And while that may be true, they are vulnerable just like PCs are.
Jesse Dolan:
Make sure your computer is up to date with its software, whether it be windows, iOS or whatever you’re running, have the security on the system that you’re using, to access, administer your website. Have that to be just as secure, and just as up to date as your actual website itself. Because you can have your website, all these things we just talked about done, and be very, very secure. But if your laptop, you’re using to log into your website, is compromised and your user information can be scraped or otherwise obtained by the bad guys, now it doesn’t matter how secure your website is, they just got the lock to get into the front door, right? So don’t miss that step. Not again directly related to your website and SEO there, but another great security best practice for you to keep in mind. That is pretty much it for this week.
Jesse Dolan:
Again, here we’re trying to go on the pivot here, with the coronavirus situation and COVID-19, talking about some things that you can do with your website to either increase your visibility, to pivot to serve customers where everybody’s looking for or other things that are topical about the current situation. Today we’re talking about not ignoring the security of your website while this was happening, not being distracted, and even further knowing that there are bad guys out there taking advantage of the situation. There is an increased chance for you to be compromised. So take action to make sure that you’re, you’re well protected, so your investments and everything you’ve been working on your website, doesn’t have any issues and is not compromised. If you have any questions about any of this or any related topics, again like we’ve been saying the last few episodes, please reach out to us, localseotactics.com. Can’t say that we can help you for 40 hours, totally free, pro bono. But don’t be afraid to reach out for any questions.
Jesse Dolan:
I’m happy to give free advice, give quick tutorials, give quick lessons or insights as much as possible. If you need to hire us for any service to execute some of this or consult with you to get this done, we’re here for that too. So really any capacity that you need help with any of this, please reach out and we can help you or point you in the right direction, localseotactics.com, again bottom left corner. Submit a question, find one the feedback forms, whatever you got to do, get a hold of us. We’re here to help you out. Other thing on the website, top right corner, free instant SEO audit. Everybody out there in addition to worrying about your security, should still be trying to make hay, while the sun shines here with SEO. A lot of us have some free time now, that we didn’t have before.
Jesse Dolan:
Great time to be working on your website and your SEO. Use the free instant SEO audits to check your score, get a punch list, see what you need to do on your website. If you’ve used it in the past, run it again to see your before and after. And as I mention it every so often, run your competitors through this too. See how you compare against them. Run an audit on their website, run an audit on your website and find out what the strengths and weaknesses of each are, and take action accordingly. You’ll find that on the website, localseotactics.com, top right corner, yellow button, and it’s pretty quick, free. Use it as many times as you want. All right, it’s going to get into our five star review the week here. If you haven’t left us a review yet, I would implore you to do that.
Jesse Dolan:
I love reading them. It’s great feedback for the show. I hope you guys like hearing them as well, to hear what your peers have to say, and what kind of feedback everybody’s getting. It also helps us for exposure for the show. We’ve talked about Google reviews and everything else, every three or four episodes I feel like, and this applies to us as well too, right? So sharing the show, giving us a review, whether it be on Apple podcasts, Google, whatever it is, it’s all great feedback, helps the exposure and keeps this going. So if you like what we’re doing here, if you’re getting a value, definitely that’s something that we would ask you to do to help us out, and keep all this going.
Jesse Dolan:
So this week’s five star review is from HCSMSD. It says, “If you have a blog, you need this podcast. People get so caught up in social media and don’t want to think about SEO. But this podcast tells you why you need SEO, easy and actionable steps.” Perfect. That’s something I’ve been preaching actually this week to a couple of different clients. Yeah, people are really caught up in social media right now and rightly so, because we are all on our phones, and on Facebook more than we had been 30, 45 days ago. That being said, people still are looking for things online. That’s not going away anytime soon, and you can’t ignore that. You can be found and shared in social media, but really your brochure, your company, your store, is your website in most cases.
Jesse Dolan:
And yeah, great point, HCSMSD. You got to focus on your website. You can’t just be a one-trick pony on social media. Everything works in unison here. So glad you’re getting some good nuggets out of the podcast. Easy, actionable steps as you’re saying, that’s something that we strive for, to break it down and help all you guys and gals out to make sure you can make traction, and get the stuff done. That about does it for this week. I’d love to hear from you guys and gals on, again any feedback you have, any questions you have, or if you want to leave us a review, localseotactics.com and until next week, take care.
To share your thoughts:
- Send us a comment or question in the section below.
- Share this show on Facebook.
To help out the show:
Your ratings and reviews really help and we read each one.
- Leave an honest review on iTunes
- Subscribe on iTunes
- Subscribe on Google Play
- Subscribe on Stitcher
RESOURCES
SHOW FEEDBACK
We're here to help! Share your thoughts on what you'd like us to focus on, or what challenges you are facing right now.