Here is the Transcript for Episode 79 – What Is Insecure Content and How To Find Insecure Content On Your Web Pages:
Caleb Baumgartner: Welcome to Local SEO Tactics, where we bring you tips and tricks to get found online. I am producer, Caleb Baumgartner bringing you this week’s episode on insecure content. You want your website to rank higher on Google, but insecure content on your website that you don’t even know about, could be hurting that. Bob and Jesse walk you through defining insecure content and how to find and fix it to improve your website’s ranking. Also, we would like to ask our viewers and listeners for questions regarding schema for future episodes with schema expert Terry Samuels. If you have any burning schema questions that you would like to pose to an expert, now is a perfect opportunity. Thank you for downloading and enjoy the show.
Jesse Dolan: Welcome back to Local SEO Tactics where we bring you tips and tricks to get found online. I’m your host, Jesse Dolan, here again with Bob Brennan-
Bob Brennan: Howdy.
Jesse Dolan: … via Zoom. Thanks for jumping on, Bob. Is that a hockey stick back in the corner there?
Bob Brennan: Indeed.
Jesse Dolan: New edition.
Bob Brennan: With a big knob, just so you guys understand what that’s all about.
Bob Brennan: If you watch former hockey player, Mikko Koivu, he had a big knob on the end of his stick. Basically, in hockey, you’re going to get your stick hacked and whacked on and stuff like that, and you don’t want to drop it, so a lot of times you’re reaching for the puck, and if you have a decent knob, you’re not going to lose your stick. Just a little inside tip there for you.
Jesse Dolan: I was hesitant. I wanted to bring it up. Just didn’t want to see where it would go, but was going to ask you, what does that mean to have a big knob on the end of your stick?
Bob Brennan: Yeah. I don’t want to go down that path too far, but basically, that’s what it is.
Jesse Dolan: Then, that’s a ski map in the background there too, right? If I’m not mistaken.
Bob Brennan: Yep.
Jesse Dolan: Where’s that at?
Bob Brennan: That I believe is Vail. As we go along here with these YouTube deals, I’ll try to festoon the background with different places I’ve skied. I think the next one is Breckenridge. I’m in my fifties; I’ve probably skied close to 30 different ski areas, I’m guessing.
Jesse Dolan: Wow.
Bob Brennan: As I get older, I’m just trying to collect some of the maps where I’ve gone.
Jesse Dolan: I’ve taken us down a path, I know, but we should take a moment if everybody doesn’t know, you aren’t just a good skier that skied at 30 different places. You have a degree in this industry as well.
Bob Brennan: Yes. I went to a place out in Colorado, called Colorado Mountain College, and I went to the University of Minnesota for a year and had a solid probably C plus average. Later on, as I got going down the road here in life, I don’t know if it’s ADD, I know there’s some dyslexia involved, but basically my learning skills are not the greatest when it comes to the traditional classroom. I went to this school, it’s more of a kind of vo-tech school, out in Colorado, and learned two years’ worth of education on the ski industry. It was pretty cool. You got to learn how to do all kinds of things; driving snowcats, ski patrol, mountain rescue, avalanche control; I took an avalanche course on that, chairlift construction, and all kinds of great things. For somebody who has the attention span of a gnat, it was a fun experience.
Now that being said, you’re not going to make a crazy living in the industry. It’s a lifestyle industry, obviously, but nonetheless, it was pretty fun.
Jesse Dolan: Oh, kudos for even doing it, to continue the path, and like you said, pivoting, understanding where your strengths and weaknesses are and still pursuing something. Plus you get to blow up the side of the mountains with that avalanche control, which is who wouldn’t like doing that?
Bob Brennan: Anytime you can handle explosives and not kill anyway, that’s good.
Jesse Dolan: Right. Right. It’s part of school. I swear.
Bob Brennan: Yeah.
Jesse Dolan: I’m supposed to do this, but no, I said I digress, but it’s a cool background there. We’ll look for future updates on the other resorts that you’ve stolen maps from. All right. Well, before we get into today’s episode, I do want to mention, everybody, if you haven’t listened, we have a couple episodes here previously with Terry Samuel’s jumping on and talking about schema for your website. How to implement it, what it is, kind of some basics in it. We’re going to get a lot deeper with Terry in some future interviews with him. What we want to do is answer your questions. If you haven’t listened to those episodes, probably pause this one, go back, check those out. If you’re interested in schema for your website, which we get a lot of inquiries about that like, “Hey, can you help me out with this?”
Terry is going to come back on; he’s going to answer your questions, how to do this, why to do this, what’s the difference between this and that? Things like that about schema, so if you’ve got questions about schema, whether they’re beginner or advanced, we’re going to do multiple interviews with Terry. He’s the guru and the person that you’d want to ask. Send those in, go to localseotactics.com, bottom left corner, click Submit a Question. Just like the episodes, we do a SU as well. If you want to just type that in and send it through the form. Great. If you want to record the audio and then we can use that when we interview Terry.
If we’ve used the audio, we’re going to send you a free T-shirt too, just to kind of entice you. Audio is a little more dynamic, makes for a cooler show, and also gets you out there engaged in our show and in part of it, which we would really like. Check that out, localseotactics.com, click Submit a Question for all your schema inquiries, and we’ll throw them at Terry in some future episodes here.
All right. For today’s topic, what we’re going to be talking about is website security. Not so much like how to necessarily protect yourself from hackers or some things like that, but more as it relates to Google and having a secure website. A while ago, Google came out and said very clearly that website security is a ranking factor. Meaning if your site is insecure, you’re going to get demoted. Google doesn’t share insights for what is a direct ranking factor on very many things. That’s part of the craft of SEO, and the continuing education and the testing of SEO. What works, what doesn’t work? What does Google seem to favor? So when they come out and they say something explicit like this matters for your ranking, you got to sit up and take notice.
This isn’t a new revelation, to be clear, this isn’t breaking news. This has been around for years, but we’re going to dive into kind of a little bit of a minutia within that security here. Before we go into that, we’re going to talk a little bit in general, about some of the things that have been spoken before with Google. We do have an episode; I think it was one of our early ones. Number eight I believe. If I’m mistaken, we’ll put a link to it in the show notes either way here on the episode page, but I think it was number eight where we talked about some of Google’s initial statements about the security, and what matters, your website. Not going to rehash all of that, so check that out if you want a quick primer on that. But basically here today, what we’re going to be talking about is the actual content on your website. First, how do you know if your site is secure?
Bob Brennan: One of the things that I think we’ve heard some comments from our listeners. We do a pretty good job explaining it, I think. I’m excited about what you’re going to do next, so if you’re listening to our podcast and you can get to the YouTube version of this, please do, because what Jesse going to jump into here is pretty cool. He’s going to be sharing a screen and essentially showing you examples where in the past, we just kind of rattled off via audio so to speak, these examples and this will… If you’re like me, you need… You’re a visual learner. This will be huge, so if you can hop over to our YouTube channel and capture this, it might make a little more sense.
Jesse Dolan: Great point. If you don’t know where that’s at, just again, localseotactics.com, go to this episode and you’ll find a link to YouTube at the bottom of the page there, or just search Local SEO Tactics, YouTube, on the Google machine and you’ll find it there. Thanks for that quick disclaimer/note, Bob.
Yeah, I am sharing the screen. I’ve got up on the screen, our localseotactics.com website, as the example. A couple of things I want to point out. How do you know if your web page, website is secure? I am using Google Chrome on my browser here, so we’re using our localseotactics.com as the example here. We don’t have anything that’s wrong on this, so we’re not going to find anything insecure or problems, but I’m going to show you using this as a tutorial on where to go to check these things out. Right?
First thing up here on the top left corner, again, I’m using Google Chrome. Your website is going to want this little lockbox. If you have that, that means you’ve done a couple of things correct so far. You’ve got an SSL certificate, Secure Socket Layer certificate installed on your site/web host. If you don’t have that, definitely take care of that. Most websites have that by now, so if you don’t, definitely you’re behind the game and you’ve got to get this taken care of.
Just go to your web host, whoever that is, if it’s GoDaddy, if it’s Bluehost, whoever. This is usually going to either be free or very low cost, as in 10, maybe $20 per year, if that, but most providers now, it’s a free service to keep your website secure. You get that installed. At that level you’re going to enable the ability to have this lock being shown here. The other thing is, if you look at the actual URL here, it’s HTTPS, that S stands for secure. I had a note here, if you’re wondering what the heck does the rest of that stand for. It’s Hypertext Transfer Protocol. That’s what the HTTP is for, and then the S means secure. If you’re seeing that up there, odds are you’re not going to have any problems on your website, but we’re going to show you a little bit deeper dive on how to check some of these things out.
Those are the basics on, is your web page secure or not? Now, what we’re really going to get into today is, do you have insecure content mixed in on your web page or what we’ll call mixed content? Okay? For an example, would be, let’s just say this link right here on our page jumps to another page on our website. Now, whether this linked to something internal or external, it’s a link on our website. The website, the web page is secure. If this link was not secure, if it was an HTTP link, Google is going to see that as insecure content on your website. Why does that matter? Just kind of in a basic explanation, if you’re a secure website, you shouldn’t be linking out to something insecure. That may be seen as maybe you’re doing some kind of phishing scam, or something malicious. You’re trying to convert somebody over to something that isn’t secure for some kind of nefarious reasons, whatever it may be. That’s kind of the root of what we’re getting at here.
Google expects you to have a secure website through and through, and so, one of the things, and we do this when we do a comprehensive web SEO audit for our clients, is we check their website to make sure there is no insecure content. There often is, just a little thing here and there that that gets missed, and that can impact your rankings, because what we’re trying to do here is build trust. Google wants trusted authoritative sites.
There’s really two things here that we’re going to show you on how to check your website, to see if you have mixed or insecure content on your page. Actually, I should say there’s three, I’m sorry. I said there’s two, but there’s three, bonus. We’re going to have three of them here. The first, is this actual little lock box up on the top left corner of your browser. Again, using Google Chrome. Other browsers might be slightly different, so forgive me, but if you click on it, you’re going to see some details. Here at the top it says connection is secure and your certificate is valid. Your certificate, that’s that SSL certificate I was talking about that your web host is going to take care of for you. Those two things you’re in pretty good shape there. I’m not going to click learn more and kind of go through that. You can check that out if you guys want to know more.
Another thing you can do here, and this is again using Google Chrome, which is a very popular browser, but if you don’t use this as your default browser, you can still install and use Google Chrome to check this function out on your web page. Okay? When you’re on your page, do Ctrl + Shift + I, as in the letter I on your keyboard, and you’re going to open up the web developer tools within Google Chrome. This isn’t something a lot of people use or maybe even know about. There’s a lot of powerful tools in here. The one we’re going to go through today is the tab for security. Again, as Bob pointed out, if you’re checking us out on YouTube, even if you’re not, maybe jump over to YouTube and check this out, kind of walking through it right here.
Once you do that Ctrl + Shift + I on your page, you’re going to jump to the developers view within Google Chrome, and you’re going to have a bunch of tabs up on the top right. Element, Console, Sources, Network, Performance, Memory, Security, and some others. You want to click the Security tab for the purpose of what we’re talking here. You can see on our example, for our show page, it says right at the top of this page is secure valid HTTPS, which is awesome. This third bullet point down, for resources.
If we had insecure content on our page, that’s where it would be showing up. You’re going to have a note there, where it should say content is secure. If it’s not, I believe it says there’s mixed content or content is insecure. Again, our page luckily is secure, of course, so I can’t show you that and I forget what it says, but it’ll be red. Right now it’s green, right? Green is go, green is good. Green passes. If there was a problem on the page, it would show us in red right here, and then it’ll give you an explanation on what it is.
To get out of this view, because if you’ve done that Ctrl + Shift + I, your page looks a lot different than it normally does right now, right? Up in the top right corner you’re going to see a little X, not your X all the way up in the top for the web browser, but just for this new thing that opened up. Click Close, and that’s going to bring you back to your regular web page. If you don’t want to do that and kind of go that route to get into the developer tools, also called the dev tools. Right Bob? That’s what we always say is dev tools, whenever you and I were talking-
Bob Brennan: When we’re at the bar.
Jesse Dolan: Yeah. Trying to impress people.
Bob Brennan: That’s right.
Jesse Dolan: Another way to do it, and this works in most browsers, this is kind of a built-in deal that most browsers are going to support, is to look at the source code of the website. Again, if you’re using Google Chrome, or Explorer, or something else, you should be able to do a version of this, but just right click on the page somewhere, just like in the body of the page and click View page source. That’s going to open up a new tab and it’s just going to be the coding of the website. You’re not going to see any images. It’s just a bunch of text. In fact, the line by line coding of the website.
What you’re going to want to do here is you’re going to want to look for insecure links, and when I say, look, I don’t mean to actually read it, because this is going to be the most boring thing you’ve ever looked at in your life, unless you like coding. What you want to do is do a Ctrl F, which is a shortcut for Find, and you’re going to type in HTTP, because if you put an S on the end of this, that’s what most of your links are going to look like, but if you go HTTP, you’re going to find, and in this case, we have three instances that it’s shown here.
Now that’s not alarming, and I’ll explain that here in a second. That’s going to then jump right to, or highlight on your page, the spots where you have that HTTP. Now, you can fix all these areas, so none of them are going to say HTTP, and change them all to be HTTPS, but really where it’s going to be the most egregious is when you’re loading an element. If you have a photo that’s on your website, you want to make sure that that’s not a HTTPS call, right? Or if you’re linking out to another page or to a page within your website, you don’t want that HTTP to be there. You want it to be secure with that S.
If your page again is not showing this little lockbox, and it’s kind of being green and all that, you’re going to have something on your page. If your page is good, like our example, on our show page here, and you got the green lock box, and you’re finding something that is the HTTP. In that example, I just did, like this right here. What does it do? It’s showing some open graph stuff for Facebook. That’s just a reference out to a resource. That’s going to be just fine. If you don’t trust that, and you still want to tweak that, then what you’re going to have to do to change those, is you’re going to have to then modify your web page, right? If you’re using WordPress, again, if it was a link that you had on your site that was linking out to another resource or linking to another page of your website, you’re going to want to edit that page. Go in, change that link to use HTTPS as the start of what you’re linking there, publish it, save it, and then you’re going to be in good shape.
If you were getting errors, if you went into the developer tools and it showed that you had errors after you make these changes, go back, rerun that, reload your page, run the developer tools again, and do a check on it. That should take care of everything for you. If it didn’t, you missed something, go back and do it again. At the end of the day, if you weren’t having this lockbox up there, you will, if you’ve done it properly. This is something that usually kind of gets overlooked. Like I said, this is also something that’s more page by page on your website. This isn’t just for your website in general. If you notice we’re looking at a specific page and I should stop sharing this as well. Video tutorial over, but it is something to pay attention of, pay attention to, I should say.
I would definitely check your homepage and any of your popular landing pages. If there’s a page you’re trying to get ranked and drive traffic to, you want that to be secure. You want that to get ranked in Google. If you can check every page on your website, great, go for it, but if you can’t and you have to prioritize; definitely prioritize based on what are your popular landing pages, what’s getting traffic, or what are you trying to get ranked. Things like that, and give them a check, because if your page is not secure, Google, won’t show it. Like we said, right at the beginning there. Hopefully that makes sense to everybody.
Bob, I know this is not an area that you play in all the time. This was kind of more of my area on the development side. What do you think? Does that make sense? Does that, as a non-technical user, is that…
Bob Brennan: It does. I mean, I think, the security issue came out, probably what, three, four years ago?
Jesse Dolan: Yeah. Yeah.
Bob Brennan: I remember when it did, and I think we were having challenges on one of our sites and made those adjustments, and it moved it up quite a bit. Are there any speed concerns with any of this, and it really shouldn’t affect loading speed or anything like that, right?
Jesse Dolan: It shouldn’t, unless… If you’re just having a little minor error here and there, no. If there’s something that’s kind of more of a problem on your site, if the material it’s trying to pull in is having a problem, because it’s insecure. I mean, there could be a by-product of it, for sure. But no, I wouldn’t assume that if you find an insecure element you’re guaranteed to have a speed result, but you could be having some kind of speed issues as a byproduct. Without getting too deep into it.
Bob Brennan: Yeah. Again, links to reputable sites like Facebook, whether it’s secure or not. I mean, is that, that big of an issue with that mix piece? Or how…
Jesse Dolan: Yeah, for sure. Anything that’s actually linking out, like a active link on your website. The example we were looking at, when we were looking at the source code of our website, for the example, there was a reference to some non-secure content within that, but it wasn’t active content on the site. It was more of text that’s in there for the notes, to kind of read what’s happening in the code if you will. It wasn’t an actual image, or a link out to CNN, or out to Facebook, or a link to another blog post. If that’s the case, if those things are insecure. If you’re linking to Facebook, but you’re not using the HTTPS protocol, then yeah, I would definitely fix that. Even if it’s a reputable website like Facebook, you’re still linking to an insecure link from your website. You’re taking your secure site and directing traffic to something that is not secure, regardless of the reputation of that site.
Bob Brennan: Obviously, like you said, the fact that it’s reputable doesn’t mean that it’s a secure situation. You need to make it secure.
Jesse Dolan: Yep. Yep. You’re in control of that, and usually this happens on accident. This isn’t something that is done on purpose on your site. It’s an error, right? Something to check out. Again, like I said, I’d prioritize it on my homepage and then my popular landing pages, and if you do have a page that you’re like, “Man, I feel like I’m doing everything right on this, but I’m still not breaking through and having some good ranking or SEO results.” If you haven’t checked this out, check it. I’m not saying it’s going to be some magical cure for it, but all these little signals add up in the eyes of Google. If this is something that you’d never checked out, I’d definitely give it a look.
All right, I’m going to jump into our review here. We got a great five-star review from Cole Bennett, and actually shout out to Cole, Portage Creative. We’ve worked with Cole, done some work back and forth. Cole’s a great guy, and he actually left us this review quite a while ago. Just getting to it here. Short and sweet though from Cole, says, “Love the SEO Tactics podcast, super helpful content, and well-delivered.” Straight to the point, Cole. We appreciate that. It’s been fun working with you too while learning about your business and I glad we could help out.
Everybody else, we’d love to get a review from you. Man, I think we say this all the time, and I think I say, “We say this all the time,” as well, like a broken record here, but this is how we know we’re doing a good job for you and bringing value. Leave us a review, whether it be on iTunes, Facebook, Google My Business.
Go onto localseotactics.com, scroll down to the bottom. There’ll be a link for reviews. We make it real easy from there. Just click to whichever portal you want to drop a review on. We’d love to hear from you. As long as you keep sending them in, we’re going to keep reading them on the show, and we really appreciate that.
One more shameless plug, check out our free instant SEO audit, also on localseotactics.com. Yellow button, top right corner, plug in your page, plug in the keyword you’re trying to optimize for, and it’s going to give you a quick checklist of what you’re doing right, and what you’re doing wrong, and some recommendations on how to improve your SEO, and get some better rankings for your page.
All right. Bob, anything else to add to the episode here? Or is it time to wrap it up?
Bob Brennan: Nope. Nope. That was helpful.
Jesse Dolan: That’s a good one. We’ll check in with you and your big knob next episode, and everybody else, thanks for tuning in. We appreciate it, and we’ll catch you next time. Take care.
Bob Brennan: Bye.