SEO and Site Security

Padlock sitting on a laptop keyboard

Site security is obviously important in order to keep both your users and your business safe. And when it comes to SEO, a safe site is a good site in the eyes of Google and other search engines.

But do you know all the areas where your site security can be compromised? It might surprise you to know just how many ways there are for hackers and spammers to use your site against you.

This guide looks at site security, how to make sure your site is safe, and how all that specifically impacts your search engine optimisation.

Why is site security important for SEO?

User experience and trust

Ultimately, the sites that do best in search are those that optimise for user experience. That means, if your site fills the needs of your visitors and does so in a way that’s easy and instinctual, then it’s likely to do well in search.

Naturally, part of creating a good user experience is ensuring your visitors and their data remain safe and secure. Users want to trust your site and know that payment details are safe, that their personal information is private, and that they aren’t going to come across any spam or be redirected to other websites that they don’t want to visit. Keeping users safe builds trust and signals to Google that your site is worth ranking.

Search engine rankings

Aside from user experience, there are other considerations when it comes to site security and SEO. If you’ve spent time and money getting your page towards the top of Google Search, then you want to keep it there. A targeted spam attack or a breach of your website security can bring all your hard work tumbling down. Google will pick up that your website is no longer what it used to be and will send your rankings plummeting. And with plummeting rankings comes plummeting traffic and sales.

Then, of course, is the loss of your business. Websites are so important to business success and you don’t want to lose your entire website because it’s been hacked and all the information changed and corrupted. In such a case, it can literally take years to get your website back to where it used to be.


Backlinks, which are an important part of SEO, are links that come from other websites to yours. Good quality backlinks – which are often obtained because you have provided valuable information – are SEO gold dust. But high-value external sites aren’t likely to link to yours if your site isn’t secure and trustworthy.

So, now that we’ve established how important your site security is for SEO specifically, and for your business as a whole, let’s look at how to improve it and what to look out for.

How to make sure your website is safe and secure


Highlighting the HTTPS at the start of a website URL

All website ULRs start with HTTPS or HTTP. This small collection of characters is a vital part of why the website works. It links your browser with the server, and communicates between the two so that you’re shown a web page. Think of HTTP and HTTPS like a waiter in a restaurant. Without them carrying your food order to the kitchen and then bringing back your meal, you’d just be sitting looking at an empty table.

The ‘S’ stands for ‘secure’ – it tells you that any sensitive data will be encrypted before it’s transferred so that it remains secure and unreadable.

It used to be that websites only used HTTP to communicate. Without the additional security, all transferred data was sent as plain text and could theoretically be obtained and read by anyone with the appropriate know-how. When the ‘s’ was added, it became an important part of all reputable websites and a must-have for your SEO.

In fact, if you use HTTP instead of HTTPS, Google will warn users before they visit your site and will advise that they shouldn’t visit at all. It’s easy to see how that can be damaging to your website.

Fortunately, it’s fairly easy and cheap to go from HTTP to HTTPS. You just need an SSL certificate,  which can be bought from the same company you purchased your domain name. Your provider may then install it for you, or should give you steps for installing yourself.

WordPress plugins and themes

WPForms plugin on WordPress

If your site is built using WordPress, you’ll probably have a number of plugins installed, which can help improve the functionality of your site. Plugins are incredibly useful for taking a basic website up to a new level, but they can also be a problem for site security.

Plugins can have vulnerabilities, which can then be exploited by hackers to gain access to your website. The more plugins you install, the more likely it is that one of them will have a vulnerability. And plugins can still be vulnerable, even if they are inactive.

That’s not to say you shouldn’t have WordPress plugins on your website, but you should follow a few steps to make sure your site remains safe:

  1. Deactivate and uninstall all plugins that you no longer use.
  2. Reduce the number of plugins you use if possible. This not only lowers the likelihood of an attack, it can help speed up your site, which is also good for user experience and SEO.
  3. Only install plugins with a good reputation and that are regularly updated. Look at the reviews before you install, and check when the plugin was last updated. If it hasn’t been updated in months, then try and find an alternative.
  4. Update your plugins whenever the option is available.

The above is also true for WordPress themes.

Passwords and logging in

Login details for the backend of a website

A strong password can be the difference between a hacker accessing your site and giving up. Use a different, hard-to-guess password for everything, and avoid using the most common passwords.

If your website includes customer log-ins, you should also consider enforcing strong passwords for their accounts. This will help keep their data safe and help you demonstrate to Google that you take user trust seriously.

If you use a site like WordPress, consider changing the URL from the default. You can do this through plugins, and some hosts like GoDaddy will also have settings to allow this. By removing your login page from the usual, well-known URLs, you make it a little more difficult for hackers and spammers to get into your site.

Noopener links

When you create a link to an external site, you can add an extra element of security with a rel=“noopener” tag. This additional piece of code prevents the linked site from taking control of the linking page tab and redirecting it to a new page. Good sites shouldn’t use this tactic anyway, but if you’ve accidentally linked to an untrustworthy site – or to a site that was previously trustworthy but has been hacked – then it can reduce the chance of your user being redirected to a malicious page.

Fortunately, WordPress now automatically generates the tag, and most browsers will automatically add it. However, it’s good practice to add noopener tags to all your external links.

Spam comments

Spam comment received on a blog

If your blog or website allows users to add comments, beware of the spam bots! These add nonsense, spammy or malicious comments that usually link to dangerous sites. Receiving a few of these is annoying but pretty normal and won’t really affect your SEO. However, when the number of spam comments increases, it can send a signal to search engines that your site has lots of low-quality content, and that could result in you being penalised, even if you didn’t put the comments there.

Check your security settings and see who can post a comment and under what  circumstances. You can prevent users commenting unless they’re logged into an account, or you can manually check all comments and only approve those that look legitimate.

If you’re getting hundreds of comments, consider turning off the commenting functionality altogether, or making use of a system like reCAPTCHA.

Secure your local network

Cyber security isn’t all about what’s happening online: your local network is just as important. How secure is your laptop, your phone, your office? If you’re logged onto your website backend all the time and don’t have adequate security on your phone, someone could easily access your site by simply walking off with your mobile.

If you’re working with a team, make sure you have adequate security processes in place, and that everyone is aware of them, and receives regular refresher training.

Firewalls and anti virus

Firewalls and antiviruses can seem expensive, but they can be absolutely paramount to keeping your website secure. By screening and blocking potentially harmful traffic, downloads or behaviours, they are an invaluable tool.

Monitor behaviour

Google Analytics 4

Sometimes, the best way to identify an attack is to manually monitor it. Keep an eye on your search rankings, regularly check website content, look out for changes in user behaviour, and analyse your analytics.

If you see unusual changes, dig deeper to try and work out what might have happened. Prevention is, of course, better than a cure, but if you do fall victim to an attack, the sooner you can find it and address it, the fewer negative long-term effects you’re likely to experience.

Regularly backup data

If the worst does happen and your site is hacked, having taken regular backups can help you reduce the impact and get things back up and running as soon as possible. Lots of website hosts will now automatically back up data for you on a daily or weekly basis, but double-check this is the case to avoid nasty surprises down the line.

For particularly large and valuable sites, it’s also worth taking your own local backups.


Site security can directly impact your success in search engines such as Google because it directly impacts user experience and trust. Without appropriate security measures, you can lose the benefits of SEO and can end up damaging your business in a much wider context too. You can reduce the chances of an attack by following good cyber security practices such as using strong passwords and maintaining firewalls. If you do suffer an attack, reduce the effects by ensuring you have appropriate back-ups in place and by monitoring your site so that you can act quickly.

Share this post

Subscribe to my newsletter