Website security is not only important for you as a website owner but also important for users accessing your website. And the Google algorithm takes this into account when deciding whether to rank your website or not. This is a simple but crucial step to ensure security and safety for your website. There are a few website security best practices you can implement below.
HTTP/HTTPS: You Need HTTPS
I’m not going to get super technical because you don’t need to know the entire backstory to get this down.
URLs are broken down into sections, and the beginning of the URL starts with either HTTP or HTTPS. For example, https://tooldigg.com.
Previously the standard option available was http, and so the website would have shown as http:tooldigg.com. However, in 2022 there using HTTPS for your websites adds a layer of security for everyone involved. Making it harder for security breaches and other acts of malicious behavior.
If your site uses http and not https, Google is less likely to show your website in the search results. That’s all you really need to know without going into the specifics.
If you try and go to a site that uses “http” the URL will show up like this:
And sometimes if the page is not secure it will provide a page that says the site is unsecured and you have to navigate that page in order to access the site. This is all bad and will not help your chances of ranking your webpage on Google.
How To Make Your Site HTTPS
- Buy an SSL Certificate OR see if your host provides it. Mostly, your website will be hosted by a provider such as Bluehost, Godaddy, Squarespace, etc. These hosts will often provide something called an SSL Certificate. An SSL certificate is a technology protocol that encrypts data. Basically, it adds security so hackers have a harder time with your website. If you add an SSL certificate, you will be serving HTTPS pages for the most part.
Bluehost includes this for you as per the picture below:
- Make sure your internal links are HTTPS instead of http. If you already have a website with multiple pages and links, then this will be a process. HOWEVER, there are automated options that will force anyone who clicks on an HTTP link over to your HTTPS more secure version of your site.
- Setup 301 redirects to go from HTTP to HTTPS. This catches all the stuff that doesn’t automatically switch over with the SSL certificate. What is a 301 redirect? When someone goes to a certain page on your site, they will automatically be taken to the specified page you want. For example, I could post a link to the http://tooldigg.com in this post, but if you click on that link, it will automatically take you to the https://tooldigg.com.
It is something you will add to either the code of your website or be able to do within a plugin/dashboard of your website. There are plugins where you can force all pages on your website to force https with one click. The plugin Easy HTTP Redirection will do this for WordPress sites that are using SSL already. It’s that simple.
If you started building your site with an SSL certificate from day 1 then you will not have to do any redirects and it everything will automatically go to HTTPS without any 301 redirects.
See how my agency can drive massive amounts of traffic to your website
SEO – Unlock massive amounts of SEO traffic. See real results.
Content Marketing – Our team creates epic content that will get shared, get links, and attract traffic.
How To Check If Your Website Is Safe/Secure?
Google has a number of tools that will tell if your site is safe or secure. One of those tools is their Safe Browsing Site Status tool. If your web page is secure and safe it will show up like this:
You can also check to the left of the web address or the URL if there are security icons present. The security icons looks like this:
- Info or Not secure
- Not secure or Dangerous
You can also check the Google Search Console for security actions against your web pages or your website in general.
Use A CDN Like CloudFlare For Extra Security
CDN stands for Content Delivery Network. CloudFlare can be a completely free service. They have 155 data centers around the globe. Not only will it add security to your website, it can increase the user experience by reducing page load times.
CloudFlare or a CDN will download a copy of your website and make it so when a user load one of your pages, it comes from the closest possible data center. They download it ahead if time and distribute this version of your website to all of their data centers.
If you use a CDN like CloudFlare, malicious software or hackers won’t be able to tell what your original nameservers are, which adds a layer of security. This makes it harder to hack your website.
All of their locations add extra layers of DDOS protection as well. DDoS stands for distributed denial-of-service. Making it more difficult to be susceptible to a cyber attack for your website.
I always use a CDN and usually use CloudFlare because it’s free and high-quality.
In conclusion, you should talk to your host about the SSL certificate for your website. Many times they can do it for you for free. Bluehost does this for me. Check and make sure you have one with the various methods described. And you should definitely take the time to 301 redirect http pages to HTTPS.