With Equifax and many other household brand websites being hacked recently, hackers and hacking are all over the news. And Google is taking note as well, introducing some changes to secure website visitors, and to encourage webmasters to secure their sites. Let’s discuss those issues here.
Hackers are taking advantage of unprotected websites both large and small and every day new vulnerabilities are revealed and exploited. If a company like Equifax can be hacked then a WordPress site with little to no security in place is an easy target. It’s no longer a question of ‘if’ a site will be hacked but ‘when’. One reason hackers don’t differentiate between sites is most attacks are done automatically via bots which sniff out vulnerabilities. Hackers can exploit WordPress via routers, SQL database injections and through info sent via email (phishing) among other methods. If your website gets hacked it can be an expensive endeavor to fix and can often be cheaper and quicker to just start over. More information regarding WordPress hacks and the importance of proper security can be found here and here. If you are curious about why hackers target small business sites you can read more here.
HTTPS and SEO
Google is now giving websites with SSL certificates (HTTPS) priority in search results. There is a definite correlation between having an HTTPS website and rankings in the top 10 of Google. In other words, if a site is not secured with an SSL certificate it may/will fall in the Google search results. More info can be found here. The SEO for your site has to be handled carefully – it’s not JUST a SSL change, it has many SEO implications and most developers are not equipped to handle this.
Visible Security Signals
Google has announced that sites which are not SSL enabled will display a security warning. With recent highly publicized hacks in the media this can be a disconcerting and alarming signal to your visitors. Almost 50% of shoppers do not trust a website without some visual indicator of security. Site visitors are becoming more and more aware of security signals so it’s important to not give them any reason to doubt at any stage of the interaction. Studies have shown that not only does having an SSL certificate increase conversion rates but it also increases the average transaction value.
What We Can Do About It
Here are some actions we can take to mitigate all of these issues:
Project 1 – SSL Cert
Secure the site with an SSL Certificate and work with Google to communicate the switch. This will address issues A, B, and C from above. This mini-project is a medium-sized cost which should be compared with the cost of recovering from a hacked site which can range from $800 to over $4000 per hacked event.
Project 2 – Security MonitoringHaving a service that will sound an alarm and/or prevent a change when something suspicious occurs can minimize the hacking threat. The solution here is to introduce a more robust security monitoring tools. This will address issue A. This project involves a small monthly cost.
Project 3 – Monthly Backup and UpdatesWebsites that out of date with the latest WordPress release or theme update is far more vulnerable to hackers. The solution is a monthly backup and update service. This will address issue A. This project involves a small monthly cost.