Want to hack a website? I’ll show you how & tell you its impact on your SEO too
TL;DR
- Read this post, it is important!
- Want to do a little hack your self, go here
The Impact
When your website is hacked, the long term effect on your SEO is probably not the first thing to spring to mind.
At the time of an attack, your first priority, among other things, is likely the immediate loss of customers in the aftermath. After all, your users or customers feeling unsafe while using your site is very likely to put their chances of returning in the gutter.
This is certainly an urgent problem that needs to be addressed swiftly to minimise the fallout.
However, the long term impact on your SEO could potentially leave you with worse results, meaning you have to deal with much more than just the immediate shock to your business. This threat is very real. It’s an issue that needs to be among your top priorities should the worst happen.
That’s because, while SEO might slip your mind, it hasn’t for the legions of cybercriminals out there who are looking to exploit vulnerabilities within your system.
You probably think that the most likely reason a website gets hacked is in order to steal customers’ information. While this might still be up there as a high ranking motivation, hot on its heels is the number of websites being exploited for SEO spam.
Their reasoning is simple. Once a vulnerable site is hijacked, it can then be used to redirect customers to dangerous and malicious websites, which could cause serious damage for anyone who comes into contact with them.
I can’t think of a more sure-fire way of losing business.
The size of the problem
Many are under the impression that these kind of attacks rarely affect legitimate websites. You may believe that, while there may be a risk, it’s a fairly negligible one.
In other words, it’s easy to think that most websites are pretty much safe from being targeted in this way. This is unfortunately not the case.
According to stats from Symantec’s Internet Security Threat report in 2016, three quarters of all legitimate sites are vulnerable to attack, with a worrying 15% of them having critical issues. This means a cybercriminal could hack them with relative ease.
So what’s the long term risk?
While the immediate impact of a hack can be devastating, usually the problems can be contained if action is taken swiftly. With any luck, the amount of people directly affected can be kept to a minimum.
Your reputation is one of the most important facets of any enterprise, no matter what you do. If you are trusted, you will do more frequent and better business than if people have concerns about your reliability.
It’s simple common sense. If you have two restaurants both selling the same kind of food and you check online to find that one has significantly better feedback than the other, where you go for lunch becomes a no-brainer.
A bad reputation is one of the quickest ways to give your competition the advantage, and often, a decisive one.
How hacks affect your SEO
The impact of a hack on your online presence can be quite shocking in its speed and the scale of the damage it causes. The worst part is that it can continue for a very long time and, without action, can permanently scar your business’ potential.
How this happens is fairly straightforward. First off, Google will punish a site that has been attacked or is hosting malware by dropping your rankings
Your website is your storefront. Therefore, this kind of fall can be the equivalent of finding that your business has been moved from a busy high street to a largely deserted alley.
Web traffic will fall and undoubtedly, if this is allowed to continue, your sales and revenue will fall too.
But worse than this is Google’s penalisation for repeat offenders. If this is the case, you’ll be affected by a link beneath your URL in your Google listing. This states: “this site may be compromised”. That can do untold damage to your business. In some cases with a warning sign on your site to stop customers visiting your site.
If your rankings getting dropped is like a store being moved to a less desirable location, this is like having a giant health warning sign plastered all over your windows.
This is why we consider the long term SEO impact as damaging, if not more so, than the immediate impact. A single attack can quickly fade from people’s memories, but a drop in your rankings can make you invisible and a warning can actively etch that bad memory permanently into your customers’ minds.
So what can be done to prevent this from happening?
As is always the case, prevention is better than the cure. Learning the ways in which a hack can happen and the pragmatic steps you can take in order to keep your website as secure as possible is a much better alternative than dealing with the aftermath of a hack.
Remember also that the response from Google gets worse for those who are repeatedly attacked. So regardless of whether you’ve had issues in the past, understanding and improving the situation is always the right thing for your business.
The most common ways in which your website can be vulnerable
Knowing your enemy is always the first line of defence against those who wish to do you harm.
One of the easiest ways your site can be exploited is via its frontline Platform, these can be enterprise (such as AEM, Hybris etc ), open source (i.e. WordPress, Magento etc) or custom made. This is usually through exposed protocols(The URL of your website) via Remote Code Execution, SQL Injection or Local File Inclusion to name but a few of the most common examples.
From here, depending on the vulnerability the hacker can move through your code, database, find further vulnerabilities and then wreak havoc on your website in many ways such as adding malicious HTML code.
On Content management systems SQL injections are now one of the most common security issues around.
There’s also a potential opening in the form of access control. This actually covers a variety of things, including your log in server and hosting panel, as well as things like your social media accounts and your computer itself.
Along with this, there’s also the issue of third party services. They are by their nature beyond your control. You could find yourself vulnerable, not due to anything you’ve overlooked, but rather because of the services you use.
Migration: a particularly trying time
A time when you need to be extra careful is when your website is going through a period of migration in one form or another.
Due to increased pressure by Google for websites to adhere to tough safety standards, as well as to be mobile friendly, we’ve seen a massive upswing in SEO migration this year.
First of all, let’s explain exactly what we’re talking about here.
Migration comes in different forms. There are domain migrations, which are exactly what they sound like: a switch to a new domain due to company mergers, internal changes or any other issues.
This is already a risky endeavour in terms of SEO without any security issues, with some companies stretching this process out to avoid any crash in visibility.
Next up, there’s platform migrations. This is a technically tenuous time due to the amount of work involved potentially rebuilding databases and websites.
Finally, there’s protocol migration. These have been more and more at the forefront of the minds of many businesses, thanks to Google making https a minimum security standard, alongside encryption becoming more important in 2018 due to recent GDPR regulations.
So why is migration such a security weak spot?
Mistakes make websites vulnerable. Migrations are such a complex time for any website that things being overlooked simply becomes more likely. In many ways, these openings are an inevitable part of the process.
For example, leaving debugging reporting on, backup files from previous sites left open to everyone are just a few examples of how a migration can go south very quickly.
However, the situation is not helpless by any means. While you might be limited to what can be done after an attack, particularly if you get severely penalised by Google, there’s plenty that you can do beforehand.
Want to do a little hack your self?
Google is not just a search engine, it is also hackers best friend. Try typing intitle:”index of” backup.sql and see the results.
The results you are seeing are google indexing live websites backup files from their databases that they forgot to de-index, remove and restrict access to. Did I say this can happen when migrating?
If you want to know more of these commands, write in the comments box and i’ll write more of them for you 🙂
How to mitigate a hack and keep your SEO healthy
I wrote an article last year that lists a few things that you can do to mitigate the chances of you being hacked. But on the top of that we went ahead and built a cloud cyber security monitoring tool called CyberScanner that will come in handy to make sure you can monitor your websites and its cyber security health easily without the jargon.
What if you’ve already been attacked?
While your options are limited, there are still a few things you can do to avoid your SEO being affected any worse than is necessary.
First and foremost, you’ll need to let the host know you’ve been attacked as soon as possible so measures can be taken to avoid other customers being affected too. Put your website behind a WAF & DDoS protection platform such as Cloudflare.
Next up, you may need to take your site offline for a time. This is pure damage control. It prevents things getting more out of hand and additional time being needed to address the problem. But more importantly, from a reputation standpoint, it stops more customers from being affected or being made aware of malware on your website.
The next and most important step is finding out how you were hacked. Make sure your software platform is up to date if you are not on a custom platform.
Finally, you’ll need to complete a clean up process before getting back on track. Once this is done, you can have Google review your site to remove the warnings attached to it. Only do this once you’re sure the problem is solved.
If you have your your attack plan practiced and done correctly you should come through it with your reputation and your rankings relatively unscathed.
So what’s the lesson here?
In conclusion, what to take home from this is that hacks can damage your business in more ways than you probably thought possible, leaving you with further reaching and longer lasting consequences.
Ultimately, as in every other part of business, your success can usually be determined by the effort you put forth.
When dealing with security threats, things are no different. Don’t wait for an attack to occur before doing all the things necessary to keep yourself secure. Vigilance is the price paid for a healthy business.