On October 21st (2016) we witnessed one of the largest online DDoS (Distributed Denial of Service) attacks ever.
Hackers targeted Dyn, a US-based company that hosts domain name systems. This in turn affected a large number of popular websites and services, including Spotify, Twitter, Survey Monkey, Netflix, and Eve Online. It’s thought that hackers were able to utilise millions of internet enabled devices (IoT items) to execute the mass-DDoS attack.
GOV.UK is intermittently unavailable for some users, along with many other major sites. We hope to be fully back online soon.
— GOV UK (@GOVUK) October 21, 2016
A DDoS attack works by overloading the target server with excessive requests, similar to when tickets for a major concert or film go on sale and everyone rushes online to purchase them; the servers can’t handle that many requests at once.
This process requires a lot of internet-enabled devices (hence the ‘Distributed’ part of the acronym) and is usually achieved by the hacker using malicious bots. The problem is also exacerbated during the attack through genuine users attempting to connect to the site or service, and then hitting refresh when it doesn’t load first time.
DDoS is just one of a number of ways in which malicious users can affect a website, all of which have a negative impact on your SEO, so it’s important that your website is secure.
Why is cyber security important for SEO?
Internet security and privacy is becoming an increasingly prevalent topic within mainstream media, and is the focus of some significant campaigns as more and more people are falling victim to various online scams.
Security has also been enforced by Google, who recently started to warn users that they are visiting a website that doesn’t have an SSL (Secure Socket Layer) Certificate, and that their connection may not be secure.
Google also labels websites within it’s search engine results pages that may have been hacked – warning users in advance before they click through:
While this is great for users, as a Webmaster you can expect your click-through rate to plummet and it could take weeks to make a full recovery.
While there are a number of ways you can be hacked, one of the most common is known as Pharma Hacking, where hackers infiltrate your website and create pages and content for various products (the most common of which being pharmaceuticals and sportswear, hence the name) and trying to use your domain’s authority to rank for those terms within organic search.
Rebuilding trust with Google is not something that happens overnight and if your website is an integral part of your business’s long term success, it’s better to be proactive rather than reactive.
Protecting my website from hacks
Below are just some of the things you can do to help protect your website, your users’ personal information, and maybe even your business’s private information.
Install software and plugin updates immediately
It can be annoying, time consuming, and very easy to ignore – but these updates are released for a reason. Hackers know that a lot of people put off updating plugins and software, so they create malware or spammy code to target the bugs that these updates fix.
These will then affect any sites using the software or plugins that haven’t yet updated.
Backup your website
It won’t prevent a hack, but if your site is compromised, having a backup of it will be invaluable. There are plugins available for WordPress sites that can automate the backup process.
It’s also imperative that your backups are stored on different servers to your main site.
Go behind a WAF (Web Application Firewall)
Just like old school & ordinary firewalls that protected your computers from unexpected incomings, WAFs do a very similar thing: they protect your website from hackers by blocking unwanted incoming connections to your website. WAFs sit right in front of your website and detect hacking patterns & attempts. Once detected, those connections are blocked from accessing your site, to prevent damage.
Develop your site with security in mind
A lot of highly skilled web developers still leave some security exploits on websites, almost always unintentionally.
Consulting with cyber security experts during your build can be invaluable, as well as adopting good practices such as complex usernames and passwords, limiting the number of incorrect login attempts, and never sending an email containing both username and password.