Site Security: Steps To Follow For Securing Your Site…

Does your site display a clear security padlock for all browsers to see?

Or, does your site put a ‘Not Secure’ warning in front of those who land on your site?

If the latter is true, securing your site should be at the top of your to-do list.

Having a non-secure site puts your business at a severe disadvantage.

It plants a seed of doubt for browsers about your business’ legitimacy.

What’s more, it can significantly limit your chances at ranking in the Google search results.

Here’s some technical advice, to help you take your site from ‘Not Secure’ to ‘Secure’ in a few simple steps.

Site security is by no means difficult to manage, yet can have huge benefits for your online reputation and conversion rates, so don’t just brush the issue under the carpet and hope for the best.

So, what does it mean if a site is ‘Not Secure’?

Your site will display as ‘Not Secure’ if the information contained, received, or sent by your site is unprotected. If this is the case, any information is at risk of being accessed by third-parties, such as governments, or worse, hackers.

See below the icons that Google uses to identify a site security status to browsers. The end goal is to have a clear padlock next to your site’s URL, putting both you and your site visitors at ease. 

icons showing site security

Why is your site unprotected? If you’re using the wrong protocol to gain a connection, your site’s information is not secure. 

Back in the day, sites used what was called a ‘HTTP’ (Hypertext Transfer Protocol) to gain a strong and secure connection. This has changed with the times, and so should your site. 

These days, sites should all gain their connections using ‘HTTPS’ (Hypertext Transfer Protocol Secure). Why? Data sent using this protocol is completely protected and encrypted using a TLS (Transport Layer Security) – so no third-parties can get hold of information sent by your site.

Why is site security so important?

For your site to offer a completely enjoyable and safe user experience, your site must use a secure HTTPS protocol. Without it, browsers have no way of knowing whether your site can be trusted or if it is safe to enter any personal details.

Having the trusty padlock at the top of your site eliminates the worry people may have about whether your site/business can be trusted, which has the potential to prevent them from handing over any personal or payment details.

Your site’s user journey simply must be completely smooth, with all potential obstacles removed, if you want to reach (and exceed) your conversion targets.

Doubt in the minds of your target consumer’s will inevitably lead to less conversions, so get your site security sorted fast. 

bigfoot site security

Take a look at the Bigfoot Digital site above, for example. We place huge importance on ensuring complete site security. There is a clear padlock next to our URL, which shows the connection is secure – this is consistent across our entire site.

Don’t let the security and hosting of your site drive any valuable website traffic away and limit your ranking opportunities.

How can you secure your site?

You need to switch your site’s connection protocol from the outdated HTTP to the new HTTPS. It’s not as simple as adding ‘https://’ in front of your URL and hoping for the best – unfortunately.

1. Make sure your site uses a dedicated IP address.

First, your site needs its own dedicated IP address from which to make a connection. This should be completely specific to your business and your location. By sharing an IP address with other sites, you are essentially putting your site’s information and potential customers’ data at risk of being accessed. It’s not worth it.

2. Buy and activate an SSL certificate.

Next up, you will need to buy, activate, and install an SSL certificate for your site. These certificates put the ‘s’ in HTTPS. They are a completely individual set of numbers/letters unique to your site, that are used as a type of digital password to access a secure HTTPS connection.

Always buy your SSL certificates from one of the reputable and trusted Certificate Authorities (CA) out there. You don’t want your site to end up being penalised if your certificate isn’t recognised or approved – and you don’t want to waste your money.

The size and nature of your business will affect the type of SSL you need. For example, if your business has multiple domains or subdomains, make sure you opt for a certificate that covers all of these.

3. Update all pages on your site to HTTPS.

Once your certificate is all set up, you will need to update your entire site to use the secure HTTPS connection. Definitely use HTTPS connections for all the pages on your site, rather than only a select few, if you want this to really benefit your rankings and conversion rates.

There are a number of ways to make sure that only secure connection requests are made site-wide. Firstly, use a 301 redirect to point all incoming insecure traffic to your HTTPS connection.

Next, strengthen your certificate by adding HSTS (HTTP Strict Transport Security) response headers across the site. This goes one step further than a redirect by changing a connection request to HTTPS before it’s even made, to provide absolute security and further benefit your chances at ranking.

4. Fix any insecure resources on your site.

Do you have any images, videos, or other media embedded onto your site? The chances are that you do. In which case, these may have been originally placed using an insecure connection. If you’re feeling technical, head to the back-end of your site and change the scheme of these resources from HTTP to HTTPS – or ask your web team to help you out.

For example, all embedded images should be available using a secure connection, as ours shows below, with a clear padlock.

secure site image

5. Allow Google to index all necessary pages.

Last but not least, you need to make sure that Google bots can actually find and index your pages. If you’ve previously added robots.txt or ‘noindex’ metatags to any of your pages that you want to rank, make sure these are removed, or all the hard work gone into securing your site will go to waste!

Use Google’s URL Inspection tool to check that each page on your site can be indexed. Plus, you can go one step further and request for URLs to be indexed that Google may not have come across yet.

Now understand why you need site security?

Securing a site is highly important yet something that a lot of businesses may not have considered.

Buying and installing an SSL certificate is really all it takes to have a site that your target market feel at ease using and that Google will deem more legitimate in the rankings.

We recommend buying your SSL certificate from a source you can trust and working with a web professional to have this installed across your site, to avoid wasting any money or resources.

If you would like our support in doing so, we’d love to help! You can reach Bigfoot Digital directly on 01227 720 755 or drop us an email to enquiries@bigfootdigital.co.uk.