I will use my main travel blog (Live Less Ordinary) as a case study here to highlight the need for a secure and up-to-date website. But more so the consequence of not having one. As I once near hit rock bottom due to lack of urgency as I preferred to prioritize travel over the maintenance and security of the website when it came to travel blogging. But I ultimately learnt the hard way from my mistakes, and, instead of “I’ll get round to it…”, I now prioritize website security over anything else. And I ensure all my websites in Bangor (as in this website) are safe and up-to-date.
The problem with blogging and managing websites is that tasks are pretty much endless, and problems, setbacks, hacking etc… are there on a daily basis. So no matter how strict you are in keeping up-to-date on ‘everything’, websites will evolve, continuously, and there will inevitably be a time for an overall overhaul of any website. And while this does depend on the overall function and importance of any website, I would set this at around 3-5 years.
Anyway, it was a busy month of travel when my main travel blog was first hacked, although this is only something I use to deflect from the overall neglect of my website (and income) at the time. But it was also a control issue, as I would always insist on having full control of my websites, and I would insist on learning everything to maintain them by troubleshooting everything problem I came across. This was in part to save money, but in hindsight, it would have been smarter, simpler, and a whole lot cheaper option to have just outsourced these essential functions to those who know them.
Prevention Will Always Beat the Cure
I always opted to invest time/money into the travel side of blogging. because a weekend in Langkawi will always beat an upgrade in website hosting etc. Until I near lose everything due to my own neglect. Anyway, prevention will forever be better than cure, and I only realised this when I opened my travel blog at the time, to find a red screen of death. The website had been hacked, it had been littered with malware, and the thousands of daily visitors were being turned away due to dangerous malware on the website.
I also documented the actions I made at the time, in part to share the learning curve of the ever-evolving maintenance and management of websites, but also for my own notes to help here. Anyway, I first noticed the problem when waiting to board a flight at Taoyuan Airport on our escape from the aftermath of Typhoon Soudelor in Taipei, Taiwan. I was travelling light at the time, and was forced to work off a brick of a smartphone, with no course to follow than hassle my affordable, but not so reliable, coder from Kerala. In short, it was a disaster. And for days my website was riddled with viruses,
There were many warning signs through the previous months, including a warning from WordPress about my PHP coding being outdated/vulnerable. Due to the rather rubbish hosting, I had at the time (PHP5.4 on GoDaddy). I also received an email from Envato, the supplier of my website template, saying the theme was no longer updated, and was now a security risk (“remove the theme from your installation”). In short, the warning signs were there, but I was ignoring them, in favour of stuffing my face with street food.
How Do Viruses Affect SEO
There is not a lot of certainly around the damage to search rankings when a website is hacked, and whether there is any direct penalty from Google itself. As many websites that have been backed have come back to see no impact whatsoever. However, the longer the viruses and malware exist on the website, the more damage they will have on SEO and search results.
In my case I saw a 30% drop in organic web traffic (which I) attributed to the loss of backlinks on my website. Backlinks have always been one of the most influential factors in ranking websites in search engines and SEO. Not because they drive traffic to a website, but because they show a vote of confidence and trust from others, meaning Google can trust them too. The more influential the website is linking back, the more value it offers in boosting confidence in the website and ultimately in Google’s search engine rankings too.
But every professional website will have a ‘broken link checker’ which notifies of any websites or webpages they link to that are either missing, erroneous or dangerous. Because linking to a non-existing or dangerous website in turn will damage their own ranking in search engines and SEO. So there will likely be no hesitation in removing the link along with the valuable authoritative link juice that it passes on.
1. Server Upgrades
I would have continued with my original (basic) GoDaddy Deluxe hosting were I able to update it and bring it into 2017. But anything they offered involved a price hike and still they were years behind the current recommendations (PHP5.6 at highest). So I had no option but to look elsewhere for hosting, and, inevitably, Siteground’s Go Geek package is the next step up for serious bloggers/websites. And it not only is one hell of an upgrade from previous GoDaddy (as I highlight throughout this article) but it’s more or less crafted for WordPress. There are of course many hosting providers for better for a range of hosting (check out www.consumersadvocate.org) but standby SiteGround to this day.
The prices to upgrade are very different, however, at around 3 times the price of my original GoDaddy hosting. But they also offer introductory prices of 60% to encourage websites to switch to them, and this introductory offer can be for up to 3 years. So instead of one year hosting, I realised three years up front, at the 60% offer, would more or less be the same price as my previous package through the same period. It does mean up front payment, but it also means I don’t have to worry about renewal for 3-years. Then when these 3-years were up I bought new SiteGround Go Geek hosting on the same introductory hosting price for 3-years up front and transferred all my websites over again.
2. Website Transfers
This was by far the most frustrating part of the upgrade, and this is not because it was hard to initiate or complete, but the transfer took near two days to copy across from my old GoDaddy Server to SiteGround. And, during this time, I was unable to add to the website or edit blogs or do anything really as I would only have been editing the old copy of my website on the GoDaddy site.
Otherwise it was ridiculously simple to do and it was free. I just phoned SiteGround’s support number, they initiated the transfer for me, and updated me through email tickets when it was ready with easy instructions to change the DNS (name servers) and the website was set to go. But it is this 24/7 support which I love about SiteGround, with free phone numbers and email tickets, to the extent where I may have abused the privileges to fine tune my website in the past week. So for issues I would normally research, or even pay developers to do for me, I was just phoning the support line and having them fixed in minutes.
3. Web Templates and Themes
Next would be the template update as it had long been a security risk and I had been warned to remove it from my installation. But this would be my 3rd template upgrade since the start of my travel blog, so I was familiar with what to do. Although it is still the most daunting part of any website upgrade given it involves a lot of work in learning and setting up a new theme. But I did play it safe to begin with by opting for a top-selling and highly rated theme from Theme Forest (SimpleMag). And these themes are generally easy to customize and work with as a frame to personalize your own website.
But I knew the website would be a complete mess until it is fully designed and completed, and while it is possible to create and customise a ‘child theme’ offline, I prefer to go in at the deep-end by loading it in live. As this means I don’t have the option of complacency. So I’d grab a few beers, and the clock starts ticking, as I’m forced to work straight through to the completion of the new fully functional website.
But it is rare that one theme is the same as the next, and transfer will almost always rely on a lot of searches through the theme’s instruction documents. And it’s a bit like building a furniture flat pack (maybe not), learning on the job, under pressure, and on this occasion the theme took around 5-hours in total before the website is fully functional with menus, plugins, widgets etc. And that’s me happy for the foreseeable future.
4. Speed Matters?
Again I am going to talk about SiteGround, as many of the upgrades I made were specifically through the hosting and server itself (this is in no way sponsored). But the slogan on their site is “Engineered for speed, built for security, crafted for WordPress” which kind of sums up everything I was looking for. And there are many benefits to cover. So speeds are said to be 4 time faster than other shared hosting because the Go Geek package hosts websites on a semi-dedicated servers. This more or less means that more server resources are dedicated to each user.
Speed is one benefit, and I did notice an immediate difference, although I didn’t set to prove it. And this also had to do with my server location, which I chose to be hosted in Singapore given Asia is where three-quarters of our web traffic comes from (it was previously in Amsterdam with GoDaddy). Then finally, with just one click on my SiteGround dashboard, I was able to upgrade the PHP scripting code to (PHP7), which in itself makes the website faster and more secure.
5. Caching and CDNs
Next is caching, which is more or less a copy of a website stored on servers around the world to make loading times a lot faster. At least when it comes to CDNs (Content Delivery Networks). For example, if my website is located on a server in Singapore it may take a while to load on a computer back in Bangor. And CDNs more or less create copies of the website on servers around the world to speed up load time.
Probably the best known CDN is Cloudflare, whereafter a few clicks on the SiteGround dashboard, I have Cloudfare CDN up and running for my website. And it more or less creates copies of my website on servers across the world, meaning my webpages should open at the same or similar speed all across the world, despite my server being in Singapore.
This is an optional feature built into the Siteground hosting, but it can also be added as a free plugin on WordPress at any time, and there are as well alternatives to Cloudflare. But with SiteGround it connects to its own caching system called SuperCacher, and this again helps cache the website locally and speeds up load times. But these are only simplifying options in a wide world of hosting and caching plugins including popular plugins like WP Total Cache and W3 Super Cache.
Then in WordPress itself I added a few additional plugins such as Autoptimize which compresses source code, and Ewww Image Optimizer which reduces file size for images (lossless compression), and lazy load, and each step speeds up the website load time. At the same time I personally do not see site-speed and load-time as major factors in SEO as the internet becomes increasingly faster.
6. Broken Links
I remember reading one single broken link can impact your website search engine rankings, which was kind of worrying considering my site had over one hundred broken links when I finally came to fix them. But what probably made this worse was that many of these broken links were pointing to another neglected website of mine (blame my permalinks and redirects) which in itself had more than a hundred broken links. So the situation was rather dire.
It is also very simple to correct on WordPress by installing just one quick Plugin (WP Broken Link Status Checker) and it lists all broken links. I then went through the list editing them one by one, which was ridiculously tedious, yet oddly rewarding, as I was finally correcting problems that I for so long put off. Anyway, I was dipping in and out of these changes over a week, on both websites, and then set regular email alerts for broken links in the future. As it is obviously smarter to maintain links on an ongoing basis.
7. Essential Backups
I always blamed the hack for the decline of my website, but really it was my own neglect, disinterest, and cheapness through the years. But things could have been a lot worse, as I recently heard of a friend’s network of websites being more or less deleted from his shared hosting due to viruses he had on just one of his sites. With no backup. So I even feel a bit fortunate for not losing it all. But this is no longer an issue, as with SiteGround (as with many hosting packages), it includes a daily backup of all websites at no additional cost.
So backups would likely be the most effective route to recovery from hacking and malware, as it’s simple just to revert back to a previous copy of the website, like before the hack had taken place. At the same time, to be extra cautious, I would not solely rely on hosting and servers to backup these crucial copies, and so I created my own backups online using cloud storage. And a simple way to do this is using the WordPress Plugin (Updraft Plus) which I have set to regularly upload backup copies to my Google Drive. Although any cloud storage works e.g. Dropbox etc
8. Website Encryption
Most hosting upgrades will include a free SSL Certificate which is needed to upgrade to HTTPS (from HTTP), which more or less means the website is is encrypted and a lot safer, where the S more or less stands for Secure. So it gets rid of that “not secure” sign found in the address bar of websites without the upgrade, as Google Chrome and other browsers flag non-HTTPS websites as not being secure.
There are occasional complications in the HTTPS upgrade, but it is essential, and I was fairly clueless when I first crossed over a website. At the time it involved a simple phone call and a ticket, then the Siteground folk had it sorted in under an hour. But there is an occasional problem with internal linking between HTTP and HTTPS which can be easily fixed with an ‘SSL Insecure Content Fixer’ plugin.
The Real Damage of being Hacked
Through the downtime of my website, I lost traffic and potential revenue which is never good. But this was merely the tip of an otherwise massive iceberg when it comes to backlinks. As when my site was marked with malware, any professional website linking to it would have been notified and, in turn, they would likely have removed any links to my site. Otherwise linking to an infected site will damage their own website and rankings. And while these things are hard to quantify I’d estimate that I may have lost around a year’s worth of work in collaboration and link building which is one of the most important and time-consuming parts of ranking and SEO.
There is also the reputation, and the website was hacked during a time when the internet was all about listicles like ‘Top 10 this’, and ‘Top 100 that’. Which made for handy resources for advertisers and marketers to search for influencers and blogs to collaborate and work with. I even (oddly) had the website ranked in the Top 10 travel blogs worldwide on a random blogger list only to have it quickly dropped from the entire list of 100. With no luck in getting it back.
The initial cost if I had chosen to manage and update the website would not have been much more than what I was spending at the time for out-of-date hosting, plugins, and overall website. In return, with the upgrade, the website loaded much faster and became a hell of a lot more secure. And while it is hard to value the overall impact on SEO and search engine visibility, I know for certain that my neglect at the time cost me 10 times what it would have to just outsource these critical functions at the time.