top of page
    • Jul 6, 2022

Why is website security important for SEO?

Updated: February 17, 2023

Author: Crystal Carter

graphic of an SSL certificate on an ecommerce page

Security is important for SEO and search rankings because website security is a core element of Google’s confirmed Page Experience ranking system and because security optimizations can have a holistic impact on your SEO performance. Improvements in this area tend to provide domain-wide SEO gains, rather than page by page, and can support your overall SEO efforts in five important ways:


01. Increased ranking signals for all pages across a site

02. Improved connection time between websites

03. Improved connection time across your site’s network

04. Building and maintaining link value

05. Improved trust signals for users


What is website security in SEO?


Speaking broadly, website security can cover many specialisms, including server configuration and managing hacking attacks. For the purposes of SEO, one should focus on website security elements that impact the connections to a website, the links within a website, and transactions taking place on a website. Taking this approach helps keep users safe and sends signals to Google that can influence rankings.


How proper website security can improve SEO


In addition to keeping your site’s data secure, robust website security can benefit your search visibility in the following ways:


01. Improves ranking signals for all pages on your site

In 2014, Google announced that it wanted to bring in “HTTPS Everywhere” to help users access the internet safely via more trustworthy websites. In line with that, it also introduced security as a search ranking factor. Google has since incorporated site security into its overall Page Experience ranking system and created the HTTPs Report in Google Search Console to help users monitor performance.


A screenshot of the GSC HTTPS report

When it comes to ranking on Bing, a poor level of security on your website may even block your site from being crawled and thus eligible for indexing. The Bing webmaster guidelines explain that “Bingbot has stopped crawling sites that only support RC4 cipher suites since Autumn 2015, as it has multiple vulnerabilities and [sic] deemed insecure.”


So, when you make an improvement to your website security, you are adding a beneficial ranking signal to every single page on your website. If you have a site with significant security issues, then improvements here may fall into the category of “quick wins” in that you may see some ranking improvements almost immediately after the updates have been made.


02. Faster connection time between websites

Top websites have top security. Teams at Facebook, Google, Amazon, and other high-profile websites have adopted and prioritized website security frameworks that help them reduce data transfer latency and vulnerability across their infrastructure. Using modern website security protocols like TLS 1.3, QUIC, and HTTP/3 allows them to deliver safe, secure experiences for their users.


If a user clicks a link on a high-security site to navigate to another site, when the servers make the connection, they will first try to do so via the same, high level of security. If this is not possible, they will try to connect via the next best option, and so on until they find the best connection. This means that if you have better security then connections can be made more quickly with more websites.


This speed advantage can contribute to shorter page loading times between websites for organic traffic, social, and PPC as part of well-balanced digital marketing activity. For instance, I have observed that (for an average website) clicks from Facebook ads can load two to six times slower than the site average. This can be a real challenge for people who are trying to use Facebook as an advertising method or as a regular stream of traffic to their site and can have a knock-on effect for brand visibility and, thus, organic growth as well.


03. Faster connection time across your site’s network

Modern websites very rarely exist on a single domain. Although people generally talk in terms of single websites, in actuality, what users often see is a patchwork collection of content coming from an assortment of websites, applications, iframes, widgets, and embeds, rendered on a single URL.


mix of web elements on a single webpage
A mix of web elements on a single web page.

For instance, a typical blog post on a site could potentially include content written on the blog itself, images served via a CDN, and embedded content from third-party platforms like YouTube or Twitter. Domain-wide, this network could include subdomains, ticketing apps, CRMs, social media feeds, live chat, review widgets and more.


Looking in the Chrome DevTools Network panel, you can see a sample of the security protocols and configurations that different elements present on a single page.


security protocols within chrome devtools

Each of the component parts of the website will have its own security setup. And, every time a user loads a page containing these elements, servers will need to make fresh, secure connections. When the level of security is more consistent, users experience fewer delays during loading and using the full mix of elements across a site.


Since site speed is part of Google’s Page Experience ranking system, efforts here can contribute to better SEO outcomes for the site overall (particularly if you’re in a highly competitive niche).


04. Build and maintain link value

If a site has a valid SSL certificate, then connections to the site should always be made via the https:// link and not via http:// link. Managing this does not need to involve sophisticated SEO tools, but maintaining good link hygiene can benefit SEO by:

  • Reducing risky, unsafe connections to your site

  • Reducing unnecessary redirects from the server that cause measurable page load delays and make crawling less efficient

  • Giving you more actionable data for your site because links are attributed to the appropriate channels, rather than being designated as “direct” in Google Analytics

  • Concentrating the value of backlinks on the https:// link


To review your internal links, you can run a simple site crawl using a tool, like Screaming Frog, and then update any links that are not https:// links.


The ability to filter your links in Screaming Frog.
The ability to filter your links in Screaming Frog.

For external links to your site, you should focus initially on the links in your immediate control. It is not uncommon for websites that have been around for 10 years or more to have old http:// links in social media profiles, directories, citations, and their Google Business Profiles. Where you have direct access to these pages, you should update the links to the correct https:// link.


It’s also a good idea to ensure that the teams that are actively distributing content (via PR or social media, for example) are doing so using the correct links.


05. Improve trust signals for users

Users may not even be able to access sites with poor security because they are blocked or discouraged by search engines, social media, and cloud hosting providers.


An example of a warning message for a low-security web page.
An example of a warning message for a low-security web page.

If users are getting these warnings for your site, then security is critical to your SEO success and to the value of your brand overall. Websites with these issues should be working to improve security as a matter of urgency.


Which security optimizations impact SEO?


Many believe that if you add an SSL to your site, you are fully secured—this is not the case. Though SSL is an important step, there are many more website security improvements that can affect SEO, such as:

  • Improving the quality of your SSL certificate chain to reduce verification delays

  • Enabling HTTP3 protocols

  • Reducing access to unsecured http connections

  • Upgrading to TLS 1.3


All this to say that security should be a core consideration when you are maintaining or building a website. Depending on the website configuration, site managers and SEOs can work with certificate authorities, server teams, hosting providers and developers to implement a suite of changes to improve security. Alternatively, when selecting a managed CMS partner, SEOs should choose a website provider that offers best-in-class website security with ongoing maintenance maintenance and support.

Wix’s security and compliance certifications.
Wix’s security and compliance certifications.

Web security at Wix

In Wix’s case, all users are supported by a dedicated security team made of industry-leading experts. These experts regularly test site infrastructure with external, independent researchers through initiatives, such as the Bug Bounty Program, and are constantly monitoring and optimizing our security solutions.


Wix users can get insights into their security framework by accessing the Uptime & Security Report.


ALT: A screenshot of the Wix uptime and security report, showing green checkmarks for the following security credentials: SSL certificate, TLS 1.3 encryption, DDoS protection, and level 1 PCI compliance.

However you choose to host your site, prioritizing security can have real benefits to your overall SEO activity. Beyond search visibility, it also helps to protect your users’ data, which can serve to build trust and turn those users into customers.


 
Crystal Carter

Crystal Carter - Head of SEO Communications, Wix

Crystal is an SEO & digital marketing professional with over 15 years of experience. Her global business clients have included Disney, McDonalds, and Tomy. An avid SEO communicator, her work has been featured at Google Search Central, Brighton SEO, Moz, DeepCrawl, Semrush, and more. Twitter | Linkedin


bottom of page