SecurityTrails Blog · Jan 07 · by Esteban Borges

How Cybersecurity Affects SEO

Reading time: 14 minutes

In today's digital world, SEO is now as important as any work performed by sales or engineering departments.

Almost all of today's companies have onsite SEO interns, or a remote SEO team assembled within their permanent staff. That's because the higher you rank in Google, the more chances your products, services and 'content' will be discovered by visitors. With discovery comes traffic, and with traffic often comes new customers and sales.

Some companies have big SEO teams that take care of all involved SEO responsibilities such as keyword research, content strategy, link building, negative SEO, penalization analysis and recovery, and much more.

But even while digital companies prioritize their investment in SEO, they tend to lose sight of something really important: cybersecurity.

In this article, we'll explore how cybersecurity affects SEO, and why the digital security of your website, apps, and servers should be always part of your business plan.

What happens when you get hacked?

There are a lot of scenarios where you may be affected by a security breach. Some include hacking the database you're using, others the DNS and HTTP servers, and others involve direct root compromise over SSH.

In all these types of hacks, your corporate website may be directly hit. That means crackers can:

  • Redirect your traffic to 3rd party servers
  • Cause massive 404 errors across your website
  • Generate internal server errors (known as error 50X)
  • Infect your website with malicious code, spreading infections to all your visitors
  • Cause a data breach, compromising credit cards and sensitive personal information from your customers
  • Setup phishing domains or perform a subdomain takeover attack in order to trick visitors

Something to keep in mind: not only can hacks be performed against apps, services and servers, they can also target domain names. The most common attack against domains is 'domain hijacking', which basically consists of taking control over your domain name at registrar level.

The consequences of a security breach can be huge. Many companies don't even recover after a sizable security compromise, and have to close their businesses.

These consequences may include:

  • Website downtime: After a hacker attack, downtime is one of the most common consequences, especially when a direct server compromise or massive DDoS is involved.

    This not only affects your own access to your platform, but also your customers' access to your services and data.

  • Website-related file loss: Once they've gained access to your SSH or FTP server, malicious attackers can modify or delete your website files and database data, causing massive errors across your online platforms.

  • Customer data loss: A lot of companies save personal and sensitive data from their customers, such as names, addresses, telephone numbers, emails, passwords, bank account and credit card numbers, and more. This is one of the top areas crackers may plunder when compromising your databases.

    The consequences of this type of data breach—for both company and customers—can be devastating, depending on how much information the attackers obtain.

  • Reputation damage: Apart from technical consequences, the worst thing that can happen after a cybersecurity breach may be how much your reputation is damaged after the incident. This includes losing trust from your customers, investors, financial institutions that work with you, and others.

    Your online brand can become a negative company on any given day, something that is truly difficult to reverse. A lot of your competition waits for you to make a mistake—so they can take advantage of it.

How cybersecurity affects your site's SEO rankings

404 Errors

"Error 404 - Content not found" is one of the most commonly seen error messages on the Internet. It basically means that the content that used to be there wasn't found; therefore, it's missing. You know it when you visit the URL, but web crawlers such as Google also notice this kind of error, and that's when the problems begin.

While Google is a bit permissive with 404 errors, they can become a major SEO stumbling block when they're attached to your site for a long time.

Crackers often delete web files and pages, which leads to isolated or even massive 404 errors across your website.


Downtime is one of the worst nightmares of any website owner, whether of a small website, ecommerce store, or multi-million dollar organization. We never want our sites to be down.

Because downtime means that your content, products and services are no longer online for your new or recurring customers, this can be a great opportunity for your competition to offer whatever you're missing.

From the 'enterprise' point of view it's clear that losing customers or new sales during downtime is not good at all, sometimes even tragic.. Depending on the type of attack you recieve, downtime can last hours, days or even weeks in the worst of scenarios.

When it comes to SEO, having your site online and running well and ready for web-crawlers is always a goal. For Googlebot to come crawling to your site only to find every single one of your pages down is a critical issue. It may return later—Google won't drop your rankings instantly, and will try re-crawling on the same day to see if the site is back up—but hours or days of downtime can be serious. It determines the level of SERP (Search Engine Results Page) dropdown your site will experience.

That means that Google will not drop you from its index, but it may move your main keywords to lower levels while waiting for you to recover from downtime. Matt Cuts once said that one day of downtime is not a big deal, but after a few years tracking SERPs on different niches and languages, we know from experience that after 8 hours of downtime, SERPs may drop a site by about 35%, depending on how solid the keywords are. And results usually won't come back until Google performs a new SERP update.

SEO Penalties

Hacked websites are dangerous, and Google wants to prevent people from getting damaged by visiting suspicious websites.

Long term SEO penalizations after hacking are a cruel reality you may have to face if part or all of your online presence gets compromised. Let's imagine for a moment that a malicious actor gets into your servers, and starts distributing malware, virus or, unwanted downloads. Having been screwed up this much, your site will be less desirable to visit… and Google's keeping track of this.

Browser Blacklisting

Sometimes, attackers will inject your pages with HTML, JS or PHP redirect codes, causing them to be permanently redirected to malicious phishing URLs, or to sites that spread virus or malware to your visitors.

This will ultimately make you manually or automatically blacklisted, sometimes without you even noticing the hack until it’s too late.

SafeBrowsing is one of the mechanisms that helps browsers to identify suspicious content across the Internet, and if you are infected with malicious code or redirected to a 3rd party non-safe website, you’ll probably end up on this blocking list that prevents your visitors from browsing your site normally.

What can you do to increase cybersecurity and avoid SEO issues?

Audit your website security

  • Scan your site with vulnerability scanners: In order to harden your app, you first have to know how solid your website is in terms of vulnerabilities and critical security bugs. Your best bet is to use an online vulnerability scanning tool.

    Once you have the results, you can get to work on hardening your website.

  • Scan your code with malware-scanning tools: After performing the vulnerability scan, there's another thing that's mandatory for auditing your website's security. That's running a full in-depth scan throughout the code.

    You can use online utilities for this, or a server-side malware scanner, which is often the most reliable method. Excellent tools such as CXS, Maldet and ClamAV can help.

    You can also check your site with free online tools like Sucuri or VirusTotal.

  • Harden your website security: Once you've found vulnerabilities or malicious code in your apps, it's time to take action. This is essential, whether you build your website from scratch using 3rd party libraries or you write your own. Our best advice is to always adopt and follow a defensive coding approach.

    And if you're using a CMS, there are thousands of hardening guides for every CMS on earth, whether you're using Drupal, Joomla or Wordpress. The last is one of the most popular targets for attackers worldwide.

    Wordpress powers a huge portion of the websites currently online, and there's a big chance that your entire website infrastructure, or part of it, is built based on this CMS. If you're using it, increasing Wordpress security should be an essential part of your cybersecurity plans.

Audit your server and network security

  • Update your system packages: Whether you're using Windows, Linux or Unix, a golden rule for all operating systems is to keep your system packages updated. This will protect against most critical security bugs on both kernel and general OS packages.

  • Use a system firewall: Generally, the second best advice we can give you to increase your server security is to use a firewall. A firewall is the shield that prevents unauthorized access to and from the Internet, a private network, or both.

    Whether you're using a hardware-based firewall or a software firewall, it will help you monitor network packets, filtering all the things that may hurt your box and allow only what you really want inside your network. If you own a VPS, cloud server or bare-metal server, installing and properly configuring a system firewall is one of the most basic of things for you to do.

  • Use an intrusion detection system (IDS): The main purpose of this kind of defensive software is to prevent and detect intrusion attempts to your network or servers.

    While it works by detecting malicious patterns that could potentially intrude upon your systems, it also works by blocking all such attempts. An IDS uses one or more attack signature databases, which store common patterns for several types of intrusion attacks. Once it detects a suspicious event, it will block it and alert system administrators to it.

  • Use a file integrity monitoring (FIM) daemon: This type of defensive software runs on backend servers and lets you monitor, control and detect changes in files that may be part of a cybersecurity attack.

    Once it's installed, this software will create a database of the current state of the files as a start point, and begin monitoring any changes made to them, as well as who changed them and when, and provide the best suggestions toward restoring any file if found modified by a malicious unauthorized user. When file-upload defensive policies fail, FIM tools are the second layer that will help you detect malicious code, URL redirections, backdoors, trojans and more.

  • Check system service logs: Since the early days of system administration, checking system logs is a must for network and system security. When dealing with an attack, system and service logs are often the most overlooked source of data. In truth, they can share valuable information to help detect attack origins, vulnerabilities, impact over modified files, databases and much more.

    They're also a great way to learn how the bad guys try to get into your box, as seen in our article about the Top 20 Honeypots for Detecting Network Threats.

  • Install a malware and virus scanner: As we've told you before, scan your files, over and over. Most of the top-ranked scanners, for performance and tweak reasons, are the ones installed on the server side. Having a malware scanner running scheduled scans and reporting day-today will help you detect infections quickly. If you want to stay one step ahead, you can also configure the scanner to inspect any file uploads to the server, and quarantine them before they become a real threat.

Audit your attack surface area

Most people only look into the website and server-side areas when hardening their cybersecurity. They tend to overlook what's called the attack surface area, the third layer missing on most hardening processes.

When it comes to analyzing your attack surface area, we can include several tasks that will yield critical and normally unseen data from all your online assets.

For this purpose, we will use our Attack Surface Intelligence tool, which will give you instant access to this sensitive information within seconds.

While analyzing the attack surface of your company, there are a few things to keep in mind:

  • Find subdomains: The art of finding subdomains is something we've mastered over the years, and it's now included in all our products.

    From this interface, you'll be able to find all the subdomains from any of your apex domain names, helping you discover old and unused subdomains created for dev projects, tests, temporary apps, old name servers, and much more.

    This type of intelligence data can help you create a full subdomain map and analyze and delete the ones you don't need. This will allow you to reduce your attack surface and prevent popular DNS attacks that involve stale DNS records.

  • Perform a full domain enumeration and IP block mapping: Creating a virtual map of all your online assets is one of the most worthwhile things you can do for all your domain names. This gives you the visibility you need to explore records one-by-one from the DNS server at the terminal.

    Our Attack Surface Intelligence tool offers an effective solution, letting you access all your domains and IPs in mere seconds:

    ASI tool let you access all your domains and IP

    By combining this with a full IP block lookup, we will not only see the main trees but the entire forest, ordered by IP with full details about geolocation, ASN, IP usage, reputation, web hosting provider, rDNS and forward DNS:

    ip block lookup
  • Perform a massive open port scan: Open ports are always important, and while they're not a direct sign of vulnerability, unpatched or vulnerable services running on those ports may become a silent threat sooner or later. ASI offers you the ability to discover exposed open ports and services, giving you access to the big picture across your entire IP infrastructure, as you can see below!

    discover exposed open ports

    Not only does our technology give you the port number and service name, it checks for the remote software version as well. And if this isn't enough for you, we also offer full historical TCP and UDP port history, as shown in the following screenshot:

    remote software version
  • User-agent inspection: What are the devices related to this IP address? To answer this question, we keep a record of all the connected devices that have interacted with this host. The Devices sub-tab lets you jump directly into all this data, and filter it by user-agent or date.

    Once you click on any device, you'll get all the information related to that device:

    devices related ip address
  • Analyze your SSL certificates: SSL certificates play a critical role in cybersecurity, and something we notice every day is the huge amount of expired SSL certificates. People purchase massive amounts of SSL certificates. They also tend to forget to renew a lot of them, leaving critical areas unencrypted. With ASI, you get the chance to obtain full SSL data including SSL scope, locality name, state/province, organization name, common name, country and organizational unit name:

    devices related ip address

    You'll also get the exact expiration date, which is critical for keeping your website information encrypted at all times.

    And that's not all. We offer you the full SSL by domain data, so you can easily know how many SSL certificates you have for each domain name at all times.


Businesses rely on implementing great SEO strategies to attract traffic and generate profits.

For Google and other search engines, filling your site with great content is by no means your only priority; you'll also want to offer the best user experience possible. Not only does that include responsive design with close attention to buttons, text, layouts and font sizes and styles, it also includes the security of your site.

In 2014, Google announced 'HTTPS as a Ranking Signal', creating a revolution that caused the mass adoption of SSL certificates for all types of websites. Also, Google SafeBrowsing and the new 'security issues' option placed within the Google Search console are part of the SEO toolkit that helps you find and fix hacking and malware on your website.

In 2021, it's more than clear that Google wants secure websites among their top rankings.

Fortunately, you have options for preventing your online assets from getting hit by malicious actors.

Get started today! Perform a full server, network and IP audit with Attack Surface Intelligence - ASI, the ultimate infrastructure surface analyzer, and reveal all the critical exposed data you're sharing on the Internet. Contact our sales team for more information.

Esteban Borges Blog Author

Esteban is a seasoned cybersecurity specialist, and marketing manager with nearly 20 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.

Subscribe to the SecurityTrails newsletter
Sign up for our newsletter today!

Get the best cybersec research, news, tools,
and interviews with industry leaders