Skip to main content
Back to blog

SEO Itọsọna Igbese 7: Aabo — Iwọn ipilẹ ti Google nireti ni 2026

·14 min read·by LANGR SEO

SEO Itọsọna Igbese 7: Aabo

Eyi ni Igbese 7 ti Itọsọna SEO Igbese 13. Aabo kii ṣe nipa aabo awọn olumulo nikan — o ni ipa taara lori ipo àwárí rẹ. Google ti lo HTTPS gẹgẹ bi idaniloju ipo lati 2014, ati ireti ti nyara lati dide.

Ọpọlọpọ awọn oniwun aaye wo aabo gẹgẹ bi nkan meji: "A ni SSL, nitorina a ni aabo." Ni otitọ, Google ṣe ayẹwo ọgọrọ awọn ami aabo. Awọn aaye pẹlu awọn akọle aabo to pe, awọn iwe-ẹri to wulo, ati pe ko si akoonu adalu kọja awọn aaye ti o ni iwe-ẹri SSL ipilẹ — gbogbo ohun miiran jẹ deede.

Iroyin to dara: ọpọlọpọ awọn atunṣe aabo jẹ awọn iṣeto igba kan. Ṣeto wọn lẹkan, ati pe wọn yoo daabobo ipo rẹ laelae.

Iṣeto SSL

SSL (ni imọ-ẹrọ TLS) n ṣe ifipamọ asopọ laarin olupin rẹ ati awọn alejo. Lati 2014, Google ti jẹri HTTPS gẹgẹ bi ami ipo. Ni 2026, ko ni HTTPS kii ṣe iṣoro ipo nikan — Chrome ṣe aami awọn aaye HTTP gẹgẹbi "Ko ni Aabo" ninu bar adirẹsi, o ṣẹda ibajẹ igbẹkẹle olumulo.

Awọn ibeere fun SSL to pe:

| Ibeere | Kí ló ń túmọ̀sí | Bawo ni a ṣe le ṣayẹwo | |---------|----------------|--------------------------| | iwe-ẹri to wulo | Ti pari = ikilọ ànà awin = awọn olumulo ti n bounci | Ṣayẹwo ọjọ ipari | | Ọkọ pipe | Awọn ẹchain ti ko pari kuna lori diẹ ninu awọn ẹrọ | Igbesẹ SSL Labs | | TLS 1.2+ | Awọn ẹya atijọ ni awọn ailagbara to mọ | Igbesẹ SSL Labs | | Ko si SHA-1 | Ti kọ, awọn aṣawakiri kọ ọ | Alaye iwe-ẹri | | San coverage | www ati non-www gbọdọ bo mejeeji | Alaye iwe-ẹri | | Aifọwọyi-itọju | Yago fun awọn ajalu ipari | Jẹ ki a dá / iṣeto olupese |

Iṣiro SSL:

100% = Iwe-ẹri to wulo + Ọkọ pipe + TLS 1.3 + Cipher to lagbara + Aifọwọyi-itọju
  0% = Iwe-ẹri ti pari tabi ti a ko ri

Awọn aṣiṣe SSL ti o wọpọ:

  1. Iwe-ẹri ti n pari laisi ikilọ — Ṣeto iṣakoso (Igbese 6) ni awọn ọjọ mẹta ṣaaju ki ipari
  2. Ọkọ iwe-ẹri ti ko pari — Olupin gbọdọ fi iwe-ẹri arin, kii ṣe eya nikan
  3. Akunya akoonu adalu — Oju-iwe HTTPS n gbe awọn orisun HTTP (awọn aworan, awọn iwe afọwọkọ, awọn ara)
  4. Awọn ẹgbẹ itankalẹ — HTTP → HTTPS → HTTP awọn iyipo ti o fa nipasẹ CDN/proxy ti a ko ṣe iṣeto daradara
  5. Asopọ ko-www versus www — Iwe-ẹri bo ọkan ṣugbọn kii ṣe ekeji

Wins yara: Gba aaye rẹ nipasẹ SSL Labs (ssllabs.com/ssltest). Ohun miiran ti o wa ni isalẹ "A" ni awọn ọran to le ṣiṣẹ. Ọpọlọpọ awọn olupese iṣ hosting yanju wọnyi pẹlu bọtịn kan.

Awọn Akojọ Aabo

Awọn akọle aabo jẹ awọn akọle idahun HTTP ti o paṣẹ awọn aṣawakiri bi a ṣe le ṣe nigba ti o n gbe aaye rẹ. Wọn dènà gbogbo awọn ẹka ikọlu — ati awọn crawlers Google n ṣayẹwo fun wọn.

Awọn akọle aabo pataki:

Atilẹba Aabo akoonu (CSP)

CSP ni akọle aabo ti o lagbara julọ. O sọ fun awọn aṣawakiri gangan awọn orisun wo (awọn iwe afọwọkọ, awọn ara, awọn aworan, awọn fonutologbolori) ti o gba laaye lati gbe lori awọn oju-iwe rẹ.

Atilẹba Aabo akoonu: default-src 'self'; script-src 'self' https://cdn.example.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.example.com; frame-ancestors 'none';

Ohun ti CSP dènà:

  • Iṣẹ-ṣiṣe kọja aaye (XSS) ikọlu
  • Ikọlu itankalẹ data
  • Clickjacking (nipasẹ frame-ancestors)
  • Iṣẹ iwe afọwọkọ ti a ko gba laaye (cryptominers, ad injectors)

Ilana gbigba CSP:

  1. Bẹrẹ pẹlu Content-Security-Policy-Report-Only (kọ awọn ihamọ laisi dènà)
  2. Ṣayẹwo awọn iroyin fun ọsẹ 1-2
  3. Fi orisun ti o wulo ṣe ẹlẹgbẹ
  4. Yipada si ipo imuse
  5. Fi report-uri tabi report-to kun fun gbigba ìkànsí ihamọ

X-Frame-Options

Dènà aaye rẹ lati fi han ni awọn iframes lori awọn agbegbe miiran (aabo clickjacking).

X-Frame-Options: DENY

Tabi ti o ba nilo lati gba ifamisi-irọrun kanna:

X-Frame-Options: SAMEORIGIN

X-Content-Type-Options

Dènà awọn aṣawakiri lati ṣe MIME-type sniffing (tí wọn fi fa awọn faili gege bi awọn oriṣi to yatọ si ti a kede).

X-Content-Type-Options: nosniff

Eyi dènà awọn ikolu ibiti faili .jpg ni JavaScript ti n farada ti aṣawakiri le ṣe.

Referrer-Policy

Ṣakoso iye alaye referrer ti a fi ranṣẹ nigba ti awọn olumulo ba tẹ awọn ọna asopọ lati aaye rẹ.

Referrer-Policy: strict-origin-when-cross-origin

Eyi n firanṣẹ URL kikun fun awọn ibeere iwọn kanna ṣugbọn nikan orisun (agbegbe) fun awọn ibeere iwọn aabo. Ṣe iwọntunwọnsi awọn aini analytics pẹlu aṣiri.

Permissions-Policy

Ṣakoso iru awọn ẹya ẹrọ aṣawakiri (kamẹra, mikrofonu, geolocation, ati bẹbẹ lọ) ti o le ṣee lo lori aaye rẹ.

Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=()

Idinwo awọn ẹya ti o ko lo yago fun awọn iwe afọwọkọ ẹgbẹ-kẹta lati dènà wọn.

Apẹẹrẹ imuse akọle (Next.js):

// next.config.js
module.exports = {
  async headers() {
    return [{
      source: '/(.*)',
      headers: [
        { key: 'X-Content-Type-Options', value: 'nosniff' },
        { key: 'X-Frame-Options', value: 'SAMEORIGIN' },
        { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
        { key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=()' },
        { key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains; preload' },
      ]
    }]
  }
}

Imuse akọle (Apache .htaccess):

Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Imuse akọle (Nginx):

add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

Wins yara: Fi gbogbo awọn akọle 5 loke kun iṣeto olupin rẹ. Eyi gba iṣẹju 5 ati pe o mu igbesoke aabo rẹ ni eyikeyi irinṣẹ iwadi.

HSTS Preload

HTTP Strict Transport Security (HSTS) sọ fun awọn aṣawakiri lati nigbagbogbo lo HTTPS fun agbegbe rẹ — paapaa ṣaaju ibeere akọkọ. Lai HSTS, ibẹrẹ akọkọ si aaye rẹ le tun lo HTTP (ti o ni ewu si idasilẹ) ṣaaju ki iṣipopada si HTTPS ṣẹlẹ.

Akọle HSTS:

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Awọn itọnisọna mẹta:

| Itọnisọna | Itumọ | |------------|--------| | max-age=31536000 | Ranti eyi fun ọdun 1 (ni aaya) | | includeSubDomains | Lo si gbogbo awọn subdomains paapaa | | preload | Beere ki o te ni awọn akojọpọ ti awọn aṣawakiri |

Atokọ HSTS preload:

Aabo HSTS ikẹhin. Awọn aṣawakiri gbe pẹlu atokọ ti o wa pẹlu ti awọn agbegbe ti o gbọdọ lo HTTPS ni gbogbo igba. Ifisilẹ agbegbe rẹ si hstspreload.org tumọ si:

  • Awọn alejo akọkọ gba HTTPS lẹsẹkẹsẹ (ko si HTTP → HTTPS iṣipopada)
  • O le nira fun awọn olè lati dìn awọn asopọ
  • Akoko to wa ni pipẹ (nira lati yọ kuro lẹẹkan ti o ti fi silẹ)

Awọn ibeere fun HSTS preload:

  1. Iwe-ẹri HTTPS to wulo
  2. Iṣipopada gbogbo HTTP si HTTPS (pẹlu awọn subdomains)
  3. Akọle HSTS pẹlu max-age >= 31536000
  4. Akọle HSTS pẹlu includeSubDomains
  5. Akọle HSTS pẹlu preload
  6. Gbogbo awọn subdomains gbọdọ ṣe atilẹyin HTTPS

Ikilọ: Fi silẹ si preload nikan ti GBOGBO awọn subdomains rẹ ṣe atilẹyin HTTPS. Itọnisọna includeSubDomains tumọ si pe eyikeyi subdomain ti o ni HTTP nikan yoo di alainidii.

Wins yara: Ti o ba ti ni HTTPS lori gbogbo awọn subdomains, fi akọle HSTS pipe kun ki o si fẹ si hstspreload.org. Iṣiro naa gba ọsẹ diẹ ṣugbọn aabo naa wa ni pipẹ.

Iwadi Ailagbara

Iwadi ailagbara laifọwọyi ṣe idanimọ awọn iṣoro aabo ti a mọ ni ikọlu rẹ ṣaaju ki awọn olè to lo wọn.

Ohun ti iwadii ailagbara n ṣayẹwo:

  • Sọfitiwia atijọ: WordPress, awọn afikun, awọn ile-ikawe JavaScript pẹlu CVEs ti a mọ
  • Awọn faili ti o han: .env, .git, wp-config.php, awọn ikojọpọ database
  • Iṣilẹ alaye: Awọn akọle ẹya olupin, ipo iyasọtọ, awọn traces ikọlu
  • Awọn iwe-ẹri aiyipada: Awọn oju-iwe alakoso laisi ijẹrisi, awọn ọrọigbaniwọle aiyipada
  • Awọn ibudo/ìmọ ṣiṣi: Awọn iṣẹ ti ko wulo ti a fi han si intanẹẹti
  • Awọn aaye ikojọpọ: Awọn fọọmu laisi aabo CSRF, awọn titẹ sii ti a ko ṣe ayẹwo

Awọn ailagbara ti o wọpọ nipasẹ pẹpẹ:

| Pẹpẹ | Ailagbara ti o ga julọ | Ṣatunṣe | |-------|-------------------------|---------| | WordPress | Awọn afikun atijọ | Auto-iṣakoso + WAF | | Shopify | Awọn igbanilaaye app ti ẹgbẹ kẹta | Ṣayẹwo atokọ app ni koto | | Next.js | Awọn ipa API ti o han | Iṣakoso ijẹrisi + idiwọ oṣuwọn | | Awọn aaye ipilẹ | Iṣeto CDN ti ko ni aṣẹ | Ṣayẹwo awọn ofin cache | | Ti adani | SQL ikọlu | Awọn ibeere ti a ṣe ayẹwo |

Iwọn iwadii:

  • Ọsẹ: Iwadi laifọwọyi oju-omi (SSL, awọn akọle, awọn faili ti o han)
  • Ọsẹ: Ṣayẹwo ailagbara awọn ikọsẹ (npm audit, aṣawakiri afikun WordPress)
  • Oṣooṣu: Iwadi jinlẹ pẹlu idanwo ti a fọwọsi
  • Lẹhin gbogbo ifilọlẹ: Ṣayẹwo adarọ

Wins yara: Ṣiṣẹ npm audit (Node.js) tabi ṣayẹwo atokọ afikun CMS rẹ fun awọn ohun elo atijọ. Ṣatunṣe awọn ọran pataki/giga ni kete bi o ti ṣee.

Akoonu Adalu

Akunya akoonu adalu ṣẹlẹ nigbati oju-iwe HTTPS ba gbe awọn orisun (awọn aworan, awọn iwe afọwọkọ, awọn ara, awọn iframes) lori HTTP. Eyi n ṣe ipilẹṣẹ itankalẹ ati mu awọn ikilọ aṣawakiri ṣiṣẹ.

Iru akoonu adalu:

| Iru | Ipa | Apẹẹrẹ | Iwa aṣawakiri | |-----|-----|----------|----------------| | Iṣe | Giga | Iwe afọwọkọ HTTP, iframe, CSS | Dè nipasẹ aiyipada | | Aifọwọyi | Arin | Aworan HTTP, fidio, ohun | Gbe pẹlu ikilọ |

Akunya akoonu ti o ṣe akti ni a dènà nipasẹ awọn aṣawakiri ọna asopọ tuntun — tumọ si pe awọn iwe afọwọkọ ati awọn ara rẹ ko ni gbe. Aƙunya akoonu aifọwọyi n gbe ṣugbọn fihan awọn ikilọ aabo.

Rii akoonu adalu:

  1. Ṣii Chrome DevTools → Console
  2. Wa fun awọn ikilọ "Akunya Akọnya"
  3. Bi elese, ṣe iwadi pẹlu crawler (Screaming Frog, LANGR)

Awọn orisun akoonu adalu ti o wọpọ:

  • Awọn URL http:// ti a ko da silẹ ninu akoonu (awọn ifiweranṣẹ bulọọgi, awọn apejuwe ọja)
  • Awọn ajọ-giga ti n gbe awọn orisun HTTP
  • Akopọ akoonu (YouTube awọn ifibọ atijọ, awọn ẹrọ tẹlifisiọnu awujọ)
  • CSS background-image pẹlu awọn URL HTTP
  • Awọn fonutologbolori ti a gbe silẹ lori HTTP

Ṣatunṣe akoonu adalu:

<!-- Buru -->
<img src="http://example.com/image.jpg" />

<!-- Dara -->
<img src="https://example.com/image.jpg" />

<!-- Ti o dara julọ (onn=> ipasẹ wé, yipada si ipasẹ oju-iwe) -->
<img src="//example.com/image.jpg" />

Atunṣe database (WordPress):

UPDATE wp_posts SET post_content = REPLACE(post_content, 'http://yourdomain.com', 'https://yourdomain.com');
UPDATE wp_postmeta SET meta_value = REPLACE(meta_value, 'http://yourdomain.com', 'https://yourdomain.com');

Wins yara: Ṣii oju-iwe ile rẹ ni Chrome, tẹ F12, ṣayẹwo taabu Console fun awọn ikilọ akoonu adalu. Ṣatunṣe eyikeyi ti o han — wọnyi ni taara han si Google.

Awọn ewu iwe afọwọkọ Ẹgbẹ Kẹta

Gbogbo iwe afọwọkọ ti ita ti o gbe jẹ ewu aabo (ati iṣẹ) ti o ṣeeṣe. Awọn iwe afọwọkọ ẹgbẹ kẹta le:

  • Ti di ajalu (awọn ikọlu pq ipese)
  • Kọ orin awọn olumulo rẹ laisi ifọwọsi (adehun GDPR)
  • Fa aaye rẹ lagbara (ibajẹ isọdọkan, ifasilẹ nẹtiwọọki)
  • Fọ iṣẹ (wọn x awọn imudojuiwọn, awọn aiyede)
  • Fi akoonu ti a ko fẹ silẹ (awọn iwe afọwọkọ ipolowo ti o baje)

Ṣayẹwo awọn iwe afọwọkọ ẹgbẹ kẹta rẹ:

| Iwe afọwọkọ | Pataki? | Iwọn ewu | Yiyan | |--------------|---------|----------|-------| | Google Analytics | Igbbagbogbo bẹ́ẹ̀ | Kere | Itọsọna ẹgbẹ-server | | Awọn ikọlu ifọrọranṣẹ | Boya | Arin | Awọn solusan ti o ni adarọ | | Awọn bọtini pinpin awujọ | Nigbakan | Arin | Awọn ọna asopọ ti o duro | | Iwadi A/B | Nigbagbogbo | Giga | Tester ẹgbẹ-server | | Awọn pixels ti n ta | Igbesẹ iṣowo | Giga | Data akọkọ | | Font CDNs | Didara | Kere | Awọn fonutologbolori ti ara ẹni |

Ikolu fun awọn iwe afọwọkọ ẹgbẹ kẹta pataki:

  1. Ihuwasi Aiyenje Ahu (SRI): Iṣeduro ikanni n dènà awọn iwe afọwọkọ ti a yipada lati gbe
<script src="https://cdn.example.com/lib.js"
        integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxAE+sO0..."
        crossorigin="anonymous"></script>
  1. Iyalenu CSP: Ni idapọ ni idiwọ iwe afọwọkọ lati awọn agbegbe ti a mọ
  2. Sandboxed iframes: Sin awọn ẹrọ aiyipada ẹgbẹ kẹta
  3. Iwadi deede: Ṣayẹwo gbogbo awọn orisun ẹgbẹ kẹta ni koto
  4. Atilẹyin: Gbe faili alabẹwo ni afikun si awọn agbegbe ti o wa ni oju-iwe rẹ

Wins yara: Kọ gbogbo awọn