It sure seems that in 2018 Google, especially, is taking a tough-love attitude to your website. In other words, it used to be fine to be a set-it-and-forget-it brochure website. Now, if you want to be seen, you have to make an effort.

Google doesn’t need another lame, broken, static website to provide a good search experience to 40,000 web queries per second. Indeed, 1.8 Billion websites mean that every single business category is super competitive. If you rely on search, you’re probably gonna have to step it up in 2018. I think this could be the year of the great winnowing, when passive website owners could be left behind.

Back in the day, Google changes used to create gold rushes. Remember when the first algorithms changed everything and there was a rush to game-out SEO, which resulted in bad search results for months? Today, there are over 200+ quality measures in the algorithm and micro updates arrive more frequently, but with smaller changes. That said, 2018 is likely to be a banner year for rank movement. There are opportunities for sites that invest in what engines want. 

In 2018, there are several of big rank factor changes that could let you leapfrog in search. These are also the minimum to prevent you from tanking.  To rise you still have to create valuable content and SEO it, but do these as a minimum and you'll gain on sites that don't keep up.


Mobile Ranking

HTTP and SSL Layer Encryption

2018 Email Collection Data Law Change (GDPR)

Structured Data SEO based on Schema Categorizations (

WordPress: Security


Mobile everything is a big change for 2018. Last year, sites that are not mobile enabled stopped appearing in mobile search. This year, expect a flip from desktop search results to mobile search results.  This change reflects the fact that mobile search is over 60% of all search, (70% in some categories). Non-responsive websites can expect another big drop in rank. Check here to confirm that your site is mobile enabled. 

This change may not seem important, but to rank you’ll have to pay more attention to performance tuning.  Mobile rank means mobile-first criteria, including thumb-scroll functionality like E-Commerce purchasing. Page Speed. Page Size. Page Requests. Mini-fication. Render Blocking, etc.  These are places to pull ahead in search rank while working on other content and quality factors. To many websites, this might mean simply putting a new, mobile-first template on your existing site.

You’ll also need to make new choices about your SEO because mobile searchers use fewer words than desktop typers.


If your website reads HTTP and you have E-Commerce, fill-in forms or squeeze pages, Google, especially, is likely to display one of several messages that scream "Danger. Don't Go Here" to your customers. This customer experience gives any brand a black eye and many business owners are not aware of why. Remember, this isn’t about you. It is about Google and other search engines delivering on their sustainable competitive advantage of providing a safe, high-quality experience to browsers and shoppers.

Hyper-Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, which is the way your website and server communicate with search engines. Put briefly, it is an encrypted security layer that customers and browsers can trust. The 'S' at the end of HTTPS stands for 'Secure' and it is especially important for E-Commerce websites. Add an SSL layer immediately and make sure you provide redirects to older inbound links so you’ll still enjoy the ranking benefits of those links.

It will cost you somewhere between $50 and $250 per year. Some all-in-one platforms, like SquareSpace and Shopify include it as part of your fees. Web browsers such as Internet Explorer, Firefox and Chrome display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect.  Failure to add the security layer means customers are likely to see the warning page.  Google says more, here.


If you do any outbound email marketing (and you should), a new EU law may drive your practices and how you handle data. The General Data Protection Regulation (GDPR) is the most important change to data privacy in twenty years; this new digital privacy regulation takes effect on May 25th, 2018. The law harmonizes a wide range of different privacy legislations across the EU into one unified set of regulations that will protect users in all member states.

Companies will be required to build-in the highest levels of privacy settings by default. All marketing will be by permission and require double opt-in email contacts at the peril of big fines. The law requires ongoing privacy assessments, permission marketing, documentation of data handling and disclosure of data breaches. If you’re a US company, as a practical matter you may be able to keep your current email without executing a new double opt-in, but it is a mistake to think an EU law doesn't affect you.  It does.  Any new sign-ups should move to double opt-in to stay on the right side of the penalty risk, and also customer expectations.


This is also the year of Structured Data.  Sites without the JSON-LD code are already seeing penalties. Around December 15th of 2017, Google rolled out a new algorithm update in the middle of the Christmas E-Commerce season. It punished sites with no schema data and also those with old-school squeeze or re-direct pages. It may also have punished sites with marketing pop-ups.

Schema standards drive Structured Data in the march to a semantic web. Structured Data SEO augments traditional SEO by inserting code into your pages that tells the Internet exactly what is on that page and to whom it will have value. You declare, in a standardized way, exactly what is on your page and the kinds of people to whom this information is useful.  Not necessary when there were five websites.  Totally necessary with 1.8 Billion sites.

Helping search engines in this way is rewarded with site visibility and as recently announced, with better search rank. The semantic web vision is to help search engines understand meaning in part, by adding clarity for words that may have multiple meanings. 


I know this is controversial, but unless you are your own developer, please God, retire WordPress.  There are better, simpler, cheaper all-in-one platforms that don't come with WP's huge security risks. 

Way too frequently, I read headlines like the one on December 18, 2017, "Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC. A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive campaign we have seen to date, peaking at over 14 million attacks per hour."

If you use WP for E-Commerce, chances are that unless you update security monthly, you have exposed your customer's personal info to the dark web.  There is just no need for these risks.  Let the pros keep up the security backbone with one of the great all-in-one platforms.

Scott Frankum