#Tip Number 1 to improve your recruitment website during COVID-19


While all other recruitment website vendors are saying buy their website, buy their website, I am going to tell you what to do with the one you have got during COVID-19.


I look at recruitment websites daily; on a busy day, I look at 5-25. On a day where I have lots of time, I can easily look at 100+. Daily, I will release tips to move your sites forward, the tips you can do without my help or spending money with me.


SSL Security


Six in 10 websites I look at have an SSL security certificate issue. Either no certificate or the SSL has errors in its set up (common is the HTTP is not redirected to the HTTPS).


Not having an SSL security certificate means your site can be hacked by 98% of the hacker community. Add SSL to your site and that will drop to 40% of the hacker community, and it will cost you maybe £10 to £50.


If you have a WordPress-based website, you have officially the most hacked website CMS in the world, accounting for 90% of hacked sites. 98% of hackers target WordPress. I am not picking on WordPress, BTW, just offering the facts, as it is the most common website I see if it is not from a recognised vendor like us. 


A well-protected WordPress site is as good as any other, but the industry which supplies the WordPress sites ranges from “my teenager made the site for me” to those who want £1000 a month to run them. So the update of SSL on WordPress sites is erratic; this differs from direct makers of recruitment websites, who all provide SSL as standard.


Hacker activity is up 750% in Jan/Feb of 2020. 75% of all hacker activity is aimed at firms classified in the small to medium-sized category, which describes at least 90% of the 40,000 recruiters registered at Companies House.


They come to set up phishing hacks and to steal customer data; recruiters’ customer data would be the CVs stored in your candidate portals, and often these CVs hold special data. Most WordPress plugins hide in their code, but not from hackers, the personal data they store in other forms like Contact Us, Call Us Back, etc.




If you have no SSL or a part-working SSL, you can’t be GDPR-compliant, because you fall foul of the need to take “all reasonable steps toward being cyber secure”. It is as basic a security task as insuring your car if you have one.


SSL & Reputation


Google search, Google Chrome, Safari, Firefox, Microsoft all flag to your website visitors your website is not to be trusted. Need I say more?


Reference material








Diversity Statement: This copy was written by Darren, our founder, who is severely dyslexic. He was assisted by Word & Grammarly, and if they did not catch it, then Darren had no chance ;). If you are still bothered by this, then you really need to get a life.