SEOLZ

Every Ghost fix we catalog

SEOLZ catalogs 7 fixes for Ghost across 4 areas — SEO, answer-engine readiness, accessibility, security and site-health. Each lists the exact steps for Ghost, with a link to the official docs.

See the Ghost audit overview →Scan my Ghost store free

SEO · 2 fixes

Missing meta descriptionQuick win

Write a unique meta description of 120–160 characters for every page so Google has compelling snippet text to show in search results.

On Ghost

  1. For a post or page: open the post/page editor → click the settings gear (top right) → 'Meta data' section → fill 'Meta description' → Update.
  2. For the homepage/global settings: Ghost Admin → Settings → Meta data (under 'SEO') → fill 'Meta description' → Save.
Full guide →Official Ghost docs ↗
Missing og imageModerate effort

Add an og:image meta tag to every page so social media platforms and messaging apps display a rich preview image when someone shares your store's link.

On Ghost

  1. Ghost automatically generates og:image tags for posts and pages that have a Feature Image set.
  2. For each post or page, open the editor → click the Settings panel (gear icon) → set a 'Feature Image' (1200×630 px recommended) — Ghost uses this as the og:image.
  3. For the site-wide default (used when no feature image is set), go to Settings → General → Publication icon / cover image — Ghost uses the publication cover as the fallback og:image.
  4. Validate with the Meta Sharing Debugger to confirm images are rendering.
Full guide →Official Ghost docs ↗

Accessibility (WCAG) · 2 fixes

Html has langQuick win

Add a valid `lang` attribute to the `<html>` element so browsers and assistive technologies know what language your page is written in.

On Ghost

  1. In Ghost, the `<html>` tag lives in your theme's `default.hbs` file (the root Handlebars layout).
  2. Access your theme files via Ghost Admin → Settings → Design → Customize → (download theme or edit via direct file access if self-hosted).
  3. Open `default.hbs` and find the `<html` tag. Add or update the lang attribute using the Ghost locale helper: `<html lang="{{@site.locale}}">` — this dynamically outputs the locale set in your publication settings.
  4. Set the publication locale under Ghost Admin → Settings → General → Publication Language.
  5. Upload the updated theme via Settings → Design → Upload theme, then verify via View Source.
Full guide →Official Ghost docs ↗
Html lang validQuick win

Set a valid BCP 47 language code on the `lang` attribute of your page's `<html>` element (e.g., `lang="en"`) so browsers, screen readers, and search engines correctly identify the page language.

On Ghost

  1. In your Ghost theme files, open `default.hbs` (the root layout).
  2. Find the `<html` tag and update it to use Ghost's locale helper: `<html lang="{{@site.locale}}">`. Ensure your publication locale is set correctly in Ghost Admin → Settings → Publication info.
  3. Upload the updated theme zip via Ghost Admin → Settings → Design → Upload theme, then verify the page source.
Full guide →Official Ghost docs ↗

Security (OWASP) · 2 fixes

Info disclosure x powered byQuick win

Remove or mask the X-Powered-By HTTP response header to stop advertising your server technology stack to attackers.

On Ghost

  1. Ghost runs on Node.js/Express. In your Ghost installation's config.production.json or a custom Express middleware file, you can add app-level header removal.
  2. The most reliable approach for self-hosted Ghost is to configure your Nginx reverse proxy (the recommended Ghost setup uses Nginx in front): add `more_clear_headers 'X-Powered-By';` inside the `server {}` block of your Ghost Nginx config (usually at /etc/nginx/sites-available/your-ghost-site), then reload Nginx.
  3. For Ghost(Pro) managed hosting: this is outside owner control; contact Ghost support if flagged.
Full guide →Official Ghost docs ↗
Missing x content type optionsQuick win

Add the `X-Content-Type-Options: nosniff` HTTP response header to every page of your store so browsers never guess at file types.

On Ghost

  1. Ghost (self-hosted) is typically run behind Nginx: add 'add_header X-Content-Type-Options nosniff always;' inside the server {} block of your Ghost Nginx config (usually at /etc/nginx/sites-available/your-ghost-site.conf).
  2. Run 'sudo nginx -t' to validate the config, then 'sudo systemctl reload nginx'.
  3. For Ghost(Pro) hosted, the platform handles security headers — verify in dev-tools; contact Ghost support if the header is absent.
Full guide →Official Ghost docs ↗

Site Lifecycle · 1 fixes

Ssl expiryQuick win

Monitor your SSL/TLS certificate expiry date and set up auto-renewal so your store never goes offline or shows a security warning to shoppers.

On Ghost

  1. Ghost(Pro) managed hosting handles SSL automatically — no action required. Verify the padlock appears on your custom domain.
  2. For self-hosted Ghost (on a VPS/server), Ghost uses Let's Encrypt via its built-in SSL setup. Run 'ghost config url https://yourdomain.com' and then 'ghost setup ssl' (or 'ghost restart') to provision/renew.
  3. Confirm auto-renewal is working by checking the Let's Encrypt renewal cron job on your server: 'systemctl status certbot.timer' or equivalent.
Full guide →Official Ghost docs ↗