Read on if you: 1. Own a small business, 2. Are taking a break over Christmas, and 3. Would love your website to still be running when you return in the new year.
This article will explain, in plain English, the things you need to have on your website that will keep it safe and running when you’re not around. We’ll explain:
- Why someone wants to hack into your website versus a well know business,
- The flow on effect if your website is ever hacked,
- How to lock down security,
- How to set up a sturdy backup system in case anything goes awry, and
- How to set up monitoring.
Why would someone want to hack MY website?
Believe it or not I get at least one call per week from a sole trader who’s had their website hacked and has no idea how to get it back up and running. When this first started happening I asked myself – “why would someone bother hacking into such a tiny and seemingly insignificant website?”
There’s two reasons:
- Easy Money,
- Your website’s email system, and
- Your website can scam people.
When a hacker gets into your website, they can change your website’s code so that visitors are automatically sent to another website. The brilliance of this system is that they earn a small commission whenever someone visits that website.
They continue hacking hundreds of websites which means hundreds, even thousands of dollars in commissions rolling in every day.
Your website’s email system
Most websites have a way of sending emails. An example of this is when some one enters their details into your Contact Us page and the website sends you an email with their details.
Hackers love finding ways of sending SPAM emails so they don’t get caught. International police have been finding ways of switching off their SPAM email servers so hackers are inventing new ways to get their SPAM emails out. Small business websites are an easy target because most of the time people have no idea that their website is even doing it.
Your website can scam people
Hackers can change the code on your site to make it look like another website, such as a bank website. They then fake emails that send people to your website. People enter their username and password, thinking they’re logging in to a legitimate bank website and the username and password are sent to the hacker, allowing them to then hack into that person’s bank account.
Once again, using your website instead of their own means there’s very little likelihood that the hacker will ever get caught.
The flow on effect of having your website hacked
When your website is hacked there are a number of things that happen:
- Google sees that your website is dodgy and marks it as unsafe. This means that when people visit your website they are presented with a warning to not visit the site.
- Virus scanning software soon picks up that your website is added to the list of potentially unsafe sites. All computers around the world that use an Internet virus scanner will show a warning to not visit this site. Removing your website from this list is a long manual process.
- Your website server may get “blacklisted” – that is, added to a global list of untrusted servers. This is a bad thing, for example if you want to sent emails from your website server, then other email servers will not accept those emails as it detects that they were sent from an untrusted server.
- Your hosting provider will shut down your account. This means you need to negotiate with them to get your account back up and running.
- You need to invest resources, time and money to get your website back up and running, tell your customers that your website is safe and have a specialist either restore your website or remove the hacked code.
This is by no means a definitive list of what happens when a website is hacked so be prepared for any surprise!
How to lock down security
Sorry for all the doom and gloom above. Unfortunately this is what some business owners need to go through to learn the consequences of not having their website secure.
Fortunately there is hope though and you can take action now!
If you’ve got a WordPress website there’s a couple of add-ons that dramatically reduce the likelihood of your website getting hacked. I always recommend using:
These two add-ons, or plugins in WordPress speak, allow you to set up WordPress like it’s a fortress.
I have installed and run these two plugins on my own business website and testing using multiple testing programs. All programs that I used gave the website a big tick in the box for zero security vulnerabilities.
How to set up a sturdy backup system
A lot of hosting companies provide free website backups. That’s great, as long as you can access the backups and know how to restore them.
Less than twelve months ago my hosting provider completely wiped my file system – including my backups. After a lengthy conversation with their support staff they realised their error and restored all the files. This meant however that the websites on this file system were down for almost an hour. Luckily, the majority of these sites were websites that were being built – i.e. they weren’t visible to the public yet (as a side note, I’ve moved hosting providers since).
For my live customer facing sites, I choose to have the backups stored remotely. This means that they are stored in a secure location on the internet using cloud storage like Dropbox or Google Drive. If a website server ever blew up, I’ve still got access to all backups.
I highly recommend taking on this approach for all your websites – especially if your web person is going to be away over the Christmas break. You never know – you might need to give another web person access to your backups over that break if something goes awry.
To make your job easier, I recommend using a free WordPress plugin named UpdraftPlus. It makes the job of storing your backups remotely really simple.
How to set up monitoring
Website monitoring is a saviour when it comes to being pro-active about your website. Most monitoring services will send you an email when your website is not responding. This is a great way for you to jump onto it before your customers start calling.
To set up website monitoring, I recommend creating a free account with Uptime Robot.
Wrapping it up
Unfortunately web hackers are getting smarter and smarter and learning to pounce on small business websites who don’t have the resources to have full time I.T. staff looking after their websites.
There are ways around this, especially if you’re wanting to put your feet up this Christmas and relax.
A few simple WordPress plugins can save a massive amount of headache and red faces in the future.
If you’re looking for some help to set up the security of your WordPress website, then please book in to chat with our website specialist.