fbpx
Dedicated website and email hosting
WordPress maintenance plans
Try our website speed test

Website Security

Hacker using a laptop

Are you a Small Business Owner or a Webmaster?

“I’m only a small business. No one would be interested in hacking my website. Why do I need website security?”

This kind of thinking leads to complacency and can leave you vulnerable to an attack which causes real disruption to your business. In fact, Cybercrime Magazine reported in 2019 that 60% of small businesses who fall victim to a cyberattack or data breach go out of business within 6 months*.

With your website being your shop window to the world, keeping it safe and available is an important goal for any small business owner.

Why would anyone be interested in attacking my website?

Around half of all cyberattacks target small businesses. Hackers and bots have no concerns about the damage and heartache they might cause to a hardworking small business owner. There are many reasons why they might want to attack your website:

  • To exploit site visitors. Maybe to redirect them to another website.
  • To steal data. The more information you hold about customers on your Content Management System (CMS), such as contact details or financial information, the more aware you need to be.
  • Black Hat SEO. Named after the black hats worn by the “baddies” in old Western films, Black Hat SEO is a series of unethical practices to gain more traffic for a particular website.
  • Use and abuse your server resources. Server space and bandwidth can be expensive, so piggybacking onto other people’s resources helps hackers carry out activities such as cryptocurrency mining at your expense.
  • Sheer malice. Sadly, some people just want to cause trouble and the online world makes this possible from anyone’s back room

Most websites run using a CMS. By far the most popular is WordPress, with a 64% market share. CMS’s make website design accessible to the many, but also help to make cyberattacks easier for the few.

What can I do to protect myself and improve my website security?

There are some basic steps that every website owner should have in place:

  • Keep software and plugins up to date. Vulnerabilities are constantly being identified and fixed by software and plugin providers. But this only helps if you are on the latest version.
  • Manage your passwords properly. Don’t use passwords which are easy to guess (check out Reader’s Digest most common passwords**). Create different levels of website and CMS access for different people in your business.
  • Use a secure web host and make sure you have effective firewalls and anti-virus software. Investing in a trusted hosting provider is a sensible decision.
  • Make sure you change from your CMS default settings. Your off the shelf CMS comes with default settings. You can be sure that hackers know what these are and will try these first. i.e. don’t use “Admin” as a username!
  • Back up your data – and make sure your back-up works properly. Having an up-to-date copy of your data will make life so much easier (and less expensive) if anything goes wrong.
  • Keep all devices secure. Make sure that all devices which are used to access your CMS and the back end of your website have appropriate security enabled in case they get lost or stolen.
  • Training and awareness. Simple steps to keep your knowledge up to date and make users aware of cybersecurity basics is an important part of protecting your website and your business from the 10,000 attacks which small businesses suffer each day.

At routeToWeb, we have three levels of website maintenance plans to provide peace of mind for small business owners and ensure that their website is up-to-date.


References

* https://cybersecurityventures.com/60-percent-of-small-companies-close-within-6-months-of-being-hacked/

** https://www.rd.com/article/passwords-hackers-guess-first/

From the Security & WordPress categories

Check your username

It's vital to stop using generic usernames such as "admin", "administrator", "root" or "test". These are currently heavily targeted by hacker's bots. If your WordPress username is generic, like "admin", you've given away half of your login details. If you are using one of these, set up a new admin account, login with that and delete the poorly named account.