Is Your Website Protected from Hackers – 3 Questions to Ask
I recently spoke to a small group of business owners, and I think I surprised many of them a bit. I talked about website security (no, that’s not the surprise). Security on your website, and my website. Not a big bank site, not Amazon, but regular business information sites with blogs. We as small business owners must think about website security and ask if our website is protected from hackers just as much as the big sites.
I recall thinking my small business website wouldn’t be a target for hackers, but I found out otherwise. In learning about and building websites I’ve used various tools, and installing website security plugins opened my eyes. Sucuri is the security software I use on on this site, and I get a report each day telling me the number of hackers trying to log into my site. Now most likely they are just a BOT program set up by someone in a foreign country that tries to guess the login ID and password, but they try over and over and over again! Today alone I saw attempts come from Germany, China and Spain. And what would these hackers do if they guessed the correct ID and password? They could take the site down, they could put up a harmful site it its place, or they could upload malware that would infect people who visit the site.
So my first question to you, small business owner (especially those of you who created your website yourself) is do you know if your website is protected from hackers? Do you know it’s safe on a daily basis? If you’re not sure, there are two things to check first. Ask your website person to make sure the administrative ID used to login to your website has been changed from the default setting. In WordPress when you set up a site, it defaults to “ADMIN” for the the login ID. If your ID is still is “ADMIN”, go change it right now! Change it to something NOT easy to guess. It can be anything, but don’t leave it as the default, that’s leaving the door half open for hackers. The second thing is to make your password complex, not easy to guess. There are password generators available that will give you 8-13 character passwords to use. Include letters, numbers and symbols. If your password is easy to guess, that’s leaving it very easy for hackers and programs to randomly guess and get in your site.
A second question to ask your website person is if you have a website security program installed on your site to monitor these security events. If it’s a WordPress site, you can use programs like WORDFENCE or Sucuri or iThemes Security just to name a few. These programs are set up monitor your site, telling you who tries to log in, where they are located, and how many times they try. You can set them up to send you an email each time a security event happens or a daily summary. In some programs (usually paid versions) you can block countries or IP addresses from attempting the login, scan the site for malware, look for changes or outdated themes, and malicious code.
A third question to ask your website person is whether or not the site is being backup up regularly. Like files on our computers, in case a website gets hacked, you’ll want a backup in order to restore it. Again, you can install a plugin program to the WordPress website that will schedule and run regular backups. I use BackupBuddy on my sites, but there are others available to run backups of your site. If your site isn’t being backed up by your website person, make sure your hosting company is running regular backups. Most reputable sites do this now, especially if you have a managed hosting plan. One possible issue with this, however, is if something happens to your site, you’ll have to work with the hosting company to get it restored. If your website person performs the backups, they may be able to restore it easier than relying on the hosting company to do this.
If you’re a small business owner and you’re not sure about the answers to these questions, I’d be happy to talk with you more about it. I offer maintenance packages that make sure these types of things are being handled and your website is safe. Just drop me an email if you’d like to talk about it more or if you have questions.