Google blacklists tens of thousands of websites every day, effectively wiping out all organic traffic to those affected sites. If your small business relies on its website, having a Website Security Action Plan is essential.
The term “bad bot” can bring a smile on. Although not so much when used to describe pieces of code designed to do very bad things on the internet.
Even if you’re not a techie, there are lots of simple measures you can deploy to reduce your security risks.
Why is website security important?
Small businesses are often building websites with software from multiple third parties. Remember the ‘90s where businesses had to employ people to code almost every element of their website? And pay for even basic changes, like a misspelt word?
Now WordPress makes adding website content and functionality simple for anyone in the office to do. There is an enormous selection of free plugins at your fingertips. You can add Instagram feeds, signup forms, and much more, literally within seconds.
So, on one hand, 1000s of free plugins to do all your business online marketing more easily. On the other, vulnerabilities connected to how you deliver content to your website visitors.
There is much more surface area on your website which bad bots can attack. Squarespace, WordPress and other content management systems have plugins and themes, built by a myriad of sources, that you can simply click to install in seconds. The average number of plugins on a WordPress site varies. Most small businesses that come to us have about 20 to 30.
Security agencies and government websites get hacked. No website is 100% secure. Having a plan that includes regular backups, is hugely important.
Over time, website software does get soft. And stale.
When you install plugins, they may be popular, and have optimised, secure code. Two years later, if the plugins are not maintained and updated, they can resemble the ghouls from Thriller. A stinky mess that bad bots can sniff out, and swarm towards. Curious about what they look like? Here’s a list of known WordPress security flaws.
If every software developer coded perfectly, to highest standards and maintained their code vigilantly, we could throw 100 plugins on every website and not worry. No one is perfect *throat clear*. Except wives.
Cyber criminals are now far more sophisticated on how they build automated bots at scale. Imagine your website being a conduit for a bad bot to hijack a customer’s device while they’re browsing online FAQs you’ve directed them to. Or while they’re filling out one of your website forms.
With greater scrutiny by government and media around data, privacy and security, small business owners should be proactive with their website software.
Create a Website Security Action Plan
In your plan, consider adding the following:
- use strong passwords that are unique for each element of your website, including cPanel/hosting account, FTP, the WordPress admin area, database
- don’t give anyone Administrator access unless you absolutely have to
- use a reputable website hosting provider that takes security seriously
- ensure you respond immediately to Warning and Error emails received from Google Search Console
- regularly assessing plugins, whether you need them and are they being regularly maintained by the developer
- regularly updating all website software, including WordPress, plugins, and the theme. Don’t forget to update PHP (carefully) as well.
- remove any unused plugins and themes to reduce maintenance overheads (and speed up your website).
- have a regular backup plan that includes storing a copy of your website files and database somewhere else, additional to storage on your web hosting server
- add fine tuning website security plugins, like Wordfence
- ensuring your website has a valid SSL certificate, a padlock in the address bar of your browser, and your website address starts with “https” rather than “http”
- Add Google ReCAPTCHA to your contact forms – it’s a free service that makes it difficult for bots to fill out your forms
- Use Cloudflare to make it more resource intensive and costly for perpetrators to deploy bad bots
Google Search Console
Google Search Console helps you measure your website’s search traffic and performance as well as find and fix issues (including security problems). If you haven’t already done so, set it up now for your website. Watch this 10-minute video to learn how.
Shared Website Hosting
On a shared hosting plan, you share the server resources with many other customers. This opens the risk of cross-site contamination where a hacker can use a neighboring site to attack your website.
Our small business website hosting options work 24/7 to protect your website and data, by
- continuously monitoring our network for suspicious activity
- having a simple back up and restore process
- having tools in place to prevent large scale DDOS attacks
- keeping server software and hardware up to date to prevent hackers from exploiting security vulnerabilities in an old version
If you have a WordPress website, the most popular security plugin Wordfence, will help protect against attackers.
Wordfence Firewall & Scan leverages a constantly updated Threat Defense Feed, alerting you quickly about security issues or if your website is compromised. A Live Traffic view gives you real-time visibility into traffic and hack attempts on your website.
SSL won’t stop bad bots, but it will protect visitors on your website from spying and attacks from hackers (who may try to steal their contact details like phone numbers, email addresses and credit card information).
Google ReCAPTCHA adds a background test to check if it’s a human or bot filling out a website form. If your contact and other forms don’t have any security, hackers can “trick” it to sending out SPAM. Another fast way that your business’ website can be added to blacklists.
Most web hosting companies integrate the free Cloudflare content delivery network option with share hosting plans. You do have to turn it on and set it up correctly. Cloudflare’s main function is to improve website performance and page loading speed. However, there are also useful security features.