This seems to be a topic that I talk A LOT about lately. Business owners are busy, I get it. There is always so much to do, so many things that need your attention, that you just can’t be bothered worrying about your website. You haven’t taken the time to update and freshen up your content, let alone update WordPress, your them and your plugins. Not keeping up with WordPress updates can leave your website very vulnerable, as many WordPress updates includes security patches to prevent evil-doers from getting access to your site.
So, what can potentially happen then if you ignore your website?
Yes, you’ve been hacked. The “White Screen of Death”, as we call it. Or maybe your site is now officially in the “adult” website category? Or, it has been redirected to another site? Or someone has removed your site and added their own, using your server space and bandwidth?
Any number of things are possible, and all are repairable, but at what cost?
At the very least, your previous website must be restored from your backup.
You DO have a backup system in place, right?
If not, potentially your hosting company can restore it to a previous date, but most of them can only restore to 30 days prior, so if your site had been hacked prior to this, and you have no backup, then you’re looking at recreating your entire site. From scratch. No bueno!
Last week, I decided I would reconnect with a couple of clients who have not been very active in their website. They have not made any changes to it in 2-3 years, nor had they been in touch with me to make any changes to it. Prior to contacting these clients, I thought I would stop by their sites to see what recommendations I had for them. Imagine my shock when I discovered that both sites had been hacked in the past couple of weeks!
One site had another entire WordPress site installed to another directory, so the hackers could just give out their own URL, such as www.yoursite.com/hackersite. They just moved right in and set up house! Another site, had thousands of html pages added to just about every folder in the site (see image, right) and were selling everything from shoes to purses, to sunglasses, jewelry….you name it. In both cases, the PHP files had been altered to essentially break the client’s site, and they were now just giving out their own URLs t sell their stuff. Too cheap to pay the $70 a year for their own hosting I guess.
So what can you do to help prevent attacks on your most valuable marketing tool?
- Log in regularly and make sure that WordPress is running the most current version. It’s also a good idea to keep your theme and plugins updated as well, as updating only a piece of your website can often lead to compatibility issues. Hopefully you are active in your website and refreshing your content and maybe posting to your blog on occasion, so logging in on a regular basis and taking care of these things is not a big deal for you.
- Install a security plugin, which will alert you to people trying to log in to your site. You will be amazed at how many people actually try to do this. I prefer Wordfence Security, but there are many out there, so do your homework to see which will work best for you.
- Change your password frequently. Be sure to use something encrypted, and not something very benign, like password. You’d be surprised how many people actually use that for a password. What hackers and bots do, is scan WordPress for your user name, then try combinations of passwords to attempt to gain access. If your password is an easy one, that won’t be hard for them. Use a website like Secure Password Generator to create a unique, encrypted password.
- Make sure you have a good backup plugin installed and working properly. Many WordPress Hosting Plans provide free daily backups, but if you’re on an older hosting plan, you may not have that feature. For a backup plugin, I prefer Updraft Plus Premium Backup. They offer a free version as well, but it doesn’t have as many options, of course.
- For extra added security, add an SSL certificate to your website. These will give you an extra layer of protection, and generally run about $50 – $100 per year, depending on what your needs are. An SSL will verify your domain control and secure your site, which is noted by the https:// protocol, instead of the normal http:// protocol. Click here to learn more about SSL certificates.
The most important thing to remember here is to take an active role in your business’ online presence and keep tabs on your website. Regularly monitoring can prevent serious attacks on your website and save you time, headaches and most of all, money.
If monitoring your website is just not in your bag of tricks, consider using a website maintenance plan to protect your site. I have four options to choose from, for various needs and various budgets. They can be very affordable, especially when you consider the possible alternatives.