By Brenda Cadman
In early March 2014, Michelle discovered that her website had been hacked. She had not been properly maintaining her WordPress based website, it became out of date, vulnerable and consequently she was attacked by hackers. No problem, right? Just go to your web hosting provider and ask them to replace the hacked site with a clean, backed up copy.
Hold up, speedracer.
This is why you should never rely on your web hosting provider for backups – they are in the business of providing website hosting, not backup and restore solutions. In Michelle’s case, yes they did have a copy of her site – a copy of the hacked website. Whoops.
I want you to take a minute to imagine yourself in the same situation. Can you afford to have your website go down for an extended period of time? Can you afford to lose any updates that you’re making on your site (e.g., in a blog or articles section)?
Not a pretty picture, is it?
WordPress is an amazing website content management system (CMS) and there’s a reason that it is the most widely used CMS on the web. We recommend it wholeheartedly. However, the fact that WordPress is so widely used also means that it’s a larger target for potential threats.
The good news is that it’s very simple and relatively inexpensive to ensure that you do not find yourself in Michelle’s shoes. Which is why there is no good reason that your website security and backups shouldn’t be prioritized as much as design and functionality when it comes to building your site!
Everything Else in Your Life is Secured, Why Not Your Website?
The unfortunate reality is that small business owners, including wedding professionals, are often targets for hackers, even if you never collect any sensitive information like credit card details.
In fact, according to a September 2013 Forbes article, a shocking 30,000 websites are hacked every day, and the majority of those sites are legitimate small businesses like yourself.
And did you know that if your site is hacked and not cleaned up quickly, your website could be blacklisted by major search engines? This leads to major browsers blocking access to your site, thereby effectively removing your website from the internet.
Let’s save you some unnecessary heartache, shall we?
Here are 5 ways to ensure that your time is free to spend on your wedding business, not fixing a hacked website:
1. Use maximally strong passwords
This applies to both your WordPress login as well as your website’s FTP password. Strong passwords usually contain a mix of letters, numbers and special characters and they should not be easy to infer (e.g., your birthdate, contact number, address, or mother’s maiden name). A good resource is StrongPasswordGenerator.com.
2. For the love of all things holy, please do not use “admin”!
Do not (I repeat, do NOT) use “admin” as your username!
When you install WordPress, the default username is “admin”, and a lot of people don’t change it. As a result, brute force hackers commonly go after WordPress sites that have this username. In simple terms, a hacker goes to the login page on your website and tries every password it can to see if it can get in.
These are automated attacks, and these computers (or hackers) go after thousands of sites all targeting the ‘admin’ username. So using ‘admin’ puts you at a higher risk, especially if you have a weak password (see #1 above!).
3. Maintain, maintain, maintain
Recall the last time you logged into your WordPress dashboard to update your site or post a blog article. Did you see something that indicated there were updates to be done? It’s not something to be ignored, in fact, it’s imperative to run upgrades because they improve features, fix bugs and prevent hackers from inserting malicious code.
Make sure you’re running all updates, including those for core version changes and plugin updates. Additionally, if your website was built using a premium theme from a site like Themeforest, you’ll need to make sure that theme updates are done as well.
While WordPress updates usually run smoothly, they don’t always go as planned and things can break. That said, if you have a proper backup solution in place, even if your updates don’t go smooth as silk, you can easily restore your website and then bring in your web support team to get back on track.
4. Get thee some malware monitoring
Sucuri is an awesome website monitoring and malware cleanup service. In a nutshell, their service frequently scans your website and alerts you if you’ve been hacked or infected. If you do end up hacked, the Sucuri team will clean it up for you at no additional cost.
5. If all else fails, backups will save the day!
Even the best security measures can’t save something that has been lost. Sucuri will only detect and clean, not recover, plus there are also other ways you could lose information even if you aren’t hacked. I know one business owner whose assistant accidentally deleted the company’s homepage files from their website. Yikes!
Make sure you use a third party backup provider. Michelle relied on her hosting company; don’t make the same mistake.
It is dirt cheap to implement a one-click backup and restore solution for your WordPress site, and VaultPress is our usual recommendation. At $5/month for their “Lite” plan (which will be sufficient for most wedding professionals), that’s pretty cheap peace-of-mind. It’s also much faster and more efficient for you to have direct access to your backups, rather than relying on a hosting company to restore them for you.
Note that you may need a web developer to assist with the initial implementation of VaultPress, but that’s a one-time thing and shouldn’t take more than 1 hour of their time to complete.
While the topic of web security and backups admittedly isn’t as sexy as the design or marketing of your website, it is of critical importance yet often overlooked. As Marie Forleo (who I adore) often says, “Insight without action is worthless.”
So take action now and tell us in the comments below what steps you’re going to implement immediately to protect your website.
About the Author
Brenda Cadman is owner of WeddingBusinessWebsites.com and has been providing website design and development services since 2000. In the past, she has successfully managed both local and national marketing initiatives, but these days her focus is squarely on the wedding industry. A former professional organizer, Brenda loves to spend much of her time building relationships, developing systems and ensuring that clients are delighted with their websites.