As a small business owner, you are likely managing many different aspects of your business. Between day-to-day operations, client related work, networking and business building activities and new client prospecting, your day is full. When your business is running like a well-oiled machine, it feels so good. There are a few things that can bring operations to a grinding halt and rip into your regular schedule.

“Hey – did you know your site is showing a butler with creepy music in the background?” (This is a true story! This happened to a client of mine.)

Or

“Hey, I visited your site but all I see is a big white page. Is your site working?”

This is the worst feeling. You get a pit in your stomach and start to wonder why anyone would even bother to try to hack into your small website. It’s not like you get enough traffic to be able to make a dent like Amazon or Walmart’s websites would.

But that’s exactly why they attack your website: You don’t have the security measures in place like all large websites do. Your website is low-hanging fruit to hackers who want to amass a maze of websites that can help them cloak their online presence from authorities.

Here is a notification I received recently about a client’s website. This client is a small local family-owned print shop in a small town with a population under 12,000. In the space of 10 minutes, they had 203 attacks on their website:

Common Access Point to Your Website

Many businesses have a WordPress website with the common login point being yourdomain.com/wp-admin. This makes it super simple for anyone to find the backend access to your site.

Once the hacker has found the wp-admin login domain, they just need to figure out your username and login. And the world’s most common username for the WordPress login portal is “admin”. If your login is set to “admin”, you might as well just create a large neon sign inviting unwelcome users into your site.

But hackers are not sitting there trying to decipher your username and login manually. They have programs that do all of this for them. They just wait until their software identifies and cracks open access to your unsecured website.

Your website is a dream come true for a hacker to stumble on if:

  • You have not updated any of your plugins or themes in 30+ days
  • Your password to log into your WordPress Dashboard is shorter than 8 characters and has no special characters
  • Your username for the WordPress Dashboard is “admin”

Three Things You Can Do To Secure Your Website

If you do not currently have a website manager who is running a monthly website maintenance plan for your website, here are three easy ways you can secure your website from hackers.

1) Change Your Username

If your username to login to your WordPress Dashboard is “admin” Delete user account “admin” and create a brand new login with an original username. To find the Users for your Dashboard, login to https://yourdomain.com/wp-admin/users.php. You will need to create a new user account so that you can access your site securely. Once your new user account is created, hover over the user “admin” and hit delete. If you do not see the option to delete the user, you probably have blog posts attributed to the admin account. Transfer all of those blog posts to the new user name you have just created and you can now delete your admin account.

2) Change your WordPress password monthly

The easiest way to secure your website login details is to change your password frequently. This should be common practice across your business for email addresses and other important information. Login to your WordPress Dashboard and you can easily change your password from the user screen. Select the user and scroll down to Account Management. From here you can click “Generate Password” to easily and quickly change your login information. The password that is generated will be long, complicated, and will include a variety of letters, numbers and symbols. The longer and more complicated your password is, the harder it will be to guess using either software or manual guesses.

Pro Tip: You’re probably thinking that a hacker won’t be able to guess this and you won’t ever be able to remember it! I use LastPass to securely store all of my passwords. But do adopt the same policy with your LastPass account: Change your password frequently!

3) Update your plugins and WordPress version regularly.

Plugin developers are constantly improving their products and updating security. The longer a plugin stays the same, the easier it is to read the code and create a loophole for accessing a site. Frequent updates to your plugins is essential to have the latest security in place and the most optimized plugin downloads.

WordPress also updates its versions, but not as frequently. An outdated version of WordPress on your website is a bright neon sign to a hacker that your place is an easy target.

You might find that when you update your plugins and WordPress version, your website turns into a blank white screen or that some of your website functionality disappears. This is also a common issue that may require the help of a website design agency. (Bookmark or save this blogpost so that if this happens to you, you know who to contact: support@lisamgale.com.)

The best practice for updating your site regularly is to create regular backups that you can restore your site back to the previous version in the cPanel if anything happens. It will take some troubleshooting to figure out which update broke your website, but you can clearly identify this if you update each plugin one-by-one and revisit your site after each update.

Monthly Maintenance Program

If you are a busy business owner with no desire to add this to your list of to-do’s, contact me to ask about our monthly maintenance program. We offer three options that include security, backups, updates, speed improvements, analytics and more.

Enter your information to inquire about our monthly website maintenance program: