With more and more businesses taking their businesses online, especially due to the change in consumer behaviour due to COVID-19, we have noticed a sharp rise in these business websites facing cyber-attacks.
Many small business owners are embracing the power and flexibility of website content management systems (CMS) such as WordPress. These systems, despite being an amazing tool to help get your business noticed, face the constant threat of a cyberattack.
This article covers the most common issues and fixes for WordPress sites but you will find that many of these issues also apply to other content management systems.
“But my business is too small to be targetted!”
Many site owners think hackers only target large businesses and don’t have any reason to target their website. That’s simply not the case.
In reality, 43% of all cyberattacks are targetted towards small businesses. This is in part because many small business owners are often busy and strapped for time, cybersecurity might not be a top priority.
Cyberattacks and your website
Many cyberattacks are opportunistic, with hackers spotting vulnerabilities in a website and exploiting them. These attacks commonly involve finding a weakness in the code of your website or installed plugin. This weakness then allows them to insert their malicious code to bypass security/authentication processes or to install ‘malware’.
How do you keep your WordPress site secure?
While it can be almost impossible to make a website 100% secure to the most determined hacker, there are some basic steps that as a website owner, you should be putting into place:
Make sure you have chosen a reputable hosting company:
There is an extensive list of hosting companies available on the web so when choosing a new host or reviewing your current provider, view the companies online reviews. These reviews show you how different providers compare in terms of overall hosting quality and also individual aspects of their hosting setups, like security, reliability, speed, etc.
HTTPS not HTTP – Use an SSL certificate on your site:
A website needs an SSL certificate to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and gain user trust.
If you have a website you should be using an SSL certificate and if you are running an online shop or taking payments this is an absolute must.
Most hosting companies can offer basic SSL certificates as part of the hosting package, however, you also have the opportunity to purchase one separately if you need to.
Make sure you are using the up-to-date WordPress version and all plugins:
After speaking to clients who have experienced cyberattacks, we find that most are not regularly updating their plugins or CMS. WordPress has simple tools to help make updating aspects of the website simple and straightforward. Just make sure that before you do a big update you make a backup.
Make regular backups:
Some hosting companies, such as SiteGround, offer automated backups of your site. These backups can be lifelines for those business owners who face an attack which takes their site offline. A quick tip for those with more active sites is to keep a regular plan of when you perform these backups. If you have to roll-back to an old backup from months ago you will then have to spend a lot of time catching up with your content!
Change the admin username:
By default, a lot of CMS applications use the default username of admin. Hackers know this and use the combination of this predictable username with random passwords when trying to break into your site. You should always set up a unique admin user name.
Use a secure password:
We know that many people don’t like using strong passwords because they’re hard to remember. However, in many cases of brute force attacks on your website, making a secure password is your first line of defence.
Other steps to take:
There are many other steps you can take to keep your site secure but the above list should give you a strong starting point.
Our team also work with Appletons, the insurance specialists who provide a tailored programme including a Cyber Risk Management Solution https://www.appletonsinsurance.co.uk/