Cybersecurity for small business websites

All too often the media shares stories of large organisations and companies that have been hacked through their website; stealing customer data and private information that can be extremely damaging both in the short term and the long run. The unfortunate truth however is that it’s not just these large-scale companies that are being targeted. Small businesses are just as likely to be targeted – we’re just far less likely to hear about it.

Recovering from a security breach is expensive and can be catastrophic for a small business without the necessary cybersecurity measures in place. Read on for some of the most basic ways you can protect your site and your business from harm.

Keep your domain information private

If a hacker has access to your name, your email address or even your mailing address, they can use this information to hack into your website or worse. The more personal information they can collect about you, the easier their job is, and you could find yourself facing a case of stalking or identity theft. Employ domain privacy to shield all your personal details from hackers and identity thieves.

Invest in an SSL certificate

Many internet users now will not trust any website without an SSL certificate in the browser bar, and we know Google relies heavily on SSL certification for a good ranking. However, this isn’t just a good investment for business – it also protects your site from hackers by encrypting all the data stored on it. All of our hosting packages come with free SSL certificates as standard!

Automatic backups

One of the most damaging ways a hacker can destroy your business is to crash your entire website or cause such problems that customers can no longer access your site.

With an automatic backup, you can work safe in the knowledge that should anything happen, you know you have everything you need to get the site up and running again quickly and easily. Ensuring that the automatic backup updates itself on a daily basis is key to being able to restore as recent a version as possible should it become necessary.

Malware scans and removals

It sounds like something out of Doctor Who, but cybercriminals are now a very real threat to small businesses that work online. With access to coding that can steal data and allow access to your site at the click of a few buttons, cybercriminals can attack a site before you even realise it’s happening. That’s why automatic malware scans are so vital.

These malware scans perform regular automated scans on your entire site; identifying and removing any potential threats to your security. By investing in one of these, you can be sure that any vulnerable areas will be identified and fixed before a hacker can exploit them.

Domain renewals

Another thing worth investing in simply because it can be done automatically, is domain renewal. After an allotted period of time, your domain will come up for renewal and if you don’t act quickly you can lose control of your business domain name. Not only is this bad for business, but it also leaves you expired domain open for exploitation and unregistered access, whereby any cybercriminal could find out yours and your customers personal data and email addresses.

This can be prevented with automatic domain renewal – an easy way to register your domain name so that when the time comes for renewal, your site will do so automatically. This can generally be managed through the billing information on your domain registration account.

Automatic updates

Staying up to date is one of the best ways to ensure fool proof security, not least because it ensures your cybersecurity is working to its newest and most effective version. Many updates that become available have been created to patch up the flaws left open in an old version, and so neglecting to update with them can mean that your site is still open to those flaws. And once a hacker gets in, it’s too late.

By setting up your WordPress and plugins to update automatically, you will be protected with the latest versions without even having to think about it.

Check your passwords

Creating a password is often a toss up between choosing something easy to remember, and choosing something that no one will ever guess – but that you might well forget. Trust us, the latter is much safer.

It’s important that not only you but anyone with access to your site uses a secure and unique password, as hackers can find a different way into the site even if your own password is super secure.

Login Forms

If your site includes a feature where customers can log in to their own accounts, you’re at risk of letting in a bot. These cyber bots are designed by hackers to try multitudes of potential login credentials until they strike gold with one that works; allowing them into your site where they can release malware to damage the business from the inside.

By adding protection layers to your login forms, this should be avoidable. Things like the reCAPTCHA tools we see all the time – where the login asks you to identify all the images with one thing in common – are good examples, as automated bots are unable to identify these. It’s also worth enabling a tool that gives customers a set amount of login attempts before they become locked out, as this annihilates the potential for trying multiple logins until one works.

These ideas are just some of the basis in cybersecurity, but they will ensure increased safety for both your business and your customers. And we think that’s an investment worth entertaining.

Back to Basics: Backup your WordPress

As a fairly new website ourselves, we know how important creating great content is. Gone are the days where every idea began as a scribble on paper, but in a world where everything is constructed directly onto a computer or other device, unfortunately technology can still let us down.

Of course, this is something we’ve all learnt the hard way. Whether it was a dissertation draft back in your university days, or a company presentation that you were finalising for the next day, we’ve all experienced that drop in your stomach when you lose a piece of work and realise that it was never backed up. The mistake that so many of us make is believing this won’t happen when we work directly on a website build, such as WordPress. After all, it’s the internet. Nothing gets completely lost on the internet, right?

Wrong. If you strip your WordPress website down to the basics, it’s really just a jumble of characters and files and hyper-sensitive codes that link it all together. Mess with one of those codes, and you could well lose everything.

Our job is to make sure that doesn’t happen – and if it does, to make sure all your content is backed up safely and securely so that in case of a disaster you can restore your site easily. Without further ado, here’s our guide to backing up your WordPress site.

Download a plugin

In the technology world, a plugin (rather confusingly) is not something you actually plug in. Rather, it is a backup system you can download onto your device which is large enough to store everything you create. Key examples include Dropbox and Backup Buddy, which both sit comfortably on your desktop and allow you to arrange all of your content into different folders and areas for your ease.

The great thing with these plugins is that setting up an automatic back up process is super easy, ensuring that even when you forget to back your work up manually, your device will do it all for you without any prompt. We suggest setting the automatic back up to update at least once a week; sending an email to your own email address with a link to the latest version of your work.

That is not to say that you shouldn’t do a manual back up regularly, especially when making significant changes to the layout or formatting of your WordPress site. You never know when something could go wrong that just deletes everything, so ensuring you have the more up-to-date version saved before making any big changes could save you a lot of time and effort in the long run.

The manual back up

Backing up your WordPress site manually is no mean feat, and we would recommend investing in the plugin before playing around with the manual back up feature – just in case.

That being said, it is perfectly possible to perform a manual back up directly in your WordPress site, by logging into your server and delving into the developer tools of the site.

Logging in can be done either through cPanel or an SFTP program. cPanel is all online, and can be accessed through your web host – once logged into your web host, navigate to the cPanel page and find your WordPress site folder in the file manager. Compress the WordPress folder into a small file (usually a zip file) and then download it for manual safe keeping.

Alternatively, you can use the SFTP program which requires downloading a file manager such as FileZilla. Once in your file manager, log in using your STFP details and download every item linked to your WordPress site. Pop it all in a zip folder for ease and save the file somewhere you can access easily anytime.

Backing up your work has never been easier – and it has also never been more necessary. Building a WordPress site takes time and your time is worth so much, that making life a little easier for yourself can only be a good thing. Now, go and back up your work immediately!