- You have a super busy day planned.
- One that will help you level up in business.
- A day that is right off the images of your vision board.
- One that has the potential to make you some serious Cashola!
And just as the day is about to get underway, you discover your website has been hacked. Not only was it hacked but it is redirecting your website visitors to a page with images that will make a sailor blush!
- Your day has just been hijacked as well.
- That opportunity to level up your business is at risk.
- Your vision board dreams are replaced with images you want to forget.
- Instead of making money you are losing money in the time you're spending and sales you may lose.
My friend I have seen this happen, literally, and it makes for a seriously sucky day. What is even worse is that every time I have witnessed this level of website disaster, it has been completely avoidable.
That is why I am here today to talk about a topic that I know has most of you yawning, but trust me you won't be yawning if this ever happens to you!
So let's talk website security. With a few easy steps, you can protect yourself and your business. Yes, they can feel overwhelming if you aren't comfortable with technology, but I believe in you and I know you can do this especially if you are the DIY bada$$ who built her own site! And if you really don't want to do it, I am here to help you with that as well! (Click here to set up a free consult and let's chat!).
There are 3 areas I want you to focus on...
And while that may feel like a scary list, I am going to do everything I can to make it easy on you with some super simple tips. And I even have a fun playlist to entertain you while you work. (Look to the right side bar now!)
1. Password Security
I know there are fewer words that will put you to sleep faster than "password security" but it really is a big deal. In the world of cyber security it is a well known fact that hackers attack every 39 seconds, so that is why having password security in place is such a big deal.
And if that doesn't convince you, imagine the moment when you finally get grandma to checkout your website only to discover it has been hacked and redirected to a porn site. It's happened my friend, and it's not the image you want grandma to have of your website!
So let's talk password security...
Create a strong password.
Pretty simple right? Except password guidelines are changing all the time, which is why everyone has different rules. The general rules (mix of numbers and letters, using special characters, etc.) are great but really there is more to security than that.
In a recent article published by JDIT we learn complexity is not as important as length of a password now. Here are a couple of nerdy facts they shared I found interesting...
- A password of 12 characters can take at least 3 weeks to crack in a brute-force attack. 
- An 18-character password of just lower-case letters will take around 23 million years to crack! 
So with that in mind, think of a string of letters that make sense to you. Like a series of simple words you can remember when it comes to creating your website password.
You still want to avoid the common inspirations like kids names, your birthday, and the name of your business, but there are other phrases I am sure you can remember that will be tougher to crack
Something like IloveScotch&Whiskey2019!
Easy to remember because, hey, I am a whiskey girl, and it hit my lists of favs in 2019, but most don't know that. (And no, silly, that isn't my password)
Now go change your password and check that off your list of security to-do's!
Next Up... Two-Factor Authentication
Two factor authentication is another one of those boring terms, but adds in another layer of security making it difficult for hackers to get around your password. And it is as simple as a few clicks of the mouse and adding an app to your phone.
Want to know how to do it? Check out these steps based on your website platform...
If you are hosting with SiteGround, you can set up Two-Factor Authentication in the SiteGround Security Plug-in. This plug-in works with Google Authenticator and is very simple to set up.
Click here for instructions on making the most of that app.
If you are hosting with another company miniOrange plug-in is a great alternative.
Squarespace has built in Two-Factor Authentication that works with Google Authenticator.
If your web design platform isn't listed a simple Google search for "Two-Factor Authentication <<insert web design platform name here>> should give you what you need!
Change Your Log-in URL
In this tip I am talking directly to WordPress users, as this is not an option for Squarespace users, (and not as important in Squarespace.)
For my WordPress users out there the log-in URL to your website is a magnet for hackers, because sadly many WordPress users make it easy (weak passwords, out-dated plug-ins, etc.)
But you can be a smart and savvy WordPress user that makes it hard for hackers to find your login page by changing the URL of that page.
My SiteGround users can do this through the SiteGround Security plug-in.
Click here to install SiteGround Security
If you are not hosted by SiteGround you can install the Change wp-admin log-in plug-in to make the change.
2. Reliable Hosting
Hosting is one of those areas that a lot of people look for ways to go cheap and save money. That, or they go with what is familiar without shopping around.
The trouble with this is that you often fall into the trap of having a hosting company that slows down your website, is not on top of security, or who's is just not in a place to maintain website up time.
If you are a Squarespace user, feel free to skip this section as you are covered!
For my WordPress users, here is one section I want you to pay attention to, because it could very well be the switch you need to make your website function more efficiently and securely.
Here is the trouble with many of the popular website hosting companies I have run into (GoDaddy, BlueHost peeps I am talking to you specifically).
- Super slow website speeds.
- More frequent outages.
- Corrupt backups.
- Charge for SSL (BlueHost does offer this for free)
When these are the issues you are dealing with on a regular basis you are wasting a lot of time that could be spent elsewhere.
Want to hear some horror stories? Checkout my blog Be Prepared When Your Website Crashes.
The company that I use and recommend to all of my clients is SiteGround (you may have heard me mention them LOL!)
SiteGround is recommended by WordPress, focused on safety and speed, and the customer service has a 98% satisfaction rating. Having a background in Technology Customer Service I can tell you that they are close to unicorn status with that rating!
In fact SiteGround is so on top of security and safety that it addressed a Critical vulnerability with the Elementor plug-in the day the vulnerability was discovered. Their fast action protected 1000's of businesses, who probably weren't even aware they were at risk. (You can read more about that here.)
I could go on and on about SiteGround, but instead let me just give you a link so you can look into them yourself. Click here to learn more about SiteGround.
3. Website Maintenance Plan
Whew! I know this is a long winded post, but security is a passion of mine, as is sharing what I've learned. In fact, many of these "security" advice lessons I have learned the hard way over the years of dealing with crashed, hacked and slow websites.
These kind of lessons suck, and they keep you stuck behind a computer screen when you could be outside sipping whiskey out of a teacup so that is why I am sharing so much!
Which brings me to my last tip...
Having a Website Maintenance Plan in place!
A website maintenance plan is simply a plan to make sure your website is being taken care of on a regular basis so that you don't have to be as concerned with technical issues.
So for my DIYers out there here is my recommended Maintenance plan. And if you have a website designer taking care of you, make sure you understand what that care entails, and that these make the list!
Weekly Security Updates (WordPress sites)
Did you know that 61% of infected WordPress sites are out of date. As of 2021, there are about 1.3 billion total websites on the web. And more than 455 million sites are built on WordPress. With 61% of that 455,000,000 out of date, you can see why hackers are so keen to visit your site.
So put them in their place by doing your updates, every single week!
Check for broken links
If you link to other sites, you are at some point going to have broken links? Why? Because not everyone keeps their content on the web for ever. Broken links may not seem like such a big deal, but here are a few reasons they are worth looking for...
- Broken links impact your website visitors experience, which may just have them looking else where
- It impacts your websites relationship with Google, which can diminish your visibility
- It hurts your SEO efforts
And good news! There are scanners you can use for free online that check for links. Like the Broken Link Checker which you can find at https://www.brokenlinkcheck.com/.
Removing Old Users
We've all had others help us with our website from time to time, and some of those people needed access to login. And while we may be quick to give them access, we often forget to remove their access once they are done helping us.
So I recommend doing a quarterly check of users on your website and deleting anyone who is not actively supporting your website.
Not wanting to face this on your own?
I get it, and I've got your back! At the time of writing this blog I have a handful of maintenance client spots available, Here is a look at what my maintenance clients receive...
- 30-minute Live Consultation monthly
- 1 Hour Design Time
- Updates & Functionality Testing
- Special fees for additional design work
- 24/7 Uptime Monitoring
- Emergency response to website outages
Sound like something you are interested in? Click here to schedule a free consultation and let's chat.
Resources & References:
*This is an affiliate link, and while I may earn a small commission it does not impact my endorsement of SiteGround. They are a fabulous company I would recommend even if they didn't have referral benefits.