As a small business owner/manager it’s likely that you’ve considered the idea of security for your website. It’s also likely that you haven’t acted on it. After all:
Who’d want to hack the site of my small business. There’s no information on there worth stealing
The answer is simply more people than you would think. When we hear stories about website hacking they tend to be about big companies that hold huge amounts of data on customers making them ideal targets for thieves interested in fraud and identity theft. We don’t often hear about Sam’s Corner Store having their website hacked and the consequences of this, but it does happen and it can come at a cost.
At it’s most basic a hacker can access your hosting and change or delete your site. Some hackers will replace your site with a splash page promoting the fact that your site has been hacked. In most cases it’s harmless and you can log in and change everything back without any issues.
As a WordPress user you also run the risk that someone can hack your admin account and make changes to your site, or worse your database. In addition they can leave malicious code on your site that can infect the computers of visitors to your site. This can cause longer term issues as your site starts to get blacklisted as a source of malware etc. As a worst case scenario they can login and change all of your access codes etc effectively hijacking your website.
For this reason we have recently introduced a new ongoing solution that implements a range of controls to help reduce the risk of security breaches on your site. For example our solution offers 30+ ways to protect your site with the main features being:
- Change the urls for WordPress dashboard including login, admin, and more to avoid hackers stumbling across your login page;
- Completely turn off the ability to login to your site during set periods when you know you won’t be login in i.e. during the night and over the weekend;
- Change the default WordPress database table prefix;
- Scan your site to instantly tell where vulnerabilities are and fix them in seconds;
- Prevent brute force attacks by banning hosts and users with too many invalid login attempts;
- Strengthen server security;
- Enforce strong passwords for all accounts of a configurable minimum role;
- 2 Factor Authentication;
- Turn off file editing from within WordPress admin area;
- Detect bots and other attempts to search for vulnerabilities; and
- Monitor file system for unauthorized changes.
This list isn’t exhaustive but it clearly shows some highly effective ways to protect your site. If you want to find out more about integrating enhanced security features into your WordPress site visit the Enhanced Security page on our site.