“We have detected malicious code on your website, and we have reset your site.”
That’s the horrifying message I received recently. At first, I thought it was a scam. You know, click this link, and we’ll take all of your money and possession of your site. Unless I completely trust an email, I don’t click on the links. Instead, I attempted to open my site directly from my browser. Sure enough, my website was gone.
As a business consultant and advisor, I work with aspiring entrepreneurs and transitioning professionals to transform their passion and purpose into P.R.O.F.I.T. by running their business like a B.O.S.S.
Given the ease of use and low barriers to entry to create a website now, solopreneurs aren’t engaging the services of a web designer and manager off the bat. And that can lead to costly mistakes (lessons) that don’t have to happen.
#1 Invest In An Anti-Spam Service
WordPress has been my platform of choice for almost ten years. While nearly a third of websites use WordPress, it can be tricky. One of the situations I experience a lot is spam. Though spam happens on all platforms, I felt that WordPress was uniquely susceptible to large amounts of it. A spam blocker will identify potential spam and keep it out of your comments and inbox.
I use Jetpack because of its ease of use and full integration with WordPress. But there are plenty of fantastic tools that will cost you between $9 to $20 a month. As a small shop, start with a basic package depending on what you’re trying to accomplish. Many offer multiple services in addition to anti-spam.
#2 Keep Sofware And Plugins Up-To-Date
No matter what platform you use, it will come with plugins or integrations to improve efficiency or expand functionality. Similar to your computer and mobile device, you must keep the software updated. For one thing, it ensures you always have the latest features or bug fixes. But more importantly, the updates may contain security improvements to address a vulnerability. Hackers are a dedicated bunch. They have likely already started exploiting those vulnerabilities to their advantage. Also, be sure you trust the source before uploading new plugins or activating new integrations.
If you’re a WordPress user, you can set your plugins to update automatically. However, if you’re like me, you prefer to check that plugins are compatible with WordPress’ current version before initiating the update. I designate a day of the week to review updates and implement them.
#3 Scan For Threats
Websites have become easier to create, and potentially easier to hack. While you may vet every piece of software you allow on your site, that doesn’t mean there’s no threat. Invest in a software program that will scan potential risks, alert you, and possibly repair them.
Don’t rely on your site host to take care of this for you. If scanning is included in your hosting fee, it may only be at a basic level. Invest a few more dollars a year to upgrade to a service that covers up-to-the-minute threats. And don’t allow users to upload files to your site. If you must allow this, invest in the highest security level that scans every attachment. Or have the file uploaded to a third-party file management system.
For my laptop, I use a service that’s connected to a cloud. Every day my computer checks the cloud for new risks to catch during the next scan. The cloud updates throughout the day, so my protection is consistent.
#4 Protects Against Brut Force Attacks
There are bots whose sole purpose is to attempt to log into your website and wreak havoc. At the time I’m writing this post, I have been protected against 5,717 brute force attacks. Some people have nothing better to do than to try to ruin your livelihood.
Additionally, of course, make sure your passwords are complex and not easy to guess. Change them frequently.
#5 Back Up Your Website Regularly
You may be wondering what happened with my website. Since you’re reading this, you know I recovered. Literally, I recovered a previous version of my website at the click of a button. Though I had to wait a few hours for the site to repopulate, I didn’t have to start over.
There are different levels of back up services. I use CodeGuard through my host, Bluehost. It’s also included in my Jetpack service. But I chose CodeGuard because it’s integrated with my host rather than my website platform.
I. Back. Up. Daily.
These are some very inexpensive and basic solutions to protect your website. Your website is an investment of your time and money. Even if it’s only a page or two, invest in securing it. As your business grows, you can outsource website maintenance to a professional who will do things like protecting against XSS attacks and SQL injections.
Let me know your thoughts in the comments below and share with your community. My promise is to create content that is inspirational, informational, and implementable. If you’re craving more excellent content on how to reignite your warrior spirit and achieve your most audacious life and business goals, subscribe below and follow me at @iamnileharris on Twitter, Instagram, and Facebook.
