Cyberattacks can strike no matter how big or small your website might be. In fact, they strike more frequently than you might think, with one study showing that most websites face around 58 attacks every day, even when patched.
The kind of damage resulting from these attacks can vary, from things like financial loss, compromised databases, and stolen information to getting flagged by Google and greeting site visitors with the infamous Google warning page. As Jeffrey Vocell notes, “Up to 85% of people will not continue browsing if a site is not secure.”
Unfortunately, not every digital marketer is equipped with the knowledge and skills to fully deal with cyberattacks head-on. Still, there are a few basic problems anyone can address with minimal effort.
1. WordPress Shortcomings
A multitude of websites rely on WordPress as their content management system (CMS) of choice, yet many have no idea of the possible exploits that can give attackers access to their sites. As a staple CMS, WordPress is naturally a prime target for cyberattacks, many of which take advantage of the system’s poor standard login security.
For starters, using standard usernames or even failing to change your administrator username to anything other than “admin” puts your WordPress site at risk. The simple step of using a unique username can make it exponentially more difficult for attackers to hack your site.
Another thing you may want to tweak is your site’s login URL, as attackers know that many websmasters don’t bother to change the basic URL tag of “wp-login.php”.
After these manual adjustments, you may want to consider using a security plugin to catch other threats you may miss. There over 900 WordPress security plugins out there, but the names that usually come up include Sucuri Security, Wordfence Security, and Bulletproof Security.
2. Shared Hosting
Many webmasters of small business websites opt for shared hosting servers to save money on hosting. This, however, can put your site at the mercy of the weakest link in the collective, as attacks on one site become the vulnerability and perhaps even liability of the hundreds, sometimes thousands, of other sites it shares a host with.
This way of attack is particularly simple due to the availability of an array of tools online that make it easy to check whether a website is hosted on a shared server. Dedicated hosting, as opposed to shared hosting, is recommended for optimal security. It’ll be more expensive, but if you value your data and that of your customers’, it’s well worth the investment.
3. Google Searches
Google provides information on almost everything known to man. Unfortunately, that may also include sensitive details about your website. A simple search may reveal many things that would make your site vulnerable to attacks, including configuration files, log files, and even SQL error messages.
A search with the “site:” search prefix on the engine also allows attackers to scan a URL for things like “admin” or “login” or anything else vital but conveniently labeled.
If attackers can find this kind of information on Google, you can too. Fortunately, plugins like Yoast can help you hide these and other pages you don’t want people to access through Google Search (e.g. gated content like PDFs, audio files, client intake forms).
It’s worth noting that these are only a few basic attacks compared to numerous other attacks of greater complexity and potential for damage. Keeping your website safe is a continuous process of learning, updating, and cultivating a culture of caution among those with access to your site. For further assistance on protecting your site against cyberattacks, contact us today.