Website Security
Most businesses have a website to promote their products/services and attract new leads. Many organizations also have dedicated time and resources to updating the content (text, graphics, downloadable files) on their websites too. What’s astonishing is the lack of attention spent on the back-end security and functionality of websites on an ongoing basis. With so many professionals launching websites and forgetting the importance of the technical website maintenance, it’s no wonder so many websites get hacked. Let’s explore the causes of website hacks, the risks to small and medium businesses and the steps you can take to avert these issues with diligent website maintenance.

“The most targeted (hacks) in February (2018) were the sites hosted in the United States with 18,729 hacks in total,” according to WebARX.4

How likely is it that a website will get hacked? It’s rather likely if the website security is not maintained properly and regularly. You may be thinking that the likelihood of your website being hacked is small because your business size seems to be under the radar. Not true at all. Often, smaller organizations have implemented fewer safeguards, allowing hackers easier access to website hacks.

Research from GoDaddy’s Small Business Website Security Report1 indicates that many small businesses lack the technical knowledge of online security and the budget to bring that expertise in-house. What many of these organizations are overlooking is:

  1. The expense of retroactively fixing the damage from a hacked site can be exponential.
  2. Instead of hiring a staff person to focus on website security, organizations can outsource this role to an online security monitoring service and/or to a website maintenance business.

According to another 2017 report by Sucuri2, the compromises (on WordPress websites) which were analyzed had little, if anything, to do with the core of the (content management system) CMS application itself but more with its improper deployment, configuration and overall maintenance by the webmasters.” This strengthens the need for an  expert to not only build your website, but to regularly focus on website maintenance so that the technology updates are current. Especially with open-source platforms like WordPress, which offer an abundance of benefits, updates are constantly being released and should not be overlooked.

Cost of Fixing Hacked Sites
How hard (or how expensive) is it to fix a hacked website? Not only can the process to fix your hacked website be expensive, it can be time-consuming. Initially, you need to look for any unapproved website users since hackers often give themselves access to make changes to your site, once they’ve gained initial entry.

“In many cases, hackers leave behind other malware in addition to the original hack, and they also tend to leave backdoors in place so they can get back in after you have ‘fixed’ the site,” according to Sucuri3. With this in mind, you need to remove any hidden backdoors and any malware warnings.

Next, you need to clean your hacked website files and then clean your hacked database files. Caution is important here so that you don’t break key functions of your site. From there, you need to run your WordPress updates to ensure all technology is up-to-date. This includes updating and testing the WordPress version, plugins, themes and all extensions.

Saving back-up copies of your website periodically is also a best practice. If your site does get hacked, it sometimes is easiest to revert to the most recent version of the site before the infection and then make the needed updates. Having no back-up files means more work at a critical time. Of course, these attacks never seem to happen at a convenient time for your business either.

Are there long-term impacts of a company’s website getting hacked?
Google is constantly watching the worldwide web and has tools to detect hacked sites. Once a website has been hacked, Google can blacklist the website. According to GoDaddy, Google blacklists more than 10,000 websites every day. Being blacklisted means that your website will not show up in the search results, making it exceptionally difficult for prospects to find you online. Any Google ads linking to your hacked website will not display until the site is fixed. This means that any search engine optimization (SEO) efforts that you’ve put into place were wasted. The process to remove your website from Google’s blacklist can be daunting, especially for a small business. Further, imagine the impact on your branding when potential clients can’t find you online.

Which steps can you take to defend your website against cyber-attacks?
“A great web host such as WP Engine does more than just keep core files updated,” Israel Isassi, lead web designer at Tell Your Tale Marketing, said. “These web hosts also work with vendors such as Sucuri to prevent and address any security issues they come across.”

Additionally, your web expert can use security plugins to monitor for changed website files, block attempts to login as the “admin” user and block brute force hack attempts. At a minimum, using these tools is highly recommended. Many of these security plugins are free, too.

“For WordPress themes and plugins, it’s usually not a good idea to rely on your IT support team alone,” Isassi added. “Their expertise is usually focused on the hardware, server and desktop/laptop operating systems, and desktop/laptop software.”

Instead, web developers and designers focus on the quality of the website and tend to know every detail about the website’s inner workings. These professionals are more likely to identify a website problem related to a plugin or theme update. Again, it’s more cost effective for small business owners to outsource this website maintenance to a website development company than it is to hire on staff to do so.

While not tied specifically to preventing hacks, other key performance indicators to watch regarding your website include:

  1. Website speed reports: How quickly is your website loading? This can slow over time, delivering a poor user experience. Document load times so that you have a reference point and check against it often to ensure your site is loading quickly.
  2. Conduct regular website security scans and review improvement recommendations.
  3. Review your SEO basics While your website may have been performing optimally with SEO at its initial launch, competitors may have gained momentum in your space, which diminishes your online strength over time. Which tweaks to your SEO do you need to make? A monthly or quarterly review is ideal to stay competitive.
  4. Set up and optimize your Google My Business Adding fresh content to Google My Business (in addition to your website) can influence your organic search engine ranking as well as where your website shows up in Google’s Local Pack and Google Maps. See our three-part blog series on “Local SEO” for more details.
  5. Set up or verify Google Analytics and basic automated reports. Google Analytics is a free tool that helps to monitor and measure traffic to your website. As the adage goes, “what gets measured gets managed.” Use Google Analytics to see where improvements should be made on an ongoing basis and where your website is working well.

While WordPress remains the most popular content management system for building websites and for good reason, no platform is 100 percent hack-proof. Ongoing maintenance of your website’s back-end tools is absolutely critical for presenting a fully functioning, professional website that is armed with a defense against hackers. Remember to keep all of your website in top shape to minimize costs and headaches over the long-term.

  1. Small Business Website Security Report,” GoDaddy.
  2. Hacked Website Report 2017,” Sucuri. 2018.
  3. How to Clean a Hacked WordPress Site?,” Sucuri.
  4. February 2018 Website Hacking Statistics,” WebARX. March 9, 2018 11:03 am.

Other Resources:
Tell Your Tale Marketing blog at https://tellyourtale.com/blog/