Don’t Damage Your Reputation By Not Having A Secure Website
Hacks can be devastating for a business, so ensuring that you’re protecting your website and customers is something that cannot be left to chance.
Oops! We could not locate your form.
Hacks can be devastating for a business, so ensuring that you’re protecting your website and customers is something that cannot be left to chance.
A budget towards website security is becoming a must have for any IT or Digital Services team, and rightly so.
We’re seeing an increase in websites being hacked and reports in the news or large organisations being affected by ransomware, malware, and other types of website hacks that damage reputations as well as eat into profits.
In recent weeks whilst browsing I have come across a few sites that once you visit the website, you’re automatically redirected to an ‘Amazon’ competition page.
Only thing is, it’s not run by Amazon.
This is a common spoof hack that tricks legitimate visitors into thinking the website that they trust is providing a competition in conjunction with Amazon.
This type of hack inserts links to another website into the navigation bar of a hacked site, so for example, if you were to click the about page in the navigation, instead of being taken to that company’s about page, you are taken to a different website altogether.
This is becoming far too common.
If your website has already been compromised, then you’ll need to perform a hack cleanup. However, if you’re thinking of adding protection, the go to solution for this is usually a WordPress Security Plugin.
The most common security plugin we find installed on the websites we audit is WordFence. It provides a good level of support and the most popular option for this is free.
However, although the free option provides better support than not having any at all, there is a premium or paid version that we’d recommend budgeting for if you go down this route.
Ultimately, the paid for service gets the latest updates, where the free version can be slower at blocking the latest security exploits.
You can see the difference in the WordFence plans on their website, but ultimately $119 per year is the cost of their premium plan, nothing that will break the bank.
We have used Sucuri for several years and although they provide a free security plugin, this is not what we use as our security solution of choice.
Our team use Sucuri’s Web Application Firewall and security platform. In a nutshell, website traffic is filtered using a third party service before it even reaches your website, removing all the bad traffic and only allowing the clean traffic through.
This provides an improved service to WordFence as the security is managed off the website, not physically on the website, saving valuable website resources. We have a post you can check on on website firewalls here.
Our recommendation would be to budget accordingly to use Sucuri’s WAF and their website security platform, which is $499 per year.
At Impact we include the Sucuri firewall and security platform as part of our WordPress Support and Maintenance Plans, to ensure that our client’s websites are protected by the market leading security solution.
Our plans offer great value for money, as we are able to include numerous premium tools and features, which would be costly for an individual business to purchase.
These are probably two questions you are asking yourself.
Firstly, are you already using a firewall or a security plugin at the very least?
Running a free check using Sucuri’s sitecheck service allows you to find out whether your website has been hacked and whether it is using a firewall service.
For example, the site checked in the example below has no firewall in place, and no website monitoring. Both of which are included as part of the Sucuri website security platform.
To check to see if you’re using a security plugin, you may need to check which plugins are installed on your site if you have admin access. Look out for WordFence, Sucuri or a plugin with security in the title.
There are multiple plugins available in the WordPress plugin directory, however WordFence and Sucuri are the most commonly used.
Ensure you have some level of website security. Depending on your website and business type, there are many levels of security to choose from. Some protect at a website or server level, whereas the more rigorous options are DNS level, using proxy servers to check traffic before it ever reaches your website.
If you haven’t got any form of security protection for your website, now is the time to start exploring, even if it is one of the free versions for now.
But ensure you can get budget allowance for website security that is separate from your marketing budget, as this should be seen as an essential business need, like a business having insurance.
Hacks can be devastating for a business, so ensuring that you are protecting your website and customers is something that cannot be left to chance.
We are currently finalising a guide on protecting your WordPress website in 2023. If you want to register to receive a copy once it is published, please enter your email by clicking the banner below.
(This won’t direct you to an Amazon competition.)
That’s a wrap for Swipe & Deploy #47. Join me next week when I’ll share another insight or piece of inspiration from around the web.
Whether you are visiting a theme park, zoo or any other type of visitor attraction, there's usually some form of map that customers can download from the attraction's website, that details how they can get around on the day.
Whether you're in the 'it's ok to put up your decorations in November' camp or strongly feel that 'December is the date for Christmas decorations', your website is another place that can be decorated with festive touches. If you want to start in November, we won't judge!
For publishers and websites that rely on advertisement money to support their commercial income, browser AdBlockers, privacy specialist browsers and rejecting Cookie Consent issues can cause an absolute nightmare.