Cyber security basics for your small business website

Think your business is too small to be targeted by hackers? Think again.

Last year, 43% of all reported data breaches affected small businesses—and the costs of recovering from a breach are high enough to force many small businesses to close.

So, if you’ve recently launched your SMB website or are getting ready to launch, make sure you’ve got these 8 cybersecurity basics nailed down.

start your business with gator website builder from hostgator

1. Domain Privacy

There are so many things to love about the internet, but spammers, identity thieves, and stalkers are not among them.

You can protect yourself with a domain privacy plan that shields your name, email, mailing address, and phone number from people who look up your site in the ICANN’s Whois database. 

2. SSL Certificate

An SSL certificate is a must-have if you run an eCommerce store or collect visitor information on your site. That’s because an SSL certificate proves that any data your visitors send to your site is encrypted, so hackers can’t see it while it’s in transit. (You can read a more detailed SSL explanation here.)

SSL certificates also keep visitors from seeing a browser warning that your site may not be secure. Plus, they may also help your site rank better in search results.

3. Automatic Site Backups

If your business website site is hacked, or if an update crashes it, you need a way to get up and running again fast so you don’t miss out on customers.

Get an automatic site backup service like CodeGuard, and you can quickly restore the most recent uncorrupted version of your site if something goes wrong. Make sure that whichever service you choose runs daily backups, so you don’t have to go back to an out-of-date site version in case of a crash. 

4. Automatic Malware Scans and Removals

Thanks to cybercriminals armed with botnets and malicious code, all sites are continuously at risk for malware injections that can steal data and let criminals take over sites. This means site owners need to monitor their sites closely for attacks. And the only practical way to do this is with automatic scans.

A site-scanning tool like SiteLock gives you daily protection from new malware and botnet attacks. SiteLock also seeks out vulnerabilities on your site, so you can fix them before hackers exploit them.

5. Automatic Domain Renewals

Domain registrations don’t last forever. At some point—anywhere between one and 5 years from when you first sign up–you’ll need to renew. If you don’t, you can lose control of your business domain name, and anyone who comes along and buys up your expired domain may be able to access the email accounts on it. That could open you and your customers up to data theft and fraud.

The best way to prevent this is to enable automatic renewals, either when you register your domains or during your next renewal. You may also be able to switch to automatic renewals now by logging into your domain registration account and adjusting your billing preferences. (HostGator customers, here’s how you can renew your domain registration.)

6. Automatic WordPress, Plugin and Theme Updates

On the internet, you have to stay up to date. That includes WordPress software and the plugins, themes, and addons you choose for your SMB site. Why not stick with the old versions if they’re working for you? There are lots of reasons, but the main one is security. 

Some updates are designed to patch flaws that hackers have shown they can exploit. So, when updates are announced, you need to install them right away. But updates don’t always come out on a schedule, and if you have a large site with lots of plugins, updating manually can be a hassle that’s too easy to postpone.

The solution is to set WordPress and everything else on your site—themes, plugins, etc.—to update automatically. You can do this within most apps, or you can use a WordPress security plugin like Easy Updates Manager to handle it all for you.

7. Seriously Secure Passwords

One of the simplest ways to protect your SMB website is to use a unique, secure WordPress password that would-be hackers are unlikely to guess. Make sure that any employees or contractors who have access to your site use secure, unique passwords, too. 

You might think this goes without saying, but even in 2019, too many people are still using passwords like 123456, monkey, and blink182.

8. Site Login Protection

Login forms on your site make it easy for customers to sign into their accounts with your store or business. These forms also create potential weak spots where attackers can break in. In simple terms, a bot-powered brute force attack can try thousands of possible login credentials to try to get past a login form. If they find a way in, they can unleash malware, ransomware, or other mayhem to disrupt your business.

To keep bad actors and botnet attacks from experimenting with logins until they find a way in, add some layers of protection to your sign-in forms. 

One option is to limit the number of login attempts a user can make in one session. For example, after three failed attempts, the user is locked out of trying again until they contact your tech support team for more guidance. This lets legitimate customers get the help they need and prevents bot-powered brute force logins.

Another option is one you probably see every day. Ask visitors to prove they’re not a robot when they sign in with a reCAPTCHA tool. The Contact Form 7 plugin lets you enable reCAPTCHA, or you can install a different reCAPTCHA plugin for the forms on your site.

set up recaptcha on wordpress with contact form 7 plugin

Yes, it’s an extra step for your site visitors, but one that can keep your visitors and your business safe from bot-powered data theft.

Now that you know the cybersecurity basics, are you ready to set up your site? 

HostGator’s Managed WordPress Hosting plans come with CodeGuard, SiteLock, and SSL certificates for free and make it easy to buy domain privacy services.