This article is all about website security. If you own a website or are thinking of owning a website, we highly recommend reading this blog post. It may appear long, but it is important… and is why I have spent the time writing it.
What prompted me to write this (aside from the info being important)?
What prompted me is that I spotted this article this morning. It is about a fake ransomware website infection that is spooking website owners atm. View the article here.
I am 100% positive if you own a website (or thinking about getting a website) you do not want your website visitors to see a message suggesting that your website has a ransomware virus, and they have now been infected. I am also positive you don’t want your computer infected with a ransomware virus either… and then be asked to pay $6,000 (or more) to get your data back. Additionally, I am sure you don’t want your website to get hacked.
A ransomware virus is just one scenario that can happen if your website is not secure.
An alarming number of businesses in Australia (including small businesses) are finding their websites are getting hacked because:
- They didn’t know about website security [… and why should they! Business owners should not need to be IT experts]
- They were not informed about website security
- Correct website security was not set up within their website. The person or people who set it up didn’t bother about it.
- They didn’t think it could ever happen to them
This post is to help inform you about website security and how to ensure your website is and remains secure.
Quick important side-note: If you are looking at getting a new website created please HEED THIS WARNING: You get what you pay for. If you receive a cheap website quote from some 3rd party (not us), you will get a VERY cheap website that will not be a great representation of your business (and will be a waste of money). It will hurt your business, rather than help it. Poor quality design, poorly written code and lack of security results, in a website that won’t help you achieve your business goals and will get hacked. Over 50% of our current clients are businesses (people) who have paid for a cheap website and got exactly that… AND NOT been at all happy. They have then heard of us, contacted our team and had us either:
- Majorly fix up their website (at cost)… plus added security systems into it.
- Had us redesign and rebuild their website completely from scratch (so they actually have a great website, and not a poor one).
- All of them decided to also invest in our professional website security options.
Here is what just one of our clients has said:
“
“I paid some guy (who was not Jay or Green Valley Digital) to create a new website for my business. I REALLY regret doing so. This guy was difficult to work with, was really slow (I was waiting months) and didn’t show me his progress until a few days before the project was due to launch. He also didn’t mention anything to do with security. I know now that the guy was a total amateur. I even think he had a team in some country like India doing the actual work on the cheap. I wish I had vetted him more before agreeing to have him work for me. His price seemed good and that is why I hired him. I now know better than to choose a website person (or team) based on price. He didn’t even listen to my feedback or make the changes I wanted, ONCE I finally saw what he had created. The experience was terrible to say the least.
So I then jumped on Google and found Jay’s website. I contacted him urgently on a Saturday. He happily received my call. We chatted and I knew straight away I was speaking with an experienced professional. On the Monday I got the website build from the guy who created it. I then gave it to Jay. Jay gave me recommendations as to what needed to be done and fixed (including many security fixes). Jay’s quote was fair, I agreed to it and by Wednesday that week, my site was finished (including the changes I wanted) and was live on the internet. I cannot recommend Jay enough.
I really got caught out and have realised just like when buying a tool, if you buy the cheap option expect it to break or simply not serve the purpose. “Poor man pays twice” as they say. I wish I had of found Jay in the first place. Would have saved me a lot of money, avoided a lot of stress and I would have had my website online way sooner!”
– Matt (Business Owner) – Queensland
Small Businesses, (not just big businesses) are a Target!
Small business websites are a BIG target for hackers. FAR too many small business websites are not secure in Australia. Hackers know this and therefore, are an easy target. There are many reasons why Hackers want to hack small business websites. Some of the reasons are listed in this article: https://solidwp.com/blog/why-hacker-attack-my-website/
Once your website is hacked (due to lack of security) those who hack it have full control over it and can then do whatever malicious damage or harm they want – including installing viruses on your website (like a ransomware virus mentioned at the start of this article), fully deleting your website, using your website to make them money, accessing sensitive information and more.
If you think, “I’ll never get a ransomware virus”, think again! Thousands of Australian small businesses have had a ransomware attack during the last 7 years. If your computers, business network, data storage and website are not all fully secure, you are running a major risk of being infected by a ransomware virus.
Side note: ACSC has a Cyber Security survey PDF on the www.cyber.gov.au website that you might want to have a look at.
If your site is hacked:
- It can be very expensive to repair
- It can be a write-off and need to be recreated from scratch (especially if you do not have recent back-ups of it). Unlike your vehicle, your website is not comprehensively insured. Imagine having to fork out your hard-earned money to get your website re-built.
I cannot stress enough the importance of website security.
As mentioned above, you may be wondering why someone would want to hack your business site (especially if it is a small website). This article explains just some of the reasons.
Keeping your Website Secure
For our clients, we spend significant time each week and each month keeping abreast of website security (regular study), security updating websites, checking and monitoring websites… and doing security update work. We also run daily and weekly backups for all our client websites.
Good website professionals HAVE to do this so their clients have peace-of-mind. Not all website professionals out there do this though. Be aware.
The way to avoid your website being hacked:
- Seek regular Professional Website Security Maintenance
- Get your website created by experts (professionals) who can prove to you they understand and provide website security. Ask them questions about this when you first contact them and/or when they present a quote to you.
- Backing up your website regularly (or even better: get professionals to set up automated regular backups) and ensure they are stored somewhere safe. We provide this.
- Website Security Hardening activities (done by professionals)
- Never give your Admin-level website logins to anyone (even people in your own team). If they need login access to your site, get unique ‘user-level’ logins created for them.
- Store your website logins securely. We use LastPass. If someone hacks your computer (or computer network) and they upload data from your computer (most probably without you knowing), they can gain access to your logins if they are stored on your computer (and not password protected, though even that is not 100% safe)
- Install Malwarebytes and keep it up to date on ANY computer you use to login to your website (or any website)
- Use passwords that are VERY hard to guess.
- Work with a very good website professional regularly and learn additional ways that can help keep your website secure
Please don’t think a website hack can’t happen to you. Read this.
Note: 2024 certainly isn’t the time to pull-the-pin on owning a website. A good website can (and DOES) do a LOT of VERY good things for your business or organisation. It just needs to be kept secure is all… AND regularly backed up.
If you are already utilising one of our professional ‘Website Security Care Plans‘ you are in safe hands and don’t need to worry about this blog post because:
- Your website is regularly security updated
- Your website is backed up automatically at least once per week. The backup is stored on secure cloud hosting separate from your website. Please note: If you add content or blog posts daily to your site, we are actually backing up your website daily instead of weekly.
- The database your website uses is being automatically backed up daily (and is also being securely stored on separate cloud hosting)
- We monitor the security logs we receive each week (and daily).
- You receive security-related emails from us from time to time, so you can stay informed.
- Your website has a firewall setup
- Our Australian-based website hosting is secure (and has a System Administration team diligently working each and every day. We host with top-tier website hosting providers).
- We do NOT off-shore website work. Your website logins say within ONLY our team here in Australia. Read this blog post for more info about this topic.
- Your website has been security-hardened
IMPORTANT:
- If your current website was created by someone else (and not us) and you do NOT know if your website is currently being regularly (or correctly) security updated and/or if ‘website hardening’ has been done and/or if website backups are being done (at least once per week), feel free to contact us and we will check. We’ll then let you know.
Side note: If you are getting a new website created at the moment, or speaking with website creators about getting a website created, my advice is to:
- Make sure the website creator understands website security and offers regular website security maintenance and backups as a service. If they cannot show proof that they do this, be very, very careful.
- Ask them if they have off-shore workers. If they say yes (or sound like they are lying when they say ‘no’), run! NOTE: If they are or have given you a cheap website quote price, 9 times out of 10 it is because they are off-shoring the work. Here is the reason to run: They will give your website logins to off-shore workers (who will then be building your website or working on it). Off-shore workers often do not understand the issues surrounding security NOR run the correct anti-virus software to avoid your logins being ‘phished’ [ Search Google for “wordpress login phishing virus” If you want to learn more about this ]. There are also many other ways they could expose your website to an attack/ a major security breach.
There is also NO WAY for an Australian-based website person or team to check if their off-shore workers are running systems and protocols to avoid your website getting hacked, unless: A/ They actually fly to the country of the off-shore person(s) and physically check their computers regularly… or… B/ They have a highly trusted Australian team member living/working in that country (who checks everything related to ‘security’ regularly). MOST (majority) of course never do either.
Please AVOID being a statistic. A LOT of people over the last 16+ years have paid for a website, not been told about security or security maintenance, and found their website gets hacked… and then they LOSE the lot. It would not be fun to be told your website has been hacked, has no backups and needs to be re-built. The bill/ the cost would not be fun either.
Prevention is key to avoiding this.
ALL websites have to be security updated regularly (at least every 1 to 2 months… and sometimes more urgently), plus monitored regularly. If not, the risks are WAY too high.
Even big websites like Facebook have to spend significant time keeping their websites secure.
Side note: If you use “Log In With Facebook” or “Log In With Google” to log in to other online accounts/ other websites online, I suggest reading this.
Off-topic: If you are getting a lot of spam sent to your email, let me know. Chances are whoever created your website did not encrypt your email address in it (info about this is here), didn’t set up ReCaptcha or the many other things that can be set up on a website to protect your email address(es) and/or help prevent your website online forms being spammed.
You may be surprised by how many website freelancers (or agencies) skip these steps (or don’t even know about encrypting your email addresses on your website).
As mentioned above, we are getting more and more people contacting us who got their website created by someone else and were not happy with the person (or people) and/or their methods, and/or the site they created.
When helping people we are time-and-again finding many issues and shortcuts have been taken by the person (or people) who created their site. Some of these include:
- No security systems in place
- Email addresses ripe to be harvested by spam-bots. Info about this is here
- No security care plan or backups
- No website security hardening
- Poorly coded and hard for search engines to understand (referred to as: ‘non-search engine friendly code’)
- Bloated code and large images that make the website load slow
- Broken functionality (features in the website not working the way they should)
- Hosted on poor quality website hosting
If you have any questions about anything mentioned in this blog post or would like more information, contact us.
Hope you have a great day 🙂
PS. Please stay safe online.
Jay Daniells has been doing advanced Search Engine Optimisation (SEO) work for clients since 2010. He is an SEO specialist. He first started doing SEO work in 2005. He has also been creating websites full-time since 2003. Amongst things Jay is also a graphic designer, digital marketing consultant and creative person. His focus is helping businesses, community groups, clubs, charities, organisations and other entities achieve their goals. He is the owner of Green Valley Digital.