Security is one of the most important aspects of any website, yet countless online business owners ignore this fact when they are starting out. WordPress, as the most robust, most used website engine in the world, is both the platform of choice for online entrepreneurs and the platform of choice for hackers to attack. Therefore, whether you have a blog, an e-commerce store, a membership site or anything running on WordPress, you need to shield your web property against malicious intruders. In this post, let’s explore the topic of WordPress Security from a strategic standpoint for online business owners.
WORDPRESS SECURITY – THE FORGOTTEN LESSON IN ONLINE COURSES
Education is important for any project we attempt in life and building online businesses is no exception. There are good online courses that guide you through the steps of building diverse types of internet businesses. Successful online entrepreneurs are always packaging their knowledge into practical lessons so we can follow their steps.
As the platform of choice for new websites, WordPress is a recurrent topic in many of these courses. Mentors usually include a module dedicated to building a WordPress site. Though, these lessons often overlook the topic of security. Mentors teach you how to set up your hosting and domain, install WordPress, configure a theme and install some key plugins – security ones not included. It is no surprise then that many online entrepreneurs learn about security the hard way: getting their unprotected online business hacked – as it happened to me!
WHY ONLINE ENTREPRENEURS SHOULD CARE ABOUT SECURITY
The same way a malicious code infects a computer firing any sort of unwanted things: files deletion, spamming, resource draining, inferior performance, and personal data exposure; a WordPress site – YOUR BUSINESS – can get infected with malware specifically made to mess up with websites.
UNPROTECTED WEBSITES GET HACKED
A common belief among beginner website owners is that security is a nice-to-have feature but not a required one. Many people think that hackers won’t attack their small website because there are millions of other established websites to attack, so why them?
The image above is a small sample of one of my website’s access log, something that many website owners never see. This log belongs to a young website running on WordPress. Nothing special about it. It has low traffic, a few pages, low authority, almost zero backlinks. SEO tools like Ahrefs nor SEMrush have crawled the website yet. One would think that such website is pretty much invisible on the Internet. And yet, after some days online, it began to receive all sort of hacking attempts. Records in red are hacking attacks. Notice how they come from all over the world (Thailand, Russia, France) and how they are trying to inject several types of malicious code into various files. Multiply this sample by 24 hours, 365 days and you’ll get a clear idea of how real the threat is.
The Internet is a chaotic place where any unprotected website is under attack from day one of existence.
As a website owner, don’t be fooled to think that you are safe while your web property is small. Welcome to the jungle!
WHAT HAPPENS TO A HACKED WEBSITE
A hacked website can display any sort of unwanted behavior, from spamming your visitors to denying you administrator access. The consequences might include getting your site blacklisted by Google, your business interrupted, your brand’s reputation damaged and a good dosage of stress for you.
A hacked website makes you lose time and money. You can also lose content and data.
Having your website hacked is a hard place to be, especially if you are not tech-savvy. Malware has many shapes and different behaviors. In most cases, it is extremely complex for anyone to fix a hacked website. It takes time and knowledge
DIFFERENT ONLINE BUSINESS MODELS, DIFFERENT SECURITY CONCERNS
The level of security management is not the same for all online businesses alike. This is because it is not required anymore to build and maintain a custom website. Instead, many people opt for a made-for-you, hosted solution approach, in which they don’t handle many technical aspects. In this approach, you can literally generate your online business and host it inside a provider’s platform. You get a subdomain, hosting space and visual tools to set up your system very straightforwardly.
Let’s look at some examples of hosted online businesses:
- Shopify for E-Commerce Entrepreneurs. With more than 600,000 stores, Shopify is an affordable platform where entrepreneurs can quickly set up a robust e-commerce store. The platform offers website templates, payment gateway integration, monitoring tools, and much more.
- YouTube for Influencers: FREE to use, the second most used search engine in the world, sophisticated tools for content creation and monetization. YouTube has become a huge platform for business models based on affiliate marketing, advertisement, brand deals and more. Influencers can use it as a single online presence or combined with custom websites.
- WordPress.com for Bloggers. This is the hosted version of WordPress, a rich blogging platform with a lot of tools for businesses based on written content.
- Underground platforms for Affiliate Marketers. Examples of these are LaunchPad and ClickBank Builder. These are a new type of tools developed by expert internet marketers. These platforms provide advanced automation for specific business models. I called them “underground” because they are often offered as upsells inside affiliate marketing courses, so they are not widely known.
A hosted approach is very attractive because it allows your online business to be up and running in minutes without the technical hassle of a custom website, such as security, backups, performance, and hosting. However, as sweet as it sounds, you will encounter limitations when you need to add custom monetization methods and advanced branding to your system. It all depends on your needs, but in general, having a custom website allows for maximum flexibility, even when this means that you must deal with security and beyond.
STRATEGIC THINKING FOR WEBSITE OWNERS
WEBSITES ARE REAL ESTATE PROPERTIES ON THE INTERNET
Think of your website as a real estate property. Websites have an address (a domain), an age, a monetary value based on specific metrics, a market where you can buy them and sell them. Also, as real estate properties, websites have different add-ons built into them to improve their overall performance and safety, such as a security system.
Think of security as a core add-on to your web property. All websites operate in a unique, chaotic, dangerous neighborhood: the Internet. Therefore, having a good security setup is not optional for website owners who are building systems for the long-term. It is a MUST.
Security is a must-have add-on in any website.
Before unveiling your new property to the public, set up a good security system so you can sleep in peace.
THE COST OF SECURITY IN YOUR ONLINE BUSINESS
Personally, I try to avoid any recurrent cost that is not critical in my websites. For any tool or service that I need, I first confirm that I really need it; then I strive to find it for FREE; then I look to buy it through a one-time payment; and lastly, if and only if none of these are possible, I will incur in a recurrent cost.
Security is one of these critical recurrent costs because:
- Not having security is not an option, as we discussed earlier.
- FREE security plugins only offer limited protection, and we want full coverage.
- Good, paid security plugins do not offer one-time payment options, so a recurrent payment is the only way to go.
The cost of security might seem high for website owners running on tight budgets, especially because most providers bill annually. Take for example MalCare’s Security & Backup Personal plan
, which costs $149 per year, an amount that you pay in full the minute you subscribe to its service.
Security is a basic, fixed cost in your online business’s books, along with domain and hosting.
However, when you understand the strategic importance of security and how much it involves, you won’t consider such prices something expensive. Breaking it into months, it’s only around $13 a month for full protection against hacks, plus regular backups and quick expert support.
RECOMMENDED SECURITY SETUP
A proper security setup must include BACKUPS, MONITORING, ALERTING, and FIXING. Even though is certainly possible to implement these using FREE tools and manual actions, it’s not worth the effort, and the protection will never be as robust as if using an integrated security solution.
Recommended: install a security plugin and subscribe with a professional service, especially if you are not a techie.
Fortunately for website owners, several comprehensive security tools exist in the market that can handle everything for us. Watchdog security tools, like the MalCare plugin, can shield your website against any sort of attacks with a few clicks. These tools can also back up your website regularly and fix it in the case that some smart hacker gets through.
Being an online entrepreneur who owns websites, means that you need to combine skills from both the internet marketing world and the internet’s technical world. Security is not the only technical aspect that you’ll find yourself struggling with, but it is certainly one of the most challenging, time-consuming and sensitive.
- Always take security into account when starting new websites.
- Set up a good security plugin early on and subscribe with a professional service.
- See security as a strategic business component. Its cost is low compared to the cost of losing it all because of a hack.
With your online business protected, focus on the tasks that will bring you that dreamed passive income you are after! To your “secured” success!