What I Learned From Being Hacked

Several years ago I was running a portal website on WordPress. I’d spent a number of years building a respected podcast network featuring about 40 podcasts, all built on WordPress. When I look back I was really pleased with what I was able to build out of WordPress and it’s plugins, but I had a big blind spot.

Wordfence one of the leaders in WordPress security software mentioned in a recent post the method that hackers use to identify a new WordPress installation and prepare it for hacking in the future. Another security provider says that more than 30,000 websites get hacked every day.

Mine was one of those sites that got hacked and they not only defaced my site, they were able to access every other site on the network. It was a devastating blow to my business and my reputation. My closest supporters were understanding but the reputation damage had already been done. People would send me emails asking “was the site really safe?” It was a question – at that point – that I could only guess an answer to. It was such a frustrating and stressful time.

This experience taught me a valuable lesson in security. Hacking often isn’t about you, it’s about the ego of the hacker. The thrill comes from being able to exploit vulnerabilities – it’s about being able to demonstrate how smart the hacker is to their friends, at your expense. Where do these security problems come from? They often come from sites that haven’t been ‘locked down’ or from code that hasn’t been updated.

Even software code written by the best programmers can have flaws which create security holes for hackers to exploit.  When you have a website built on a CMS like WordPress, you’ll see regular updates to core software and plugins. These updates don’t just deliver improved functionality, they plug vulnerabilities as well. That’s why keeping your site updated is so important.

Just like a bully, hackers go for an weak and easy target. They search for security holes that can be easily exploited. They often share information with each other about security vulnerabilities, and then write automated scripts to go out in search of people who haven’t patched the holes.

By taking simple precautions you can make your site a less attractive target for hackers.  With a strong security plugin and by keeping your site updated you can stand up to these online bullies.  It doesn’t mean that you’ll never be attacked or that hackers will not try to disrupt your site, but it will make it harder for them to achieve their goal.

Taking backups that are stored apart from your website will help you if your site is ever compromised. Being well prepared means your site won’t be disrupted for long, when a security event happens. Before you are attacked you should practice restoring your site from backup – so you know how to do it.

If you don’t feel you have the skills to secure your site, you can have peace of mind for just a few dollars each month. Asporea’s WordPress Protection Plan offers daily backups, core updates and plugin upgrades. We also offer a complementary health check to ensure that your site hasn’t been compromised. To find out more check out our WordPress Protection Plans.

Is it time to update your website?

When you’re so wrapped up in your business, it’s easy to lose sight of your website.  Over time your pages can get stale, your visitor numbers can drop and suddenly your website isn’t performing as well as it could. That’s where a website redesign can help – but how do you know if it’s time?

Here are 12 questions you can ask yourself to see whether you should be thinking about a website redesign now.

  1. Does your home page showcase the most recent and relevant information?
  2. Are there features on your website that no longer work or you no longer need?
  3. Are all your services, product descriptions and images still current?
  4. When you consider competitor sites, does yours look old?
  5. Has your website analytics experienced a drop in visitor numbers?
  6. Is the navigation intuitive to find the most important things on your site?
  7. Does your website appear correctly on mobile devices? Is it responsive?
  8. Do you know your website is missing content that would be helpful to your customers?
  9. Is there any old or outdated information that must be removed?
  10. Are your website terms of service out of date?
  11. Does your web store need to accept new methods of payment?
  12. Has it been more than a year since your last update?

If you’ve answered ‘yes’ to more than one of these questions then chances are your website needs a redesign.  Why not start a conversation with our design team about how we can modernize and refresh your website today.

“Help! My WordPress Site is Broken”

Nobody wants to hear those words, let alone speak them.

The often forgotten part about building a shiny new WordPress site is the ongoing costs. Hosting is a very straightforward cost, but what about ongoing maintenance and support. Who is going to help you when things go “belly up?”

Some people consider Maintenance and Support like an insurance policy. You only need it if you expect something bad to happen. But it’s more than that. Maintenance is about keeping your site updated. It’s a proactive eye on your website to ensure that every theme, every plugin and your WordPress core are at the current version.

Ongoing site maintenance, like the updates we’ve just mentioned are something you can definitely do yourself. If you have time, and you have the knowledge to be able to make adjustments to your theme and plugins you can definitely save money.

Will doing maintenance be a distraction from your core business?

I guess the question then becomes, how much time are going to spend fiddling with your site and settings rather than doing what you’re supposed to be doing?

I remember back to when I was doing my final college exams. Of course I was studying hard, but it was also really tempting to pick up the guitar sitting idle in the corner of my room. It was a welcome distraction from doing the study. While I had never been that good at the guitar, I learned more in my last few months of college than in the previous three years!

guitar-407114_640

I think the lesson here is that WordPress (something new and challenging) can be a distraction. It’s easy to follow the distraction instead of focusing your efforts on building great content, or marketing your product. If you are easily distracted, like me, then you really need to count the cost of website maintenance in terms of lost productivity. You can’t afford to tinker and play around the edges when sales are walking out the door. You need to spend your time more wisely.

The costs of getting something wrong can be extremely high

Your ongoing website charges are obviously your hosting, and we would recommend that this should be accompanied by a security and maintenance plan. At the minimum this will keep hackers at bay and ensure that your site is kept up to date. When comparing the cost of a maintenance plan vs. doing it yourself, it’s not just about the cost of how much a technician costs when something goes wrong. Consider the cost of lost business, or failed search engine rankings and the real possibility of Google putting an ugly “This site may be hacked” message against your search engine entry.

The cost of not taking up a maintenance plan can amount to thousands or even tens of thousands of dollars per event for small businesses, and the mopping up can sometimes take weeks or months.
Getting someone to do WordPress maintenance for you can be the better option

Small businesses starting out can start with an inexpensive hosting solution (some under $10 per month) and a maintenance plan that will give you monitoring, backups, updates and more starting from $24.95 per month. That would give you a website and the peace-of-mind that your investment is being protected so that you can spend your time on more important things.

It is worth mentioning one particular issue which arises, that may tip the scales in favour of buying a maintenance plan. Sometimes WordPress updates and themes don’t update well, resulting in a crashed site. While it doesn’t happen every time, we know from experience just how often it does happen. Without solid WordPress knowledge this can be a bit like playing a game of ‘Russian Roulette’ with your website, so be careful if you spin the barrel and decide to maintain the site yourself, and always remember to backup before you make a change.

WordPress Maintenance Plans are not expensive

Someone else can take care of WordPress for you, and this cost is pretty minimal compared to the risks we’ve already talked about. WordPress Update and Backup plans from Asporea Consulting start at $24.95/month and give you 24/7 monitoring, updates, and the ability to restore by backup on request. Great peace of mind for less than 85 cents a day!

Photo credit: David Goehring

WordPress and WHMCS integration by i-Plugins