Web Safe: How to keep your site secure
approx 6 minute read
Website attacks are on the rise
Not just for giant brands. It’s just they hit the news. But more often it is everyday business sites. That might sound alarming, but there’s good news:
Most attacks are preventable.
We’re going to focus on WordPress websites because a) it’s the most used website platform out there and b) it’s the one we use. But many of the same principles still apply.
WordPress powers a huge part of the internet for a reason. But like anything popular, it gets attention. And the difference between a safe site and a vulnerable one is rarely luck. It is usually maintenance.
If you want a bit of wider context on what is happening right now, these two reports are useful background reading:
Forbes.com
Sucuri.net
What is actually going on?
When people hear “hackers”, they imagine someone in a dark room doing cinematic keyboard wizardry.
In reality, most attacks are far less dramatic. They are opportunistic.
Automated tools scan the web looking for known weaknesses. And the most common weaknesses are not mysterious.
They are usually:
- weak or reused passwords
- out of date plugins
- out of date themes
- unnecessary tools still installed
- too many admin logins
- missing or untested backups
In other words.
It is rarely WordPress itself.
It is the bits attached to it.
What’s the risk?
Even a small incident can create a big mess.
If your site goes down, you lose leads. You lose bookings. You lose trust.
If you run an online shop, the stakes are higher.
A short outage can mean abandoned baskets and lost revenue.
A longer one can cause order confusion, customer support chaos, and a lot of frantic checking.
Plus, cleanup is not always quick.
Depending on how the attack happened, you might also be dealing with damaged data or missing records.
Especially if backups are not reliable, or not recent, or not tested.
This is why prevention matters.
Not because you should assume the worst. But because the cost of being the easy target is real.
My site has been hacked, what should I do?
First. Breathe. Most hacked sites can be recovered.
What matters is acting quickly and methodically.
A sensible order of play looks like this:
- Take the site offline if possible or put up a maintenance page
- Remove any unknown admin users
- Change all passwords immediately. Start with WordPress admin, hosting, ftp, database, and email
- Run a malware scan
- Restore from a clean backup if you have one
- Update WordPress, themes and plugins once the site is stable
- Check your forms and ecommerce setup. Make sure orders, emails, and customer accounts are behaving normally
- Get professional help if you are unsure. A rushed diy cleanup can miss the original entry point
If your website takes payments or handles customer data, treat this as urgent.
This is also why ongoing maintenance exists. You cannot always undo lost trading time after the fact.
WordPress is safe and robust with a little TLC
WordPress is not a flimsy platform.
It is used by massive organisations and small local businesses alike.
The core software is well maintained and widely scrutinized.
That is a strength.
The risk tends to sit around it.
Themes. Plugins. Logins. Permissions. Backups.
Think of it like a shop.
The building can be solid.
But you still lock the doors and check the alarms.
A little TLC goes a long way.
What you can do right now
You do not need a technical background to tighten things up.
Most of the basics are simple and sensible.
Login basics
- use long, strong passwords
- never reuse passwords across services
- turn on two factor authentication where possible
Keep things fresh
- update WordPress, themes and plugins regularly
- remove plugins you no longer use
Reduce the impact
- limit admin accounts to only the people who need them
- ensure you have reliable backups and check they actually work
If you only do one thing this week, do this.
Check your plugins.
If anything is out of date, update it.
If anything is unused, remove it.
Old plugins are one of the most common entry points we see across the industry.
How to know if you are overdue a tidy up
A quick self check:
do you know how many plugins your site has installed
- when did you last update them
- are you using two factor login
- do former staff or suppliers still have admin access
- if your site went down today, could you restore it quickly
If any of those answers feel a bit wobbly, that is normal.
Websites are busy little machines.
They need routine attention.
Where care plans fit in
Security is not a one time job.
It is small, consistent maintenance.
This is where a Nettl Care Plan makes life easier.
It is a bit like breakdown cover.
When everything is running smoothly, you barely think about it.
But when something goes wrong, you want help fast.
The difference is this.
You can buy breakdown cover while you are stuck at the roadside.
With website security, signing up after an incident is often too late to avoid the damage.
Care Plans are preventative, not curative.
They help reduce the chances of an attack by keeping everything updated and monitored. And they give you confidence that backups and recovery support are already in place if something goes wrong. If you would rather not spend your Friday afternoons playing update roulette, this is the simple route.
Find out more here: www.nettl.com/us/care-plans
Already on a care plan?
Give yourself a high five.
You are already protecting your website and business from unscrupulous behaviour.
Final thoughts
- WordPress is safe.
- It is reliable.
- And it is a brilliant platform for growing businesses.
- Just give it the TLC it deserves.
- Do the basics well.
- Keep your plugins updated.
- Lock down your logins.
- Make sure backups are solid.
- And if you want the peace of mind of having it handled for you, we are here.
The small print
Care Plans are only available on websites hosted by Nettl.
If you would like to move your website to Nettl, please get in touch for a personalized quote.
If you are already hosted by Nettl, upgrading to a Care Plan is easy.
