Phone 0488 406 050
Tropical Coast Web Design

Five Security Fixes your site needs right now!

Currently, there are over 1.6 billion websites on the WWW and your business website is just one of them. “There’s safety in numbers” you might say when talking about your site’s security – “why would anyone target me?”

HackerIt’s important to know that Cyber Criminals and Spammers don’t physically trawl the web, using “bots” * instead to scour millions of sites every day. Looking for ways to hack into systems, they don’t care who you are or what your site is. If these bots find a weakness or backdoor to your site, you may be in trouble.

*specially coded programs

Benjamin Franklin wisely said “An ounce of prevention is worth a pound of cure” so here’s five site security fixes that you can implement today:

#1 – Get a Security Certificate for your site.

A security (SSL) certificate is an addition to your website server* Google that creates a secure link between a website and a visitor’s browser by confirming the site’s legitimacy.

If your site doesn’t have one, you risk being penalised by Google (and other search engines) with a drop in your search ranking. In addition, site visitors may be receiving warnings form their browsers that your site is “not secure”.

Luckily, an SSL certificate is quick to install on most web servers. Simply contact your service provider and ask for a certificate to be installed.

* the place where your site’s files live on the internet.

#2 – SPAM Controls

You would have to be living on another planet to not have been the recipient of SPAM emails. It is the bane of every single inbox on the planet. Unfortunately, there’s no sure-fire way to stop SPAM completely but there are several things you can do to reduce the risk.

  • Make sure that your online forms are all guarded by Google’s new ReCaptcha protocol. It’s invisible and it works.
  • Update all plugins on your site to their latest versions whenever new versions are released.
  • Check that your web server has effective SPAM filters at its core level.

#3 – Plugin Updates

As mentioned above, if your site uses plugins for any of its core functions, make sure that you update them whenever a new release becomes available. If your site is built on the WordPress framework, this includes the core as well.

Hackers continually look for ways into vulnerable servers and will use any weakness to break their way into your site. An out of date plugin (or WordPress version) on your site could be the weak link they are looking for.

#4 – Latest Version of PHP

PHP is a programming language used in the development of many modern website and, just like plugins, there are new versions of PHP released on a regular basis. These updates are not only for closing any security vulnerabilities but also includes adding new functionalities to the language that can then be used for new functions on your website.

As with plugins, you can easily keep your PHP version up to date (usually via your web server’s Control Panel).

#5 – Install WordFence

If you haven’t guessed by now, WordPress is my website framework of choice for developing. One of the reasons for this is the amazing range of plugins that add further functionality to the basic core of the framework.

One of these is the excellent security plugin Wordfence. Wordfence provides a range of features and options for site owners that help protect their sites from hacking. On top of this, Wordfence provides monitoring of the other components in a site and notifies, via email, when action needs to be taken.

There are two versions of Wordfence, a free version which provides basic protection as outlined above, and a premium version which includes top level protection for your site.

Wordfence is a must for any site built using WordPress.

Conclusion

Nearly all the security measures outlined here can be implemented by a regular site owner with access to their site’s “backend”. However, if you require assistance at any time bolstering the security of your website, please get in touch with Tropical Coast Web Design and we will take care it for you – hassle free.

How secure is your WordPress website?

Website SecurityIf your site has been built on the WordPress framework, you are in good company. With a calculated 25% of all websites built using this user-friendly CMS, WordPress is easily miles ahead of its competition. However, with this popularity comes an inherit danger – it is a regular target for hackers.

WordPress was born from an open-source project and remains free to everyone who wants to create a website. Open source means that the code that makes the whole system work is available on the internet with no restrictions. This factor is important in the whole WordPress “ecosystem” as it allows developers and coders to create the myriad of plugins and themes that make the CMS what is it.

Unfortunately, hackers can also look at the code and discover its weak spots, making it vulnerable to spamming and security breaches. For the small time user, this may never be a problem that presents itself. But if your site attracts the unwanted attention of a hacker, they can cause all kinds of problems for your small business website and its visitors.

To protect your site (big or small), there are some very simple measures that you can employ without the need for any programming knowledge (or outside help):

1. Update the WordPress Core.

To do this, access the Dashboard of your site. If a new (major) version of WordPress has been released, this information will be displayed on the main screen of the Dashboard with an UPDATE link. With the newer versions of WordPress, small incremental updates to are performed automatically.

2. Update the plugins that you are using with your site.

In the main menu of the Dashboard, under the Home button, an Updates options will appear when updates for your plugins are available. Click on it to access the Updates page and select the updates that you want to apply. At the same time, visit the plugins page of the Dashboard and delete any plugins that you aren’t using. Even though they aren’t being use, these deactivated plugins can still provide backdoor access to your system.

3. Use a secure password.

A brute force attack, where the login for a site is attacked with a systematic password hack, is hard to protect against but with a secure password (one that used no common words and a mix of symbols, letters, numbers), the hacker will have to work harder to penetrate your system. Also, try to limit the number of users that have access. If someone doesn’t need access and will not be updating the site, don’t give them access.

4. Install the WordFence plugin.

This free plugin has so many features that I can’t list them all here. For a very basic explanation, WordFence provides high-quality firewall and malware protection for your WordPress website and you should have it on your site. Setting this plugin up puts into place a huge roadblock to anyone or anything wanting to cause harm to your site. Get it here: https://wordpress.org/plugins/wordfence/

All the above options are accessible through the Dashboard of your WordPress site but only if you have administrator access. If you log into your site and cannot see or perform the tasks listed, contact your website developer and request an upgrade of your user access.

There is nothing worse than trying to regain control of a severely hacked website however, if it does happen to you and the above steps do not reverse the damage to a perfect state, it is not the end of the world. The server on which your site resides should be* backed up on a regular basis and can be restored by your server provider* to a previous day/week for a small charge.

As always, however, a pinch of prevention is worth a full pound of cure.

  • If your web server provider does not backup at least three times a week, then it is imperative that you find a new provider. Security of your website is paramount.
  • A server provider such as Digital Pacific, NetRegistry, WebCentral, etc provides the space where your website lives. It is generally not the same as your Internet Service Provider (ISP) that connects your business to the internet.

Unsure about how to implement the security measures above, get in touch with Tropical Coast Web Design. We can undertake a no-obligation security audit of your site and let you know how we can help. 

Five Simple Tips to help manage your Small Business Website

It was once optional for a small business to have a website. Nowadays, having an 24/7 online presence is mandatory to remain competitive in a global marketplace.

But keeping a website current and up-to-date is often hard for a small business. Your employees often have little “spare” time for tasks such as site updates and, as a result, websites can easily be forgotten – left on the “do it tomorrow” pile. Without this required attention, a stagnant site will soon start to repel potential business customers, rather than attract.

Luckily, with a little planning during the development stage (and a regular dedication of time), these problems can be easily avoided and your website can become a strong marketing hub for your small business that doesn’t drain your resources.

Five Simple Tips to help manage your Small Business WebsiteIntegrate a Content Management System (CMS) from Day One

A user-friendly Content Management System allows site owners and managers the ability to update and create new content directly on their websites. By integrating a CMS as the framework for a new website, you are instantly putting yourself into the driver’s seat to control what goes on your site and how “fresh” it stays.

Learning a CMS is not hard either. The basics of WordPress CMS can be learnt in a matter of minutes, as the editing functions are styled like that of a Word Processor. As I often say to new clients – “If you can create a document in Word, then you can update your own website!”

Use a Content Calendar (and stick to it)

A content calendar (also known as an editorial calendar) helps to plan out new content for your website or social media feed and details when it will be created. This weekly, monthly or yearly calendar should be an integral part of your business’ overall marketing strategy.

By planning content in advance, you (or whoever manages your website) can commit to producing site-worthy information that is suitable for your target audience. By putting a due date on it and ensuring that date is adhered to, working on your site becomes part of your everyday business schedule.

Automate Site Updates and Customer Interaction

If it is possible to time aside for working on your site’s content, take advantage of tools such as the content scheduling that is built into WordPress. Create five blog posts or page updates at one time then use the schedule to program the dates that you want the content to be released onto your website.

Here’s the secret: this blog post you are reading was one of five that I wrote over a recent weekend. I have set the schedule in WordPress to release one every two weeks. Blog Posts for next 10 weeks – done!

Schedule a Post

Allow an Employee to take ownership of website management

Although small businesses don’t have employees to “spare”, it would be ideal to assign the maintenance and upkeep of the website to one person – a web-savvy employ who could take care of both website and social media posts.

Giving ownership of the site to an employee (with guidance of course) ensures that the site will be monitored and “fed” new content to keep your online customers, and Google, happy.

Five Simple Tips to help manage your Small Business WebsiteGet your Web Developer to care of updates for you

If all else fails and managing your website is just not possible in-house, look to a professional. Many web development companies offer a monthly plan which includes website content updates. Caution though, if you are taking this option, compare the plan price against the everyday (hourly) rate of the company to ensure that you are getting a decent offer.

You will still to need to provide content via email but a professional will get it online, make it look pretty and ensure that it gets the right sort of attention.

As discussed in a previous blog post, an out-of-date website that is uncared for will cost you business. Prospects visiting the site will get a poor first impression and Google won’t care for your site either. With the tips above, your site remains “fresh” and acting as a positive reflection of the small business that it portrays.

Google Loves a Fast Site – Five Simple Ways to Speed Up your Small Business Site

Five Simple Ways to Speed Up your Small Business SiteAs proved by 27% of all websites on the internet, the WordPress CMS is an amazing framework to build upon when creating any site. Not only is it simple to use and update, WordPress has a huge community of developers around it, consistently creating new plugins for use in the CMS. The base framework of WordPress itself is so popular, it is estimated to be used by over 70 million websites worldwide!

It’s so simple to use WordPress to add fresh content, plugins and imagery that sites can easily get slowed down by the shear workload. Today’s internet-savvy visitors expect a site to load its content in under five seconds – any longer, and they will start leaving in droves.
Luckily there are five simple actions that you (or your web developer) can put into place to ensure that your site speed is up there with the best.

#1 Optimise all Images

All website owners and operators need to ensure that images have been optimised before they are uploaded to a website. This means that PNG files should be run through an optimizer like TinyPNG to reduce them and JPG images files must be reduced to at most 80% quality. There’s plenty of free editors that can help with this optimisation including the very capable Irfanview.

#2 Minimise Website Code

Most websites are made of complex programming code, generating everything that you can see on the browser screen. This code is not usually contained in one single file, meaning that your site is “pulling” information from several places as it loads, slowly down the load time.
Adding a plugin to your site such as JCH Optimize helps to automatically compress and tidy up some of the code (specifically CSS, JavaScript and HTML) into one file on the server. This singular file is then accessed by your site visitors, effectively speeding up the load time on their browsers.

#3 Reduce call-outs to external sites

Whilst grabbing web fonts from Google and displaying Social Media on your site may be appealing and give you loads of instant content, they are responsible for a majority of site drag. When accessing information from external sites, your poor website not only has to load itself but it also needs to load content from these other sites.

To prevent this, use common fonts or fonts that can be stored on your own server and minimise your Social Media display – at least on the home page.

#4 Optimise your site’s database

Over time, site updates and usage takes a toll on the database which stores all the information for your site. Keep this data inline and optimised with the WP-Optimize plugin – it will automatically tidy the stored information on a set schedule and keep the background of your site neat and tidy for quick access.

#5 Use Online Tools to determine blockages

If you have tried all the tips above and still need to squeeze out a few seconds of load time, head over to GTMetrix and type in your website address. This online tool analyses your site speed using Google PageSpeed and provides a concise list of how your site is performing and where improvements can be made. Some areas may be too technical and need the assistance of a web developer however quite a few can be “fixed” by a novice user with a few spare minutes.

Conclusion

It’s important to note that not only is site speed essential to your visitors, it’s also important to your Google ranking too. Page speed is an important part of the Google Algorithm – slow loading sites will be penalised with low ranking in search results.

Need help getting your site “Up to Speed”? Rusty Mango Design are specialists in developing WordPress sites and we can tweak your small business site until it is purring like a kitten. Send us an email today and we’ll check it out on GTMetrix for you (free-of-charge) and we’ll let you know exactly what we can do to help!

Tropical Coast Web Design