Security breach attempts at small businesses have dramatically increased over the years.
And over 43% of all cyber-attacks are aimed at small businesses with only 14% being prepared to defend themselves.
The most common types of attacks on small businesses include:
- Phishing/Social Engineering: 57%
- Compromised/Stolen Devices: 33%
- Credential Theft: 30%
Amidst the numerous things, small businesses have to take care of while growing their brand security might appear to be a trivial issue. But beware.
Hackers and malware are on a constant hunt for new victims.
It doesn’t matter if you’re a small business, you’re just as vulnerable as any other business online.
Luckily you can mitigate the risk of a cyber attack by putting some basic security measures in place. What’s even better is the fact most of these measures don’t require any spending money.
So you can have the assurance of a safe and secure website without spending a single dime.
Here are 9 free tips to protect your small business website from hackers:
Change WordPress login Path
We all know that websites created on WordPress have a login dashboard.
These login dashboards are by default located at the /wp-admin URL path. Example: www.abc/wp-admin
But if you want to secure your WordPress login it might be a good idea to change this URL path.
Wp Cerber is a free WordPress security plugin that lets you do just that.
Install the WP Cerber plugin into your website and head over to “Wp Cerber” > “Dashboard”, and scroll down to the “Custom Login Page” section.
1.) Now Enable the “Disable Dashboard redirection” option and specify a custom URL where you want the login page to appear.
2.) Click “Save” and your login page will start to appear on the custom URL path.
Block access to Rest API
Rest API is a technology that allows two different pieces of code (applications) to talk to each other and exchange data in a standardized way.
Right after a new version of WordPress 4.7 had been released, a critical bug was found. This bug allows unauthorized visitors to edit any post on your website through the Rest API.
WP Cerber Security allows you to restrict or completely block access to WordPress REST API.
To enable protection go to the Hardening tab and enable Block access to WordPress REST API except any of the following. This blocks access to the REST API unless you grant access to it in the settings fields below or add an IP to the White IP Access List.
Enable 2 factor authetication
Two-Factor Authentication or 2FA provides an additional layer of security requiring a second factor of identification beyond just a username and password.
When enabled the 2FA method requires a user to provide an additional verification PIN code when signing into the website. This verification code is generated automatically and sent to the user by email.
1.) In order to enable 2FA simply head over to Wp Cerber > User policies and configure different 2FA settings for each role
2.) Within the advanced mode you can also assign conditions for enforcing two-factor authentication for a certain role.
Restrict User access to dashboard
WordPress employs a hierarchy of user roles within which the administrator is the most powerful.
But by default lower-level users can gain access to your WordPress dashboard.
You can use WP Cerber to restrict users such as Subscribers, Contributors, and even Editors access to the WordPress site.
1.) Head over to Wp Cerber > User Policies > Role-Based
2.) Enable “Block access to WordPress dashboard” on whichever user you want.
This would prevent the selected user from gaining access to the backend of your website.
Block access to Wp-login.php
Wp -login.php is a set of files that stores potentially sensitive information about your website.
Unrestricted access to the file can result in breaches.
You can block access to Wp-login.php by using Wp Cerber.
1.) Firstly select “Processing wp-login.php” from the drop-down beside “Block access to wp-login.php”
2.) Now toggle “Request wp-login.php” to on. This setting will block any request to access the wp-login.php of your site.
Limit login attempts
The best thing any phisher can ask for — unlimited login attempts!
Wp Cerber is here for the rescue again!
Use Cerber to restrict the amount of unsuccessful login attempts anyone from a specific IP address can make.
By using this plugin, you can specify the number of retries a user is allowed to make within a certain time period.
You can also block the IP address for a specific time period in case someone exceeds the retry limit.
- Firstly head over to “Limit login attempts” and select the number of retires that are allowed within a specific time period.
- Adjust the “Block IP address for” and “Mitigate aggressive attempts” accordingly
- Within the “Processing wp-login.php” select Deny authetication through wp-login.php
- Lastly enable toggle on the “Disable default login error” and “Disable default password message”
And you’re done!
Prevent Username discovery
Your WordPress username can be easily discovered through your RSS or oEmbed feeds. In order to avoid this, simply head over to WP Cerber > Hardening and enable these settings:
- Stop user enumeration
- Prevent Username discovery [Via oEmbed]
- Prevent Username discovery [XML Sitemaps]
Upload an SSl certificate
SSL certificates are a must when it comes to securing your website for online transactions.
It is extremely important to the point that even Google considers it to be a ranking factor.
A lack of SSL encryption can leave your website prone to malicious attacks and breaches.
Most hosting providers include an SSL certificate with plan purchases. But in case yours didn’t. Why worry?
You can head on to Sslforfree.com, type in your website URL, and get an absolutely free SSL for 90 days.
This SSL certificate is trusted by 99.9% of the major web browsers and using them would help improve your website’s security.
Whether you are a new business owner or old. Website security should of paramount importance.
Not taking web security seriously can adversely affect your business.
Security breaches have resulted in losses worth over trillions.
So it’s best to take all the necessary precautions in case you want to avoid sustaining major losses.
Luckily you have helpful tools like SSlforfree and Wp Cerber that help secure your website without having to spend any money.
Are there any useful security tips that we have missed out on?
If so then let us know in the comment section.
Do you have any doubts?
Let us know in the comment section again.
- 15 captioning Jobs for beginners
- 16 ways to make money on Fiverr without skills
- 20 best proofreading jobs for beginners
Affiliate Disclosure: This article contains affiliate links, if you make a purchase through any of these links we might earn a small commission at no extra cost to you. Read full disclosure here.