Security breach attempts at small businesses have dramatically increased over the years.

According to internet live stats over 100,000 websites are hacked every day.

And over 43% of all cyber-attacks are aimed at small businesses with only 14% being prepared to defend themselves. 

The most common types of attacks on small businesses include:

  • Phishing/Social Engineering: 57%
  • Compromised/Stolen Devices: 33%
  • Credential Theft: 30%

Amidst the numerous things, small businesses have to take care of while growing their brand security might appear to be a trivial issue. But beware.

Hackers and malware are on a constant hunt for new victims.

It doesn’t matter if you’re a small business, you’re just as vulnerable as any other business online.

Luckily you can mitigate the risk of a cyber attack by putting some basic security measures in place. What’s even better is the fact most of these measures don’t require any spending money.

So you can have the assurance of a safe and secure website without spending a single dime.

Here are 9 free tips to protect your small business website from hackers:

Change WordPress login Path

We all know that websites created on WordPress have a login dashboard.

These login dashboards are by default located at the /wp-admin URL path. Example:

8 free tips to protect your small business website from hackers

But if you want to secure your WordPress login it might be a good idea to change this URL path.

Wp Cerber is a free WordPress security plugin that lets you do just that.

Install the WP Cerber plugin into your website and head over to “Wp Cerber” > “Dashboard”, and scroll down to the “Custom Login Page” section.

8 free tips to protect your small business website from hackers

1.) Now Enable the “Disable Dashboard redirection” option and specify a custom URL where you want the login page to appear.

2.) Click “Save” and your login page will start to appear on the custom URL path.

Block access to Rest API

Rest API is a technology that allows two different pieces of code (applications) to talk to each other and exchange data in a standardized way.

Right after a new version of WordPress 4.7 had been released, a critical bug was found. This bug allows unauthorized visitors to edit any post on your website through the Rest API.

WP Cerber Security allows you to restrict or completely block access to WordPress REST API.

To enable protection go to the Hardening tab and enable Block access to WordPress REST API except any of the following. This blocks access to the REST API unless you grant access to it in the settings fields below or add an IP to the White IP Access List. 

8 free tips to protect your small business website from hackers

Enable 2 factor authetication

Two-Factor Authentication or 2FA provides an additional layer of security requiring a second factor of identification beyond just a username and password. 

When enabled the 2FA method requires a user to provide an additional verification PIN code when signing into the website. This verification code is generated automatically and sent to the user by email. 

1.) In order to enable 2FA simply head over to Wp Cerber > User policies and configure different 2FA settings for each role

8 free tips to protect your small business website from hackers

2.) Within the advanced mode you can also assign conditions for enforcing two-factor authentication for a certain role. 

8 free tips to protect your small business website from hackers

Restrict User access to dashboard

WordPress employs a hierarchy of user roles within which the administrator is the most powerful.

But by default lower-level users can gain access to your WordPress dashboard.

You can use WP Cerber to restrict users such as Subscribers, Contributors, and even Editors access to the WordPress site.

1.) Head over to Wp Cerber > User Policies > Role-Based

2.) Enable “Block access to WordPress dashboard” on whichever user you want.

8 free tips to protect your small business website from hackers

This would prevent the selected user from gaining access to the backend of your website.

Block access to Wp-login.php

Wp -login.php is a set of files that stores potentially sensitive information about your website.

Unrestricted access to the file can result in breaches.

You can block access to Wp-login.php by using Wp Cerber.

1.) Firstly select “Processing wp-login.php” from the drop-down beside “Block access to wp-login.php”

8 free tips to protect your small business website from hackers

2.) Now toggle “Request wp-login.php” to on. This setting will block any request to access the wp-login.php of your site.

8 free tips to protect your small business website from hackers

Limit login attempts

The best thing any phisher can ask for — unlimited login attempts!

Wp Cerber is here for the rescue again!

Use Cerber to restrict the amount of unsuccessful login attempts anyone from a specific IP address can make.

By using this plugin, you can specify the number of retries a user is allowed to make within a certain time period.

You can also block the IP address for a specific time period in case someone exceeds the retry limit.

8 free tips to protect your small business website from hackers
  1. Firstly head over to “Limit login attempts” and select the number of retires that are allowed within a specific time period.
  2. Adjust the “Block IP address for” and “Mitigate aggressive attempts” accordingly
  3. Within the “Processing wp-login.php” select Deny authetication through wp-login.php
  4. Lastly enable toggle on the “Disable default login error” and “Disable default password message”

And you’re done!

Prevent Username discovery

8 free tips to protect your small business website from hackers

Your WordPress username can be easily discovered through your RSS or oEmbed feeds. In order to avoid this, simply head over to WP Cerber > Hardening and enable these settings:

  • Stop user enumeration
  • Prevent Username discovery [Via oEmbed]
  • Prevent Username discovery [XML Sitemaps]

Upload an SSl certificate

SSL certificates are a must when it comes to securing your website for online transactions.

It is extremely important to the point that even Google considers it to be a ranking factor.

A lack of SSL encryption can leave your website prone to malicious attacks and breaches.

Most hosting providers include an SSL certificate with plan purchases. But in case yours didn’t. Why worry?

8 free tips to protect your small business website from hackers

You can head on to, type in your website URL, and get an absolutely free SSL for 90 days.

This SSL certificate is trusted by 99.9% of the major web browsers and using them would help improve your website’s security.


Whether you are a new business owner or old. Website security should of paramount importance.

Not taking web security seriously can adversely affect your business.

Security breaches have resulted in losses worth over trillions.

So it’s best to take all the necessary precautions in case you want to avoid sustaining major losses.

Luckily you have helpful tools like SSlforfree and Wp Cerber that help secure your website without having to spend any money.

Are there any useful security tips that we have missed out on?

If so then let us know in the comment section.

Do you have any doubts?

Let us know in the comment section again.

Related articles:

Affiliate Disclosure: This article contains affiliate links, if you make a purchase through any of these links we might earn a small commission at no extra cost to you. Read full disclosure here.

Leave a Reply

Your email address will not be published. Required fields are marked *