Skip to main navigation Skip to main content Skip to page footer
ITF4Y.NET logo ITF4Y.NET logo

Introduction

ONCE UPON A TIME… is the start of the title of a very famous (and highly recommendable) western movie 🤠 and also the start on this post about some reflections related to one of our early attempts to build a business website using WordPress.

Back in 2016 we build our first WordPress site using an US based hosting company and started out without any deeper insights in how to secure your WordPress site.

As this setup did not provide the advantages sold, we moved the hosting to our preferred hosting partner in Denmark after a couple of years.

As a part of this transaction we installed Wordfence to secure our site based on best practise at that time.

Our business adventure did not develop as intended, so we stopped being active on the blog and turned the site in to a “passive” website.

Having some statistics from using Wordfence over some years, I decided to test another product for protection, which up to today has been an interesting experience and insight to the present threat scenarios.

I would have expected, that things would be like “business as usual” but obviously we have threat scenario, where the big players have the resources to target anyone listed in a DNS record…

Some observations after one Month of monitoring:

  • +2700 unique IP addresses has attempted to log in or find a specific (script)page, that could be used for hacking (reference to the warnings being published in various feeds related to actual threat scenarios)
  • some attempts are using information from one of our former WordPress sites at an other domain…
  • majority of IP addresses belongs to companies providing “host your own server” services
  • IP address ranges owned by specific companies indicates that there are hacked servers in their internal network

Being a small business owner you might be limited in knowledge or resources, but you need to have some awareness in securing your business website.

If you happen to use WordPress for your business website, I have these recommendations:

  • use as few plug-ins as possible
  • for any plug-in used check for security reviews/ recommendations/ latest update
  • never store your login details in the browser
  • check the logs regularly
  • use an external resource for review (and assisting with the maintenance) if you are handling it all yourself
  • if you have installed a webshop plug-in, you need someone to assist you with immediate patching/ updating when released/ advised/ etc.

Hint for the small business owner on assistance with security:

It is okay to reach out to a business providing remote IT services using an approach like this:

“I have one domain with a business website (WordPress) and XX email accounts hosted by YYYYY, 2 computers and 2 mobile devices. The Monthly budget related to IT support is 500€ per Month – what kind of service will you be able to offer me here?”

Sometimes you will be surprised what can be achieved with such an approach 🧐

Image Credits:

ThinkingDreamstime
View over the CloudPhoto by Joshua Earle on Unsplash
Don’t look backPhoto by rawpixel.com on Unsplash

Thank you for having read this article – hope you have enjoyed it and that it has given you some ideas of where to start improving your own business or individual role, when it comes to the use of IT.

Best wishes for the future.