Don’t assume that because your site is small, it won’t get hacked.

I remember a simpler time when the thought of having your website hacked was not even a thought at all. You post stuff on the web, and never think about security. Your password was probably something simple, like your dog’s name. Ah, the good old days.

I think a lot about website security these days. My first client site that was hacked was back in 2007. It was a small site for a little small town clothing boutique. The client contacted me, and her response was, “But why would someone target me?”

Answer: because they can.

Don’t make the mistake of assuming that because your site is small and doesn’t get a lot of traffic, that it won’t get hacked. That little boutique is just one of many websites I’ve seen get hacked over the years, and while I now go through many hoops to increase security on my client’s websites, there’s nothing that’s 100%. I’ve seen small sites get taken down, and I’ve seen big sites get taken down. Last March, a DDoS attack (distributed denial of service) crippled thousands of websites across the world, including major websites as well as smaller ones.

It’s definitely something to be aware of and think about.

We are WordPress developers, and we love WordPress, but because WordPress powers over 20% of the web, it’s a frequent target for hackers. It’s a mistake to think that your website won’t get hacked because your site is small and doesn’t get much traffic.

You have to take some preventative measures to be sure that your site doesn’t get victimized. Here are a few first steps:

1. Strong passwords – I can’t tell you how many times someone sends me their password and it’s something like “olliejoe” or “password.” If you can remember your password, it’s not strong enough. You need strong passwords for both your WordPress site, and your web hosting account. (Try LastPass if you struggle to remember strong passwords.)
2. Premium Hosting: Certain companies, such as WP Engine, already partner with Sucuri to provide hosting solutions that are rock solid in terms of security. It’s worth paying more to have that level of protection.
3. Plugins: If you are using regular shared hosting, add an extra layer of protection with iThemes Security and Sucuri Security plugins. Don’t just install them and activate, read through the settings and max out the options. There are lots of ways to prevent people from infiltrating your site.
4. Updates: Keep WordPress updated, keep your plugins updated. Delete old and unsupported plugins. Having outdated plugins is one of the biggest vulnerabilities that hackers look to exploit.
5. Sucuri: For $100 a year, they will monitor and protect your site to keep it clean and protected. It is literally worth every penny. They also offer DDoS protection for an additional $10 a month, and until you’ve been hit with a DDoS attack, you don’t realize how bad these can be. And the worst part is, once it starts, there’s no stopping it and the only solution is to wait it out. I’ve been there and it is rough.

And, when it’s too late for protection, what do you? Call in the big dogs at Sucuri. If you’ve been hacked, contact these guys and they will solve all your problems, do it quickly, and for a great price. This is what they specialize in, and they do it and do it well.

Don’t make the mistake of assuming you are safe because your WordPress site is small and doesn’t get much traffic. It can happen to you.