How to Protect Your Website from Hacking and Spammers


Keeping your website as safe and secure as possible is a top concern for most business owners, but it's not always a top priority. It's easy to neglect your website or assume your team will know how to handle any security issues.

But taking some time to beef up your security means less headache, cost, and potential damages down the road. There are a few quick security things anyone can do - without needing to crack into the code of a site.

1. Use Strong Passwords

I know, I know - this is on every list for cybersecurity and it's something everyone knows they should do, but life happens. You're worried you won't remember the password if it's not your usual. You have to do a password reset on the fly and you need to just have something. Your boss wants a password everyone will know and remember.

But this is still THE most important and effective way of protecting yourself and your site against attacks.

A strong password is one that is:

  • Unique
  • A mix of characters, numbers and symbols
  • Longer than 6 characters (the longer, the better)
  • No numbers that are personal (stop using your birthdate as the required numbers in your password!)

If you're concerned about keeping track of all those passwords, you can use a password manager. This is a secure tool that you can log into and have all your passwords in one place, as well as set it to automatically log you in to the most common websites you use. 

At BizzyWeb, all of our team members use 1Password to secure both our personal passwords and our client's passwords. You can find other comparable tools out there as well, that fit in any budget.

2. Keep Everything Up to Date

Your website is a complex beast, and you're more than likely using a variety of plugins on top of your website for forms, videos, and other interactive content on your site. It's critical to ensure that your website and all plugins are kept up-to-date to avoid security issues.

If you have a WordPress site, you'll be given warnings if any of your tools have an update and are out-of-date. You'll also receive notices whenever WordPress itself has an update. But don't just wait for the notice - set a calendar reminder once every months  to verify that everything is up-to-date.

3. Stay on Top of Active Admins (and Assign Roles)

WordPress (and most other website tools) allow you to grant access to your site by giving them an admin role, which creates a unique login. Each person on your team that needs regular access to your website should have their own login. While it's tempting and easy to just have one login that everyone shares, that also opens you up to more attacks. 

Additionally, you can set specific roles based on a user's needs - maybe not everyone needs to be an admin on the site. The WordPress user roles are:

  • Subscriber - Can only read posts/pages.
  • Contributor - Can add new posts/pages and edit their posts/pages, but can't delete posts/pages.
  • Author - Can write, edit, publish and delete posts/pages they upload, but can't do the same to others' posts.
  • Editor - Can do everything an author can, but to any post/page regardless of if they wrote it or someone else did.
  • Administrator - Have all previous permissions, but can also edit the themes, add plugins, and can delete the website. They can do anything on the site.

So for example, if you have a content writer that only needs to add new blogs to your site, it might make more sense to set them as an author. The less admin accounts you have, the fewer places for hackers to get in and make sweeping changes to the site.

You also need to stay on top of current users in the site. Anytime an employee leaves the company, they need to be removed as a user from the site. This again reduces points of attack.

4. Monitor and Scan Your Site Regularly

Another way to protect your site is to constantly check it to ensure that there aren't any security breaches or points of vulnerability, and uptime monitoring (whether your site is accessible online or is down). 
You might not have the time to constantly monitor your website - but the good news is that there are plenty of reputable tools out there that will do it for you. 
If you have a WordPress site, you can find a host of plugins that will handle this process automatically for you. Just be sure to only ever install anything from a trusted source, read reviews carefully, and check in with your IT team or host before installing any plugins.
Which brings us to...

5. Invest in an Active Website Host

If your site is online, you have a website host. But you might not have an active host. An active host is one that will handle all security measures on your behalf, so you never need to manually check and update your site. 

While you technically can do it on your own, unless that's a majority of your job responsibilities you likely won't be able to stay on top of every update. Updating your website isn't just installing new WordPress updates - it's also updating every plugin, making sure a WordPress update doesn't break a plugin, making sure other plugin updates don't break all plugin updates, etc.

Additionally, DDoS attacks are designed to exploit these manual processes, which means that even if your website doesn't go down during a widespread DDoS attack, you still need to keep tabs on them because if other websites are going down because of a plugin or update, you'll have to remove it from your website or beef up security.

BizzyWeb is a Minneapolis-based digital marketing and web design agency that helps companies get the high-quality leads they need to grow and thrive. Our tactics include inbound marketing, SEO, advertising, web design, content creation and sales automation. We are an accredited HubSpot Platinum Partner and we offer full-service HubSpot onboarding, enablement and strategy for new and current users.

Dave Meyer
Author: Dave Meyer
Dave Meyer is President of BizzyWeb. Dave has more than 20 years of experience in marketing and communications and has presented digital marketing topics to thousands of people across the US and Canada.