by Charles Oropallo | Mar 14, 2024 | Do-It-Yourself
You're paying for a website, but your local customers can't find you online. Sound familiar? Here's the truth: most web developers focus on making sites look pretty. They skip the local search engine optimization (SEO) tactics that actually get you found.
Local SEO isn't rocket science. It's a series of strategic moves that help your business appear when people search for services "near me." The best part? You can implement most of these yourself.
Let's dive into the strategies that actually move the needle for small businesses.
Your Google Business Profile Is Everything
Your Google Business Profile is the foundation of local visibility. It's free, takes 15 minutes to set up, and directly impacts your Google Maps rankings.
Think about your last local search. You probably clicked on one of the first three businesses in the map results. Those spots aren't random, they're earned through profile optimization.
Complete every section of your profile. Add your business hours, phone number, website, and services. Upload high-quality photos of your storefront, products, and team. Businesses with photos get 42% more direction requests than those without.
Post regular updates about promotions, events, or new services. Google treats active profiles as more relevant than dormant ones. Even a weekly post about your business makes a difference.
Enable messaging if your business can respond quickly. Enable appointment booking if applicable. These features signal to Google that your business is engaged and customer-focused.
NAP Consistency Rules Everything
NAP stands for Name, Address, Phone Number. This information must be identical everywhere your business appears online. Everywhere means your website, social media, directories, and citations.
Here's what happens when your NAP is inconsistent: Google doesn't trust your business information. Confused search engines don't rank confused businesses highly.
Create a master document with your exact business information. Use "Street" instead of "St." Use your local phone number, not a toll-free number. If your business name is "Joe's Coffee," don't call it "Joe's Coffee Shop" anywhere else.
Check your NAP across these platforms: Google Business Profile, Yelp, Facebook, Yellow Pages, Better Business Bureau, and industry directories. Fix any inconsistencies immediately.
One formatting tip that saves headaches later: always use your business address exactly as it appears on your Google Business Profile. This becomes your standard format everywhere else.
Local Keywords Are Your Best Friend
Local keywords help the right people find your business. These aren't complicated, they're simply your services plus your location.
Examples include "dentist in Portland," "pizza delivery Chicago," or "car repair near me." Research what your customers actually search for using Google's Keyword Planner or simply by typing your services into Google and seeing the autocomplete suggestions.
Create separate pages for different service areas if you serve multiple locations. A plumbing company serving three towns should have dedicated pages for each area. Each page should include local landmarks, neighborhood names, and area-specific information.
Don't stuff keywords unnaturally into your content. Write for humans first, search engines second. A sentence like "Our Chicago pizza delivery service delivers pizza in Chicago" sounds robotic and hurts more than it helps.
Instead, write naturally: "We deliver fresh pizza throughout Chicago's downtown area, including the Loop and River North neighborhoods."
Mobile Optimization Can't Be Optional
Sixty percent of local searches happen on smartphones. Google uses mobile-first indexing, meaning they primarily look at your mobile site to determine rankings.
Your website must load quickly on phones. Compress images, choose a fast hosting provider, and avoid heavy plugins that slow loading times. A three-second delay can lose 53% of mobile visitors.
Make buttons large enough for thumbs. Avoid tiny links or navigation elements that frustrate mobile users. Test your site on different devices and screen sizes.
Eliminate pop-ups that cover mobile screens. Google penalizes sites with intrusive mobile pop-ups. If you must use pop-ups, make them easy to close and ensure they don't block important content.
Check your mobile-friendliness with Google's Mobile-Friendly Test. It's free and shows exactly what needs fixing.
Customer Reviews Drive Everything
Reviews influence both customers and search rankings. Google considers review quantity, frequency, and responses when determining local rankings.
Ask satisfied customers for reviews. Don't be pushy, but don't be shy either. A simple request after completing good work often works: "If you're happy with our service, a quick Google review would really help our small business."
Respond to every review, positive and negative. Thank customers for positive reviews. Address negative reviews professionally and offer to resolve issues offline.
Here's a template for negative review responses: "Thanks for your feedback, [Name]. We apologize for your experience and would like to make this right. Please call us at [phone] so we can discuss this further."
Never ignore reviews. Silent businesses look unengaged to both customers and Google.
Local Directories Still Matter
Getting listed on local directories builds credibility and provides valuable backlinks to your website. Start with major directories like Yelp, Yellow Pages, and your local Chamber of Commerce website.
Industry-specific directories matter too. Restaurants should be on OpenTable and TripAdvisor. Contractors should be on Angie's List and Home Advisor.
Ensure your NAP information is consistent across all directories. Inconsistent listings hurt more than they help.
Don't pay for directory submissions unless you're certain they're legitimate. Many "directory submission services" are scams that list your business on low-quality sites.
On-Page SEO With Local Focus
Optimize your website content for local search by including location-based keywords naturally throughout your pages.
Your homepage should mention your primary service area early and often. Include your city or region in your title tag, meta description, and main headings.
Create location-specific content that provides value. A home improvement company could write about local building codes, weather considerations, or neighborhood characteristics.
Add your address to your website footer. Include local landmark references in your content. Mention nearby businesses, events, or community involvement.
Don't forget about image optimization. Name your photos with descriptive, location-specific filenames like "chicago-pizza-restaurant-interior.jpg" instead of "IMG_1234.jpg."
Advanced Local SEO Tactics
Geo-tag your images when uploading to your website and social media. This embeds location data that helps search engines understand your business location.
Build relationships with other local businesses for natural backlink opportunities. Sponsor local events, join community organizations, or participate in local business associations.
Create Google Posts regularly through your Google Business Profile. These mini-blog posts appear in your knowledge panel and show Google that your business is active.
Monitor your online mentions using Google Alerts. Set up alerts for your business name to catch new reviews, mentions, or potential NAP inconsistencies.
Consider local schema markup on your website. This structured data helps search engines understand your business information more clearly.
Common Mistakes That Kill Local Rankings
Buying fake reviews destroys credibility and violates Google's guidelines. Focus on earning authentic reviews through excellent service.
Using inconsistent business names across platforms confuses search engines. Stick to one version of your business name everywhere.
Ignoring negative reviews makes problems worse. Address concerns professionally and publicly to show potential customers how you handle issues.
Creating multiple Google Business Profiles for one location results in suspension. Google allows one profile per location, period.
Measuring Your Local SEO Success
Track your Google Business Profile insights to see how customers find you. Monitor calls, website clicks, and direction requests.
Use Google Search Console to see which local keywords drive traffic to your website. Focus your efforts on keywords that generate actual business.
Check your local rankings monthly for your most important keywords. Tools like BrightLocal or simply searching on different devices can show your position.
Most importantly, track actual business results. More calls, appointments, or walk-ins matter more than rankings alone.
Local SEO isn't complicated, but it requires consistency and attention to detail. Start with your Google Business Profile, fix your NAP consistency, and build from there. Your local customers are searching for your services right now( make sure they can find you.)
by Charles Oropallo | Feb 27, 2024 | Do-It-Yourself
Think your WordPress site is secure? You might be shocked to learn that 97% of WordPress security problems stem from plugin vulnerabilities alone. Even worse, hackers know exactly which mistakes you're making, and they're counting on you to keep making them.
Don't panic. Most WordPress security breaches happen because site owners unknowingly leave the digital equivalent of their front door wide open. The good news? These mistakes are completely preventable once you know what to look for.
Let's dive into the seven most dangerous security mistakes that make your WordPress site an easy target for cybercriminals.
1. Running Outdated or Inactive Plugins
Here's a scary statistic: only 30% of WordPress users have auto-updates enabled on their websites. That means 70% are sitting ducks for hackers who specifically target outdated plugins.
How Hackers Exploit This: Cybercriminals use automated scanning tools that crawl the web looking for sites running vulnerable plugin versions. When they find one, they already have the exploit code ready to go. It's like leaving your house key under the doormat with a sign pointing to it.
Take the 2023 vulnerabilities in WP Fastest Cache and Essential Add-ons for Elementor. Thousands of websites running outdated versions became instant targets. Hackers didn't need to be clever, they just needed to find sites that hadn't updated.
The Fix: Enable automatic updates for plugins whenever possible. If you prefer manual control, check for updates weekly. More importantly, delete any plugins you're not actively using. Inactive plugins are still attack vectors that hackers love to exploit.
2. Using Weak Passwords and Skipping Two-Factor Authentication
Here's a reality check: 41% of WordPress users don't use strong passwords or two-factor authentication (2FA). If your admin password is "password123" or your business name plus the year, you're basically sending hackers an invitation.
How Hackers Exploit This: Brute force attacks are the digital equivalent of trying every key until one opens the lock. Hackers use bots that attempt thousands of login combinations per minute. Since WordPress allows unlimited login attempts by default, these bots can run 24/7 until they crack your password.
Once they're in, they own your site. Customer data, financial information, email addresses, everything becomes theirs to sell or exploit.
The Fix: Use passwords that are at least 12 characters long with a mix of letters, numbers, and symbols. Better yet, use a password manager to generate unique passwords for every account. Enable 2FA immediately, Google's research shows it stops 100% of automated bot attacks.
3. Installing Plugins and Themes from Sketchy Sources
Free premium themes and plugins sound tempting, right? Those "nulled" versions of expensive plugins seem like a steal. Here's the truth: if something seems too good to be true, it probably contains malware.
How Hackers Exploit This: Malicious developers embed backdoors directly into these "free" premium plugins. The moment you install them, hackers have a secret entrance to your site. Some plugin viruses are designed to automatically infect every other plugin and theme on your installation, spreading like wildfire through your entire WordPress setup.
These backdoors often go undetected for months, giving hackers plenty of time to steal data, inject spam links, or use your server for cryptocurrency mining.
The Fix: Stick to plugins and themes from WordPress.org, reputable commercial developers, or well-established marketplaces. Yes, you might pay more upfront, but it's infinitely cheaper than dealing with a hacked website.
4. Ignoring File Permissions
File permissions might sound technical, but they're basically your site's security guard. When configured incorrectly, they're like having a security guard who lets anyone walk into your building.
How Hackers Exploit This: Loose file permissions allow attackers to access sensitive files they shouldn't see. Once they have limited access, they can often escalate their privileges and gain control of critical system files. It's like giving someone permission to use your bathroom, and they end up with keys to your entire house.
With proper access, hackers can modify your site's code, steal database information, or install persistent backdoors that survive even when you clean up other security issues.
The Fix: Follow the principle of least privilege. Files should be set to 644 permissions, directories to 755. Your wp-config.php file should be 600. If these numbers look like gibberish, ask your hosting provider to audit your file permissions.
5. Procrastinating on WordPress Updates
Those update notifications aren't suggestions: they're security bulletins. Every WordPress update includes patches for newly discovered vulnerabilities. When you ignore them, you're essentially leaving known security holes open for hackers to exploit.
How Hackers Exploit This: WordPress developers openly publish what each security update fixes. This creates a roadmap for hackers who can easily identify which sites haven't updated and target the specific vulnerabilities that remain unpatched.
It's like fixing a broken lock on your front door but announcing to the neighborhood exactly when the repair will happen. Unpatched sites become obvious targets.
The Fix: Update WordPress core, plugins, and themes as soon as updates become available. Schedule a weekly maintenance window to check for and install updates. Most hosting providers offer staging environments where you can test updates before applying them to your live site.
6. Skipping Backups and Security Monitoring
Not having backups is like driving without insurance: you'll only realize how crucial it is when disaster strikes. Similarly, running a WordPress site without security monitoring is like closing your eyes and hoping nothing bad happens.
How Hackers Exploit This: Without backups, when (not if) your site gets compromised, you have no clean version to restore. Hackers know this, which is why some attacks are designed to corrupt or encrypt your existing files, leaving you with no recovery options.
Without security monitoring, attacks can run undetected for weeks or months. During this time, hackers can steal customer data, inject malicious code, or use your site to attack other websites.
The Fix: Set up automated daily backups stored off-site (not on the same server as your website). Install a security plugin that monitors file changes, login attempts, and suspicious activity. For critical business sites, consider our email security services that include comprehensive monitoring.
7. Installing Software from Unknown Repositories
This mistake often flies under the radar but can be the most dangerous. Installing plugins or themes from forums, random websites, or commercial repositories outside the WordPress ecosystem introduces unknown code into your installation.
How Hackers Exploit This: Unlike WordPress.org plugins that undergo community scrutiny, third-party sources may lack any security review process. These repositories are often intentionally compromised or simply don't have the resources to properly vet code.
Hackers exploit this by creating legitimate-looking plugins or themes that contain hidden malware. Once installed, these give attackers automatic access to your site without needing to break in through other methods.
The Fix: Stick to WordPress.org for free plugins and themes. For premium options, buy directly from the developer or established marketplaces like CodeCanyon. Never download "nulled" versions of paid plugins: they're almost always infected with malware.
Your Next Steps
WordPress security isn't rocket science, but it does require consistent attention. Start by auditing your current setup against these seven mistakes. Update everything, remove unused plugins, strengthen your passwords, and enable 2FA.
Remember, hackers are counting on you to make these mistakes. Don't give them the satisfaction. A few hours of security maintenance now can save you weeks of cleanup later: not to mention the potential loss of business and customer trust.
Need help securing your WordPress site? We specialize in helping businesses protect their digital assets without the technical headaches. Your website is too important to leave to chance.
by Charles Oropallo | Dec 17, 2023 | Do-It-Yourself
Let's be honest, you didn't start your business to become a cybersecurity expert. You've got products to sell, customers to serve, and a bottom line to protect. But here's the thing: spending hours wrestling with complicated security tutorials isn't the answer.
The good news? Website security doesn't have to eat up your entire weekend. With these seven practical hacks, you can lock down your site without needing a computer science degree. These aren't theoretical tips, they're battle-tested strategies that take minutes to implement but provide months of protection.
Think of this as your security cheat sheet. No fluff, no technical jargon, just straight-forward steps that actually work.
1. Turn On Multi-Factor Authentication (MFA) Everywhere
Here's your first quick win: enable multi-factor authentication on every account that touches your business. This means requiring two forms of identification, like your password plus a code sent to your phone, before anyone can access your systems.
Why does this matter? Even if hackers crack your password, they still can't get in without that second verification step. It's like having a deadbolt and a security chain on your front door.
Set this up on your website admin panel, email accounts, social media profiles, and any business applications you use. Most platforms make this incredibly easy, usually just a toggle switch in your security settings.
Don't skip this step because it seems like a hassle. The extra 30 seconds during login is nothing compared to the weeks you'd spend recovering from a breach.
2. Get That SSL Certificate Installed (And Keep It Updated)
If your website URL doesn't start with "https://", you're broadcasting to the world that your site isn't secure. Visitors see those dreaded "Not Secure" warnings, search engines penalize your rankings, and hackers see an easy target.
An SSL certificate encrypts data between your website and visitors. It's like putting your conversation in a locked briefcase instead of shouting it across a crowded room.
Most hosting providers offer SSL certificates for free or under $20 per year. If you're not sure whether yours is installed correctly, just look at your address bar. You should see a little lock icon next to your domain name.
Pro tip: Set a calendar reminder to check your SSL certificate renewal date. An expired certificate means your site goes back to showing security warnings, not exactly the professional image you want.
3. Schedule Monthly 15-Minute Security Checkups
Here's where most business owners go wrong: they set up security once and forget about it. That's like installing smoke detectors and never checking the batteries.
Instead, block out 15 minutes each month for a quick security review. During this time, scan for suspicious login attempts, check for broken or modified pages, and verify your backups are working.
You don't need fancy tools for this. Most content management systems have built-in activity logs that show recent changes and user logins. Look for anything unusual, logins from strange locations, files you didn't create, or pages that suddenly load slowly.
Think of this as preventive maintenance for your digital storefront. Catching problems early means fixing them takes minutes instead of days.
4. Enable Automatic Updates (Yes, Really)
"But what if an update breaks my site?" This fear keeps many business owners running outdated, vulnerable software. Here's the reality: the risk of a hacker exploiting an old security hole far outweighs the small chance an update causes problems.
Software updates aren't just about new features, they're about patching security vulnerabilities that hackers actively target. Running outdated software is like leaving your keys in an unlocked car.
Enable automatic updates for your website's core software, plugins, and themes. If your platform doesn't support automatic updates, set weekly calendar reminders to install them manually.
Still worried about updates breaking things? That's what backups are for (more on that in tip #6). The peace of mind from staying current on security patches is worth the occasional minor glitch.
5. Implement a Real Password Policy
"Password123!" doesn't count as secure, no matter how many exclamation points you add. Weak passwords are like having a "Welcome" mat for hackers.
Create a simple password policy for your team: minimum 12 characters, mix of letters/numbers/symbols, and no reusing passwords across accounts. Better yet, use a password manager to generate and store complex passwords automatically.
Think about what's connected to your email accounts, your website admin panel, and your business applications. One compromised password can unlock everything. Don't make it easy for the bad guys.
If remembering complex passwords feels overwhelming, password managers like Bitwarden or LastPass do the heavy lifting. They generate random passwords and fill them in automatically, security made simple.
6. Set Up Automatic Backups and Vulnerability Scanning
Imagine losing months of work because your website got hacked or your server crashed. Now imagine getting everything back with the click of a button. That's the power of automatic backups.
Configure daily backups of your entire website: files, database, everything. Store these backups off-site, not on the same server as your website. Many hosting providers include this service, or you can use plugins that backup to cloud storage.
Pair this with vulnerability scanning. Services like Sucuri or Wordfence automatically check your site for malware, outdated software, and security holes. They send email alerts when they find problems, so you can fix issues before hackers exploit them.
The goal isn't to never have problems: it's to bounce back quickly when they happen. Automatic backups and scanning give you that resilience without ongoing effort.
7. Audit Your Plugins and Third-Party Tools
Your website is only as secure as its weakest link. That forgotten plugin you installed two years ago might be full of security holes, giving hackers a backdoor into your site.
Conduct a quarterly audit of every plugin, integration, and third-party tool connected to your website. Ask yourself: "Do I actually use this? Is it from a reputable developer? When was it last updated?"
Delete anything you don't actively use. For the tools you keep, enable security notifications so you know about vulnerabilities immediately. Subscribe to security blogs or newsletters from your plugin developers.
This includes seemingly harmless additions like social media widgets, analytics tools, and contact forms. Each one represents a potential entry point. The fewer doors you have, the fewer you need to guard.
The Bottom Line: Security as a Business Habit
These seven hacks work because they create multiple layers of protection without requiring constant attention. You're not trying to become a security expert: you're building good habits that run on autopilot.
The key is treating security like any other business routine. You wouldn't skip payroll or forget to pay rent. Website security deserves the same consistent attention.
Start with multi-factor authentication and SSL certificates: these give you the biggest security boost for the least effort. Then work through the other tips over the next few weeks.
Your future self will thank you when you're running a secure, professional website instead of dealing with the aftermath of a security breach. And your customers will appreciate knowing their information is safe in your hands.
Need help implementing any of these security measures? Our team at The CharlesWorks Corner specializes in making website security simple and manageable for busy business owners. Don't let security concerns keep you up at night when practical solutions are just a click away.
by Charles Oropallo | Aug 21, 2022 | Do-It-Yourself, The CW Corner
Many costs for energy have risen in recent months. Here in the Northeast our electric bills just suffered a 110% hike. For the math challenged: that’s more than doubled!! The change was this:
- OLD RATE pre 8/1/2022: 10.669¢ per kWh (kilo or thousand watt hours)
- NEW RATE post 7/31/2022: 22.566¢ per kWh
I operate CharlesWorks from my home. So this applies to home services. We run many web servers and computers here so the electric rate increase resulted in an immense change. Saving money on electric is important to everyone.
Saving Money on Electric through Research
The biggest hassle I ran into was simply understanding my electric bill. The monthly electric bill has gotten quite complex. There are two basic parts to my electric bill:
- Supplier: This is the part of the electric bill that just increased from 10.669¢ to 22.566¢ per kWh. This is the part that we can shop around for better pricing on.
- Delivery: This is the part of the electric bill that will remain constant. This seems the most complicated because there are a number of components (8 on my bill) listed in this. The total on my bill for these delivery charges ended up at 12.21¢ per kWh. Whatever this total amount is on your bill should not change should you switch suppliers. So this cost should remain the same.
I did a lot of research on this. Hopefully this will save you the hassle of researching. Ultimately, I discovered that the process is, like many things we study, learn and practice, quite straightforward.
To switch my electric supplier there were a couple of prerequisites I needed assurance of:
- That my electric bill was actually going to go down. Sounds over-simplistic but I am cautious when it comes to ongoing expenses.
- That there were no cancellation fees should I change my mind if the power rate were to lower. I’ve not really seen that happen before – but just in case.
Moving to Direct Energy
I decided to switch to Direct Energy. After a lot of researching around and talking to several others, I found they were the best of all worlds:
- LOW RATE: Direct Energy offers the lowest kilowatt hour rate at 16.59¢ kWh which was the lowest I could find.
- NO CANCELLATION FEE: Direct Energy offers switching to a 36 month contract with no cancellation fee should I move away. Most other companies I researched imposed at least a $100 cancellation fee.
- REFERRAL FEE: Direct Energy offers a referral fee. If you refer someone else to them who signs up they will give you a $50 referral fee. You can’t go wrong there. Mine is http://www.directenergy.com/refer-a-friend/raf/D866981 and if you click on that you can get started saving like I did.
- $50 FOR SIGNUP: At the time of this article Direct Energy is offering a $50 Visa Prepaid Card for signing up using a friend’s referral – so you can get this by using my referral code.
Here is the information you will need to switch over to Direct Energy. You should have this info handy when you sign up. It is all on your current electric bill:
- ACCOUNT NUMBER: You’ll need your current electric or gas bill Account Number. On my bill it was listed on the upper left corner of the first page.
- CUSTOMER NAME KEY: You’ll need what is called the Customer name key. On my bill it is 4 letters located in the upper left corner of the second page of the electric bill.
So switching really was a no brainer in light of the worst PSNY/Eversource electric power rate increase I have ever seen.
Act Now
I can’t say how long this rate or particular deal will remain in effect. I can only encourage you to act now while the offer is happening.
Just CLICK HERE to take advantage of this offer while it lasts!
by Charles Oropallo | Jun 30, 2022 | Do-It-Yourself, Email, Internet, Passwords, Security, Website Updates, WordPress
We at CharlesWorks are often asked by our web clients if their site is protected from malware and getting hacked. They also want to know if there site IS hacked, whether there be a charge to fix it.
The totally hack-proof website
The totally hack proof website has no access to it. So it’s not connected to the Internet. No one can view it. Such a website doesn’t sound like its of much use if no one can see it.
So, let’s agree that it is unrealistic to believe that a publicly accessible website can be totally hack-proof. Any website that is accessible via the public Internet is consistently subjected to attempts to break into it. Believe it or not, that’s the norm as opposed to the anomaly.
That being said, however, there ARE things you can do to mitigate website hacks. I have to stress the word mitigate here. Mitigation is defined as the action of reducing the severity, seriousness, or painfulness of something.
Site hacks are based on odds
My goal here is to simply remind you of what you most likely already know: that we can reduce the probability – the odds – of your site being hacked. We at CharlesWorks want that probability to be so low that it hopefully it doesn’t ever happen to you.
The major hacking causes
I have been operating CharlesWorks since 1998. In my experience, there appear to be two major reasons why sites get hacked:
-
- The access credentials/passwords have been compromised.
- The software that operates them wasn’t kept up to date.
Lets take a look at each of these below.
Compromised Access Credentials
Compromised passwords and bad actors gaining access to website login credentials is the major reason we see sites hacked. Think about this in terms of your car. You could have alarms on it. But if you make a copy of your car key and give it to someone, they can do whatever they like with the car. Whether its a drive along the beach or to rob a bank, your car is theirs to use with the key you gave them. Credentials – log in and passwords – work pretty much the same way.
CharlesWorks has many clients who want to be able to do things themselves. We are strong proponents of doing it yourself when it’s feasible and convenient. This is especially true for adding posts or page materials. It also makes sense when making other changes or modifications to your site. It is, after all, YOUR website.
However, many people fall prey to phishing schemes. Directly or indirectly, they usually end up tricked into giving out their website access credentials (as well as credentials to everything else they own). This is especially true if your email account is hacked and the hackers are able to access emails containing your website’s (and other) login credentials.
This problem is exacerbated if you have shared your website’s administrative or other access with others. Think of your emails containing various authorizations or login information as a potential weak link in a chain. If you have shared that information with others you have now created more weak links. This increases the odds of a potential compromise.
One of the best ways to mitigate these situations is to change your site’s access passwords so they are different than those possibly stored in your emails. And, to hope that anyone you may have shared your website access with has done the same.
Obviously, should site access be gained in such a manner, it would be your burden to have the site restored. I’ll expound upon this a little more at the end of this article.
Out of Date Security/Software Updates
Malware and virus protection on home computers operates a little differently than the same types of protection on servers. Website servers operate in the publicly accessible Internet. This results in many more entry points for potential issues. There are a number of very standard server protections available (which we utilize here at CharlesWorks).
After bad actors getting (or guessing) your passwords, the next major reason sites get hacked surrounds unapplied security updates and other software update issues. At CharlesWorks we mitigate such issues by running anti-malware software on our servers. Also, WordPress sites hosted on our servers are kept up to date automatically via automatic updating of the WordPress core as well as automatic updating of the the website’s plugins and themes.
There are literally thousands of individual pieces of software that must work in unison to operate most websites. These are developed by many more thousands of developers around the world. Unfortunately, no company can guarantee that a website will never get hacked. They can only mitigate security compromises and hope against the worst.
Restoring your Website
Regardless of which of the two situations above may have led to your website’s issues, your website will most likely need to be restored. That’s because after a bad actor or a hack back doors into the site will most likely have been installed for the bad actors to gain access again.
Many Internet companies claim to have automatic backups. In most of those, those backups are accessible to the user in their account. If the account is hacked, how safe do you suppose that is?
Some Internet companies delete and account upon a website being hacked. In those cases I have seen many left with no website or backup as a result.
What I believe is most important regarding this topic is the manner in which our WordPress sites are backed up every day for 30 days. Our backups are made to separate servers – external to those your the site operates on. For security reasons, the site administrators do not have access to these backups. So even with a site administrator’s compromised passwords there is no access to the backups. With these backups we can usually restore an average site in about 10-30 minutes if it needs restoring. And we can go back as far back as 30 days. We would only bill our web client for the 10-30 minutes (again – for an average website) which results in only a minor charge to restore it. Note that some websites are extremely large and require much more time to restore but these are very rare).
In my experience running CharlesWorks since 1998, we’ve built and handled more than 5,000 websites. At this point in time, I do not recall the last time a website we built and totally maintained was hacked (unfortunately I recall several instances of sites maintained by others that failed to ensure the site was updated and/or had their passwords compromised).
Sites getting hacked for out of date software happens far less frequently (if at all) when security updates are kept up to date and bad actors are kept out.
I hope this helps you understand a little more about this topic.
European Union General Data Protection Regulation Compliant