Navy Blue Nature Photo Collage Men Travel Twitter Post

7 steps to help secure your WordPress Website from a CyberAttack

With more and more businesses taking their trade online, especially due to the change in consumer behaviour due to COVID-19, we have noticed a sharp rise in these business websites facing cyber-attacks.

Many small business owners are embracing the power and flexibility of website content management systems (CMS) such as WordPress. These systems, despite being amazing at getting your business noticed, face the constant threat of a cyberattack.

This article covers the most common issues and fixes for WordPress sites but you will find that many of these issues also apply to other content management systems.

But my business is too small to be targetted!

You can’t have the “it won’t happen to me” mentality. Many site owners think hackers have bigger fish to fry and don’t have any reason to target their website. That’s simply not the case. 

It is an unfortunate reality that 43% of all cyberattacks target small businesses. This is in part because many small business owners are often busy and strapped for time, cybersecurity might not be a top priority.

localstore - LAUNCHPAD Accounting

Cyberattacks and your website

Many cyberattacks are opportunistic, with hackers spotting vulnerabilities in a website and exploiting them. These attacks may involve finding flaws in the code of a website or plugin, that allows them to insert their code and bypass security or authentication processes. It could also mean they install ‘malware’ – a type of software which is specifically designed to damage a system – via a vulnerable third-party site.

An attack that knocks your website offline can cost your business anywhere from thousands to millions of pounds in remediation, lawsuits from customers and fines by regulators. 

Quick Fact About WordPress:

WordPress is used by over 35% of all websites worldwide and also registered as having the highest number of vulnerabilities. About 98% of WordPress vulnerabilities are related to plugins.

Some common website attack types:


  • Brute force attacks – Bots (automated hacking software) attack your site looking for weaknesses. This means that a snippet of code tries to access your site’s login screen and gain access to the CMS. The bot automatically tries to log in to your site by trying infinite variations.
  • Code injection – Hackers can “inject” your website database with malicious code. This attack can happen in many ways but commonly when hosting/server details are compromised.
  • Spam attacks – By far the most common attacks; the general purpose of these attacks is to slow your site down by overwhelming the database with 1000s of spam comments.

What steps do you, as a business owner, need to take next?

thinking - LAUNCHPAD Accounting

Looking after the basics

While it can be almost impossible to make a website 100% secure to the most determined hacker, there are some simple steps that as a WordPress site owner, you should be putting into place:

Make sure you have chosen a reputable hosting company

There is an extensive list of hosting companies on the web so when choosing a new host or reviewing your current provider, view the companies online reviews. 

These reviews will show you how different companies compare in terms of overall hosting quality and also individual aspects of their hosting setups, like security, reliability, speed, etc.

HTTPS not HTTP – Use an SSL certificate on your site

This one should be straightforward – if you have a website you should be using an SSL certificate and…if you are running an online shop or taking payments you absolutely must have an SSL certificate!

Most hosting companies can offer basic SSL certificates as part of the hosting package, however, you also have the opportunity to purchase one separately if you need to.

Why do you need an SSL certificate for your site?

A website needs an SSL certificate to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and gain user trust.

When you visit a website that’s encrypted with SSL, your customers browser will form a connection with the webserver, look at the SSL certificate, then bind the browser and the server. This binding connection is secure to ensure no one besides the customer and the website can see or access what information.

Make sure you are using the up-to-date WordPress version and all plugins

After speaking to clients who have experienced cyberattacks, the one thing in common is that they are not regularly updating their plugins or CMS. WordPress has simple tools to help make updating aspects of the website simple and straightforward. Just make sure that before you do a big update to…

Make regular backups

Some hosting companies, such as SiteGround, offer automated backups of your site. These backups can be lifelines for those business owners who face an attack which knocks their site offline. A quick tip for those with more active sites is to keep a regular plan of when you back up. If you have to roll-back to an old backup from months ago you will then have to spend a lot of time catching up with your content!

Change the admin username

By default, a lot of CMS applications use the default username of admin. Hackers know this and use the combination of this predictable username with random passwords when trying to break into your site. You should always set up a unique admin user name.

Use a secure password

We know that many businesses don’t like using strong passwords because they’re hard to remember. However, in many cases of brute force attacks on your website, making a secure password is your first line of defence.

QUICK TIP: You can use an online password generator such as to help make a secure password quickly and easily.


Other steps to take

There are many other steps you can take to keep your site secure but the above list should give you a strong starting point. If you have questions or find yourself in a midst of a cyberattack on your WordPress site and need guidance then speak to us.

Business Strategy

Digital marketing on a budget

During Xero On Air, we aired Top tips: Digital marketing on a budget, exploring the power of using digital marketing to promote your business. Together, with TRIBE, Google and Mailchimp, our experts explain how marketing your business just got a whole lot easier.

The internet is a busy place and with the rise of digital devices, people are looking online to buy and research services and products. The good news is, there has never been a better time to consider promoting your small business online. This is why learning the basics of digital marketing is a savvy move for any small business owner. 

You may be wondering why digital marketing is important for your small business. There are currently over 4.33 billion active internet users worldwide and to reach them, you’ll need to be able to connect with them online.

What is digital marketing? 

Digital marketing is the activity that goes into promoting your small business on the internet. 

By promoting your small business online (whether by paying for advertising or sharing videos, images or written content) you can reach and connect with your customers using digital devices. 

Digital channels like search engines, social media, email, and other websites, provide the digital platforms where you can promote your business and connect with current and prospective customers.

Why do I need digital marketing?

If you’re promoting your business online, you’re likely to be spending your hard earned money on digital marketing. Unlike traditional marketing, you can get lots of valuable insight about what your customers are interacting with through their digital behaviour. For example, if you run a digital ad, you’ll be able to see how many people clicked on it and then visited your website to buy a product, or request a service. Understanding the basics will help you make the most of your marketing dollars, while helping you to grow your business over time.

So how do you get started? It can feel overwhelming if you’re just learning about what digital marketing is. Here’s our top tips for how you can get up to speed on the basics – and fast.

Know who you are and what you care about

Marketing your business online means going back to your core business strategy. Understanding the basics needs that your business fulfils for the customer is the best way to set yourself up for success:

  • Who is your audience?
  • What do you do/sell that fulfils their needs?
  • How do you do this differently to your competitors?
  • What are your best performing products and/or services?

Next, consider what your goal is for your digital marketing. What are you trying to achieve by marketing your business online?

  • Do you want to reach new markets?
  • Do you want to test or promote new products?
  • Are you trying to adapt in a changing environment?

Whatever your reasons may be, the key to great marketing is being clear on your business value, who you’re trying to reach (your key audience) and what success looks like to you.

Right message, right place, right time

Right message

Knowing how to communicate the value of your products and services is key to promoting your small business online. This means you’ll need to think about how to describe them in a way that your customers can engage with. This can be using video content, photographs, static imagery or written content. Depending on what digital channels you end up using, you might find that a particular format works best.

Keep an eye on the performance of each of your messages to get a good idea of what resonates with your customers and what doesn’t.

Right place

Reaching the right audience online isn’t as easy as knowing who you want to speak to. There are lots of different digital channels to choose from, including deciding whether you want to pay for digital advertising or share organic content (unpaid), or both. Some of these options include:

  • Search engine optimisation (SEO)
  • Content marketing
  • Social media marketing
  • Email marketing
  • Inbound marketing
  • Sponsored content

There are positive and negatives to each of these options, and we recommend doing some research to work out what is right for you and your audience. If in doubt, always consider the key questions you considered above). Will this reach my intended customer?

As a small business, you don’t need to be on every platform or channel. Finding out where your target audience is will help you be more strategic with your budget and hopefully, get more traffic and conversions (purchases) on your website.

Digital advertising has options to target particular demographics and groups, however, some channels are better suited to particular content – for example, a florist specialising in events will do well to advertise on Instagram and to share their content via Pinterest so potential customers can ‘pin’ their flowers and click through to their website.

Right time

What’s the point of promoting your business online if no one is going to see it? You want to share your content at a time when your potential buyers are most active. For example, many people are unlikely to be browsing the internet at 4am unless they have trouble sleeping, which could be a genius time to promote an anti-anxiety product, but not perhaps best for your new range of kitchenware.

You can also make the most of your digital advertising spend by focusing on the time of year that matters most to your business. Be aware that costs of digital advertising rise around key holidays such as Black Friday (in the United States) and Christmas, so be strategic and find a time when you can shine.

Complete a website health check

Your website is important because it is the destination you’re leading all your potential customers towards. Bringing more people to your website is why you’re investing in digital marketing in the first place, so why would you invest in a bad experience?

Before you start building your digital marketing strategy, consider your website experience. Click around your website and check these off:

  • Does it contain all the relevant information (for example, product information, contact details, FAQs section and so on)?
  • Are the images high quality?
  • Can people complete their tasks (for example,  buy a product or request a service) easily and without links breaking?
  • What happens once they make a purchase/complete a request?

You want to consider the customer journey from the moment a potential customer hits your site to the moment they leave.

Sending people to your website and giving them a bad experience is like throwing your digital marketing budget down the drain.

What’s next? Learn how to promote your small business online

At Xero, we want to make life easier for small businesses, to help them learn, grow and thrive. With this in mind, we’ve put together a learning journey with free resources to help you promote and market your small business online. This includes tools and tips for optimising your website, planning your digital marketing strategy, what SEO and Google Analytics are, staying engaged with your customers, and lots more. 

Did you miss the Xero on Air episode? Register or log in here for hints and tips from some of the most well-known digital brands.

Xero On Air – our free to watch digital content series shares advice, insights and actionable tips for managing right now, to what’s next. Check out the list of episodes here: