If your business’s website is hosted on WordPress, a New Jersey company has a cautionary tale for you. Frogs are Green, a nonprofit organization that focuses on educating the world about the endangerment of frogs and amphibians, recently had an incident which made them realize how vulnerable a website can be.
Frogs are Green was making significant progress, including a feature on Discovery.com, when someone hacked into the nonprofit’s site. A hacker, taking advantage of a vulnerability in the organization’s outdated version of WordPress, inserted code that had the potential to unleash a virus on anyone who visited the site. Although programmers worked hard to remove the code, it stubbornly remained, leaving Frogs are Green no choice but to completely recreate its databases.
“There was no other option but to create a new database and rebuild the website over again,” explains Frogs are Green co-founder Susan Newman. “The online store was gone and has since made a new appearance with some of the products, and the analytics went crazy. From 15,000 visitors a month and a low bounce rate of 8% the site went to 8,000 visitors a month and a bounce rate of 80%.”
The redesign means months of hard work for an organization that had worked so hard to get where it was before the hacking incident. Frogs are Green was forced to buy a new hosted space, install the latest version of WordPress, and upload the XML file from the old site. The organization transferred its image files over FTP, but all of the company’s online galleries have to be recreated.
Since Frogs are Green’s mission is education, Newman offers these tips to help prevent other small businesses from facing what her nonprofit has faced this year. Those tips include:
- Make sure you have the latest version of WordPress. The latest stable version of WordPress is available through WordPress.org. Existing WordPress users can upgrade their versions through this link. By setting up reminders to check for new versions at least once every few months, small businesses can ensure their sites are always safe.
- Make sure your site is always backed up. Chances are, you wouldn’t take the chance on your work files being there indefinitely, so why would you take that chance with your website? Your site should be regularly backed up so that if something happens, your designer can take your site back to the version that existed before the incident.
- Download the XML file monthly. As Frogs are Green learned the hard way, having an XML file can save your site if a hacking attempt occurs. The XML file contains the information about your WordPress site, which can then be imported into the new site if necessary. Great instructions for exporting your WordPress XML file are available here.
- Make sure you have a complete downloaded version of your site. Your site backup should include all images and coded pages so that if a hacking attempt occurs, you can get your site back up quickly. WordPress recommends using an FTP program to download your entire WordPress directory.
- Use spam tools on your site. Your site should utilize spam software like Akismet or Google’s reCAPTCHA to prevent spambots from bombarding your site with junk.
- Set up hard-to-guess username and password. If your site’s administrator account username is some variation of “Admin” or “Administrator,” you may as well invite hackers in. Same for easy-to-guess passwords. Use complex passwords with as many characters as possible and safeguard the password to avoid it falling into the wrong hands.
While there’s no guarantee your small business will never fall prey to hacking attempts, by taking measures to back up your data, you’ll avoid being down for months as your site is rebuilt. As you’re setting up security measures, be sure your site is set up not only to protect your customer data, but also to protect your own content from infiltration.