Novice to Advanced Marketing System

NAMS | Building an Online Business to Support Your Dreams

  • Home
  • Product Catalog
  • Free Resources
  • Affiliates
  • Support
  • Blog
  • Masterminds
    • NAMS 90 Mastermind
    • Affiliate Sales Dominators Mastermind
    • Idea To Income Mastermind

By Jen Perdew Leave a Comment

Tweet
Share
Share
Pin4
Share
4 Shares

Website Security Checklist: 36 Tips to Complete Your Website Security Check

website security

It pays to be paranoid in today’s online world with all the potential website security threats because the bad guys REALLY are out to get you…Check your website security often!

We were hacked not long ago. And let me just confirm, it’s no fun.

But this time, it wasn’t so bad because we had systems and tools in place to shut down the hacker fast.

First, evverything is ok. No data was destroyed nor was any customer information revealed. But it was a close call. This is what we call a teaching moment. And since that is what we do best, I wanted to help as many of you as possible make sure that you have the right website security in place. 

Stay tuned and we’ll give you a simple, but thorough website security checklist to help protect you from the bad guys.

Here's what happened to us.

Last week, during the Insiders Club call, Jen (my daughter and company manager) tried to login to the Learning Center to show people how to find a specific product.

She couldn't. She was locked out.

I couldn't log in. I was locked out.

None of the rest of our team could login. We were all locked out.

And we began getting support tickets - customers were locked out too. And that’s a really bad thing.

Website hacking is rampant. We all have to be incredibly vigilant because there’s a group of ne’er-do-wellers out there (and they seem to be growing) who would much rather do damage than do good.

This was the second time we’ve been hacked. The first was many years ago.

During our semi-annual workshop in February, a threatening message on the site homepage read: 

“David Perdew, you owe me money and I will expose your database to the world if you don’t pay $15000.”

Of course, we had no idea the identity of this mysterious - and extraordinarily dumb hacker - since there was no contact information or payment instruction. 

We called the FBI (zero help by the way) and hired a team of cyber sleuths to rectify the hack.

The damage was done though because it forced us to shut down the site for six weeks to clean up and harden the site. Basically, it was a complete rebuild costing us about $75,000 in lost revenue and expenses to get back up and running.

Ten hours after we discovered the attack, we figured out that a person in Jordan, who had signed up for one of our products, used his login and technical know-how to invade the system and plant a malicious file.

Even though our system is much more secure, no computer is foolproof.

So, when we were hacked again recently, I flashed back to that costly previous experience praying that we’d done a better job this time of backing up our systems, putting our WordPress security plugin software in place, configuring it properly, and working with our hosting company to be ever vigilant.

But our system, like yours, gets hit thousands of times a day by hackers and bots trying to find a simple and easy vulnerability to exploit. 

If you think about this too long, you could think that doing business online just may not be worth the trouble. Luckily, there are simple ways to ward against 99.9% of the threats.

This time, when we saw the issue, Jen jumped on with LiquidWeb, our host, and they confirmed that they could see a rogue account with an IP from Tunisia that accessed our server and was in the account. They could see where he was and what he was doing.

And because of the unusual server activity, our WordPress security plugin, iThemes Security Pro, did it's job and shut down the entire site until we could stop the strange behavior in the server.

We'd caught a hacker in the act.

Website security checklist

My first thought in a situation like this is about the backups. “Where's our backups?"

Website backups are not something we think about often, but when we do, it’s usually as the result of some tragedy. And while we never want to use the backups, we must have them in case we do.

One of the reasons our first hacking experience shut us down for 6 weeks many years ago was because our backups had consistently been overwritten with new backups that had become infected with the malicious sleeper file. That allowed the hacker to trigger his activity at a later date.

Rebuilding the site was our only option.

One backup isn’t enough. We like to have a couple of months of backups just in case. Yes, that’s probably overkill, but when you have unlimited cloud storage from a reputable company like Google, data space is not an issue.

Unlimited backup space seems like it would be really expensive, but it isn’t at all. About 18 months ago, I made a very small one time investment in a product called Unlimited Cloud Storage.

All of our backups are loaded on that Google drive account with multi layered 2 factor authentication security. We used those to restore our sites by suppertime and get everything back to normal with very little downtime.

After this episode, I begged the developer to give our community a special promotion code to get $10 off. If you’re interested in Unlimited Cloud Storage, be sure to use the promo code NAMS10.

where to learn affiliate marketing

To Get Team, Training and Tools for Your Business, Try MyNAMS Insider's Club for Just $1

Yes, I need this!

Tools, tips and tricks to enhance your security with a site security checklist

But unlimited cloud storage is not the only website security best practice we use. 

We’ll go through a few of the best practices we use and a few of the tools we like to implement those below.

Domain Registration/ Hosting

Even though this is so important, too many people overlook this simple step. For example, someone may register their domain Godaddy and decide to get hosting there as well. Their entire business can then be shut down by Godaddy if they don’t like your business for any reason.

If you register your domain in one location like Simple Niche Domains (our Godaddy reseller account), and host your domain with a separate company like A2 Hosting (we recommend highly with very reasonable rates for medium to smaller sites), you’ll be in control.

  1. Register your domain in a different place than where you host your site! 
  2. Use a hosting company with a good reputation and good support plans

WordPress Admin Structure/Plugins/Themes

  1. Never use admin as your username
  2. Delete any account using admin as the username
  3. Always use a strong password - we recommend 20 characters with AT LEAST 1 Symbol, 1 Number and Upper and Lower Case 
  4. Periodically remove admin accounts set up for support of your plugins or products 
  5. Alway check for abandoned plugins. These are plugins that have had no updates recently (within the last year)
  6. Don't be a plugin hoarder. Make sure you delete plugins that are no longer being used or that are duplicates of another product.
  7. Never allow additional plugins to be added to your site without permission
  8. Avoid free plugins unless the company has an upgrade path. 
  9. Always make sure you're updating your WordPress theme. If your theme has not had updates recently, change themes! (child themes can be hacked too so if your child theme is outdated, it may be time for a newer one)
  10. Keep your WordPress core software updated. Be sure you backup first before updating and if possible run the updates on a test site or server
  11. Do NOT use free themes

Backups

  1. You can schedule backups to run directly with your hosting company. These are not always the easiest to access but are good to have running as a backup of your backup system - or a redundancy.
  2. Make sure backups are running on all of your sites frequently. At least daily. If you add a lot of content to your site, we recommend backing up multiple times per day. We back up every 12 hours and load to our Unlimited Cloud Storage.
  3. Make sure your hosting company is running a Cpanel Backup as well. This does not have to happen as frequently as cpanel changes should be minimal.
  4. Make sure you have a cloud storage account for your backups
  5. Make sure you are deleting old backups, especially if you are paying for storage space. 
  6. Use a WordPress Backup Plugin - These are super easy to configure and use. We use Updraft and recommend BackupBuddy as well.

Connect your backup plug in to your cloud storage and make sure to add extra security on your backup folder. Password protect the folder OR put 2 factor authentication on the folder

Security Plugins

  1. Use a WordPress security plugin. A paid version with good support is best. That’s why we use and recommend iThemes Security Pro.
  2. Configure your security plugin correctly
  3. Remember your security plugin will protect your site from bad players but sometimes can flag innocent customers and users. You can automatically whitelist or remove a blacklist on a customer IP address in your security settings. 
  4. Use recaptcha or two step optins to ensure you're not getting hammered by bots and bad sign ups

Password Manager

Use a password manager tool. There are several out there but we prefer LastPass because we can share access with our team members without sharing passwords. And we can use the mobile app to access anything from our phone as well.

Use A WordPress and Security Company

  • Amy Bair - eHemisphere 
  • Paul Taubman - Digital Maestro
  • Debra Lloyd  - WP WebWorks
Click To Get A Downloadable Copy Of This Website Security Checklist!
 

We'll send it right over to your inbox! 

New-Lead-Acquisition-101
Resell-Rights-Stardom
Get more leads and make more money with the LEAD System

Related Posts

Finding Your Home in the Online Jungle

The 5 Mistakes That Guarantee Your Business Never Gets Off The Ground – Part 2

The 5 Mistakes That Guarantee Your Business Never Gets Off The Ground

This is My Story

Are you a ‘Starter’ or a ‘Finisher’?

Bill Sefton

"I just finished reading your Endless Affiliate Profits - Lots of Golden Nuggets that extend beyond the Affiliate universe...I'll be spending my weekend implementing them..."

Percy Miller

NO ONE else is doing things online like you guys are doing it...You guys are building and teaching what I want to learn how to do with my online efforts...Today I saw the future!"

Shelley Merchant

I have wandered around blindly for over 4 years wondering why things weren't working...the things y'all teach are not being taught elsewhere. Instead, the advice is vague and leaves you feeling stupid because you're not figuring it out.

I cannot say enough good things...the only problem is that there's so much good stuff that I don't want to sleep b/c I want to learn it all.

 
I'm beginning to feel like a plan is forming and that I might actually make things work.
Jen Perdew

The Novice to Advanced Marketing System is a step-by-step system focusing on Team, Training and Tools to help novice to advanced business people build a Simple, Scalable and Sustainable business.

Founded by David Perdew over 15 years ago, he recently retired and his daughter, Jen Perdew, who has been working at NAMS since 2011 purchased the business.

Jen is now the President and CEO of NAMS and comes from a customer service, operations, and employee training background.

Jen has always loved digging in and getting her hands dirty with automation and coaching. Jen's an implementer and focuses on moving her clients as quickly as possible down the path to success. and has since taken over most of the technical training in the business. NAMS is one of the most successful online communities today, specializing in training and proprietary productivity software tools.

Affiliate Link
The Ultimate Guide to Maximizing Your Affiliate Links with Simple Click Tracker 1. Centralize Your Links: No more searching through scattered Excel sheets or lost emails to find your affiliate links. Simple Click Tracker allows you to store and organize all your links in one place. This way, you can easily access and update them […]
Click Here To Read More
author
The Ultimate Tool for Authors: Simple Click Tracker for Managing Redirect Links Are you an author looking to optimize your online presence and drive more traffic to your content? Look no further than Simple Click Tracker – the ultimate tool for managing redirect links. As an author, you understand the importance of maximizing the reach […]
Click Here To Read More
sales and revenue
How Simple Click Tracker Can Help Product Owners Boost Sales and Revenue Introduction: As a product owner, affiliate, or author, managing and maximizing traffic to your redirect links is essential for driving sales and revenue. But with the ever-changing landscape of digital marketing, it can be challenging to keep all your links relevant and up-to-date. […]
Click Here To Read More
The Ultimate Guide to Evergreen Campaigns: Timeless Content Creation In the bustling content marketplace, where trends rise and fall like waves in a digital ocean, a coveted gem exists – the evergreen campaign. So, picture a content strategy that not only stands the test of time but continues to flourish, delivering value, engagement, and growth […]
Click Here To Read More
Future-Proof Your Content Venture: The Evergreen Business Approach In the dynamic realm of business, where trends evolve at a breakneck pace and today’s innovations can become tomorrow’s relics, the quest for longevity and relevance is a challenge that every content venture faces. So, enter the “Evergreen Business Approach,” a strategy that transcends the confines of […]
Click Here To Read More
From Seed to Success: How to Cultivate Your Business in the Evergreen Market In the dynamic business landscape, where trends come and go, a realm defies the ebb and flow of fleeting fads – the evergreen market. Imagine a steadfast and flourishing market, regardless of economic shifts and changing consumer preferences. So, this is the […]
Click Here To Read More
Tweet
Share
Share
Pin4
Share
4 Shares

Category: Business Start Up, Featured Content, NAMS Notes

Previous Post Info Product Ideas to Add Value for More Sales
Next Post Use Pinterest as a Marketing Tool: 9 Ways to get More Traffic and Sales

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Help Desk
  • Contact
  • Support
  • Privacy Policy
  • Earnings Disclaimer
  • Legal Notices
  • Membership Agreement
  • TOS
  • Testimonials
  • Affiliate Disclosure

Copyright © 2025 · MyNAMS.com · All rights reserved
NAMS, Inc. 203 CR 890, Etowah, TN 37331 USA

Disclosure: Some links on this website may be affiliate links. If you make a purchase through one of our affiliate links, we may earn a commission.
We only endorse products and services we use or trust.