Novice to Advanced Marketing System

NAMS | Building an Online Business to Support Your Dreams

  • Home
  • Product Catalog
  • Podcast
  • Free Resources
  • Affiliates
  • Support
  • Blog

By Jen Perdew Leave a Comment

Website Security Checklist: 36 Tips to Complete Your Website Security Check

website security

It pays to be paranoid in today’s online world with all the potential website security threats because the bad guys REALLY are out to get you…Check your website security often!

We were hacked not long ago. And let me just confirm, it’s no fun.

But this time, it wasn’t so bad because we had systems and tools in place to shut down the hacker fast.

First, evverything is ok. No data was destroyed nor was any customer information revealed. But it was a close call. This is what we call a teaching moment. And since that is what we do best, I wanted to help as many of you as possible make sure that you have the right website security in place. 

Stay tuned and we’ll give you a simple, but thorough website security checklist to help protect you from the bad guys.

Here's what happened to us.

Last week, during the Insiders Club call, Jen (my daughter and company manager) tried to login to the Learning Center to show people how to find a specific product.

She couldn't. She was locked out.

I couldn't log in. I was locked out.

None of the rest of our team could login. We were all locked out.

And we began getting support tickets - customers were locked out too. And that’s a really bad thing.

Website hacking is rampant. We all have to be incredibly vigilant because there’s a group of ne’er-do-wellers out there (and they seem to be growing) who would much rather do damage than do good.

This was the second time we’ve been hacked. The first was many years ago.

During our semi-annual workshop in February, a threatening message on the site homepage read: 

“David Perdew, you owe me money and I will expose your database to the world if you don’t pay $15000.”

Of course, we had no idea the identity of this mysterious - and extraordinarily dumb hacker - since there was no contact information or payment instruction. 

We called the FBI (zero help by the way) and hired a team of cyber sleuths to rectify the hack.

The damage was done though because it forced us to shut down the site for six weeks to clean up and harden the site. Basically, it was a complete rebuild costing us about $75,000 in lost revenue and expenses to get back up and running.

Ten hours after we discovered the attack, we figured out that a person in Jordan, who had signed up for one of our products, used his login and technical know-how to invade the system and plant a malicious file.

Even though our system is much more secure, no computer is foolproof.

So, when we were hacked again recently, I flashed back to that costly previous experience praying that we’d done a better job this time of backing up our systems, putting our WordPress security plugin software in place, configuring it properly, and working with our hosting company to be ever vigilant.

But our system, like yours, gets hit thousands of times a day by hackers and bots trying to find a simple and easy vulnerability to exploit. 

If you think about this too long, you could think that doing business online just may not be worth the trouble. Luckily, there are simple ways to ward against 99.9% of the threats.

This time, when we saw the issue, Jen jumped on with LiquidWeb, our host, and they confirmed that they could see a rogue account with an IP from Tunisia that accessed our server and was in the account. They could see where he was and what he was doing.

And because of the unusual server activity, our WordPress security plugin, iThemes Security Pro, did it's job and shut down the entire site until we could stop the strange behavior in the server.

We'd caught a hacker in the act.

Website security checklist

My first thought in a situation like this is about the backups. “Where's our backups?"

Website backups are not something we think about often, but when we do, it’s usually as the result of some tragedy. And while we never want to use the backups, we must have them in case we do.

One of the reasons our first hacking experience shut us down for 6 weeks many years ago was because our backups had consistently been overwritten with new backups that had become infected with the malicious sleeper file. That allowed the hacker to trigger his activity at a later date.

Rebuilding the site was our only option.

One backup isn’t enough. We like to have a couple of months of backups just in case. Yes, that’s probably overkill, but when you have unlimited cloud storage from a reputable company like Google, data space is not an issue.

Unlimited backup space seems like it would be really expensive, but it isn’t at all. About 18 months ago, I made a very small one time investment in a product called Unlimited Cloud Storage.

All of our backups are loaded on that Google drive account with multi layered 2 factor authentication security. We used those to restore our sites by suppertime and get everything back to normal with very little downtime.

After this episode, I begged the developer to give our community a special promotion code to get $10 off. If you’re interested in Unlimited Cloud Storage, be sure to use the promo code NAMS10.

where to learn affiliate marketing

To Get Team, Training and Tools for Your Business, Try MyNAMS Insider's Club for Just $1

Yes, I need this!

Tools, tips and tricks to enhance your security with a site security checklist

But unlimited cloud storage is not the only website security best practice we use. 

We’ll go through a few of the best practices we use and a few of the tools we like to implement those below.

Domain Registration/ Hosting

Even though this is so important, too many people overlook this simple step. For example, someone may register their domain Godaddy and decide to get hosting there as well. Their entire business can then be shut down by Godaddy if they don’t like your business for any reason.

If you register your domain in one location like Simple Niche Domains (our Godaddy reseller account), and host your domain with a separate company like A2 Hosting (we recommend highly with very reasonable rates for medium to smaller sites), you’ll be in control.

  1. Register your domain in a different place than where you host your site! 
  2. Use a hosting company with a good reputation and good support plans

WordPress Admin Structure/Plugins/Themes

  1. Never use admin as your username
  2. Delete any account using admin as the username
  3. Always use a strong password - we recommend 20 characters with AT LEAST 1 Symbol, 1 Number and Upper and Lower Case 
  4. Periodically remove admin accounts set up for support of your plugins or products 
  5. Alway check for abandoned plugins. These are plugins that have had no updates recently (within the last year)
  6. Don't be a plugin hoarder. Make sure you delete plugins that are no longer being used or that are duplicates of another product.
  7. Never allow additional plugins to be added to your site without permission
  8. Avoid free plugins unless the company has an upgrade path. 
  9. Always make sure you're updating your WordPress theme. If your theme has not had updates recently, change themes! (child themes can be hacked too so if your child theme is outdated, it may be time for a newer one)
  10. Keep your WordPress core software updated. Be sure you backup first before updating and if possible run the updates on a test site or server
  11. Do NOT use free themes

Backups

  1. You can schedule backups to run directly with your hosting company. These are not always the easiest to access but are good to have running as a backup of your backup system - or a redundancy.
  2. Make sure backups are running on all of your sites frequently. At least daily. If you add a lot of content to your site, we recommend backing up multiple times per day. We back up every 12 hours and load to our Unlimited Cloud Storage.
  3. Make sure your hosting company is running a Cpanel Backup as well. This does not have to happen as frequently as cpanel changes should be minimal.
  4. Make sure you have a cloud storage account for your backups
  5. Make sure you are deleting old backups, especially if you are paying for storage space. 
  6. Use a WordPress Backup Plugin - These are super easy to configure and use. We use Updraft and recommend BackupBuddy as well.

Connect your backup plug in to your cloud storage and make sure to add extra security on your backup folder. Password protect the folder OR put 2 factor authentication on the folder

Security Plugins

  1. Use a WordPress security plugin. A paid version with good support is best. That’s why we use and recommend iThemes Security Pro.
  2. Configure your security plugin correctly
  3. Remember your security plugin will protect your site from bad players but sometimes can flag innocent customers and users. You can automatically whitelist or remove a blacklist on a customer IP address in your security settings. 
  4. Use recaptcha or two step optins to ensure you're not getting hammered by bots and bad sign ups

Password Manager

Use a password manager tool. There are several out there but we prefer LastPass because we can share access with our team members without sharing passwords. And we can use the mobile app to access anything from our phone as well.

Use A WordPress and Security Company

  • Amy Bair - eHemisphere 
  • Paul Taubman - Digital Maestro
  • Debra Lloyd  - WP WebWorks
Click To Get A Downloadable Copy Of This Website Security Checklist!
 

We'll send it right over to your inbox! 

New-Lead-Acquisition-101
Resell-Rights-Stardom
Get more leads and make more money with the LEAD System

Related Posts

Finding Your Home in the Online Jungle

The 5 Mistakes That Guarantee Your Business Never Gets Off The Ground – Part 2

The 5 Mistakes That Guarantee Your Business Never Gets Off The Ground

This is My Story

Are you a ‘Starter’ or a ‘Finisher’?

Bill Sefton

"I just finished reading your Endless Affiliate Profits - Lots of Golden Nuggets that extend beyond the Affiliate universe...I'll be spending my weekend implementing them..."

Percy Miller

NO ONE else is doing things online like you guys are doing it...You guys are building and teaching what I want to learn how to do with my online efforts...Today I saw the future!"

Shelley Merchant

I have wandered around blindly for over 4 years wondering why things weren't working...the things y'all teach are not being taught elsewhere. Instead, the advice is vague and leaves you feeling stupid because you're not figuring it out.

I cannot say enough good things...the only problem is that there's so much good stuff that I don't want to sleep b/c I want to learn it all.

 
I'm beginning to feel like a plan is forming and that I might actually make things work.
DavidAndCharlsaAtTheBeach.jpg

David Perdew is the CEO and founder of NAMS - the Novice to Advanced Marketing System. He’s a journalist, consultant, and serial entrepreneur who has built one of the most successful and fastest-growing business training systems online today called the MyNAMS Insiders Club.

The Novice to Advanced Marketing System is a step-by-step system focusing on Team, Training and Tools to help novice to advanced business people build a Simple, Scalable and Sustainable business.

He took a year off in 2003 to personally build a 2200 square foot log cabin in north Alabama where he and his wife and two dogs and a cat live on 95 acres of forest with four streams and 60-foot waterfall.

The NAMS team includes his daughter, Jen, who is an email marketing and automation specialist. Jen runs the day to day business and is one of the primary trainers in our MyNAMS Insiders Club. 

Thanks For Picking Up Evergreen Listbuilding Secrets Access is headed to your inbox. (Please check spam, promotions and junk folders) If You’re Interested In Becoming An Affiliate Marketing Powerhouse Keep Reading As I Share How A Single Affiliate Promotion Put $12K in My Bank Account in 5 Days Click Below For Your Copy Of “5 […]
Click Here To Read More
Just a couple of weeks ago, one of my favorite online business guys posted on Facebook about the terrible relationship he had with his dad. I felt his pain across the ocean and through time. He said he was fine without having a relationship with his dad, but he also longed for the pride of a father in his son. Of course, I thought about my dad and how blessed
Click Here To Read More
PeachtreeStart2015
Having a Plan Is Key, but Consistently Executing a Plan Is Even More Important. In 1987, I ran my first Peachtree Road Race 10K in Atlanta, GA. Just divorced, I was only 35 and skinny.  Three weeks prior to the July 4th event, I decided to run the race. Without any training–at all, I thought, […]
Click Here To Read More
Thanks For Signing Up For The NAMS Business Growth Strategies Summit Access is headed to your inbox. (Please check spam, promotions and junk folders) If You’re Interested In Becoming An Affiliate Marketing Powerhouse Keep Reading As I Share How A Single Affiliate Promotion Put $12K in My Bank Account in 5 Days Click Below For […]
Click Here To Read More
Email Marketing is Not Dead
Is Email Marketing Dead? Or Alive and Thriving? This is the 3rd part of a 5-part series outlining the 5 essential skills to create a successful business online. They are listed below. And if you miss any of the posts, just click the link to open in a new window: 1) The Entrepreneurial Mindset2) List […]
Click Here To Read More
ListbuildingEqualsSales
How to Build an Email List with a Quality Lead Magnet Today, we focus on email list building, basic list management, and list building strategies while focusing on how to build an email list with a quality lead magnet. If you missed the first part of this series, you can see the post about about […]
Click Here To Read More

Category: Business Start Up, Featured Content, NAMS Notes

Previous Post Info Product Ideas to Add Value for More Sales
Next Post Use Pinterest as a Marketing Tool: 9 Ways to get More Traffic and Sales

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Help Desk
  • Contact
  • Support
  • Privacy Policy
  • Earnings Disclaimer
  • Legal Notices
  • Membership Agreement
  • TOS
  • Testimonials
  • Affiliate Disclosure

Copyright © 2023 · MyNAMS.com · All rights reserved
NAMS, Inc. 203 CR 890, Etowah, TN 37331 USA

Disclosure: Some links on this website may be affiliate links. If you make a purchase through one of our affiliate links, we may earn a commission.
We only endorse products and services we use or trust.