Secure an online business: The things you absolutely need for your pre-purchase checklist for the best security by Debra Lloyd
You've probably heard the old saying “there's plenty of ways to skin a cat”! Well there are also many ways to start an online business. You can start from scratch and build, but that can take time and a lot of work before you see results.
In the past 5 years especially, we've been seeing people leaving the corporate world and opting to buy an existing online business. This can be a very smart way to get started quickly as when properly researched, buying an existing online business ensures you will have immediate cash flow to replace a regular paycheck.
There are a number of things you absolutely need to make a part of your pre-purchase checklist beyond the standard verifications of revenue, expenses and traffic stats. There are also a few security precautions you need to make as soon as you “get the keys” to your shiny new website too:
CHECK OUT THE NEIGHBORS
Do you remember when your parents would tell you, “Be careful who you hang out with or you may be found guilty by association?” Well like most old clichés and sayings, they're born out of common sense and this is one that can also apply to shared web hosting too.
One of the standard checks I run on a domain is a reverse IP check to see other sites hosted on a shared server. I use Yougetsignal.com to run the check because it flags sites with explicit content which can be a concern if not issue.
CHANGE THE LOCKS
Just as when you buy a new house it's a smart investment to change all the locks and update the alarm system codes,when you buy a web based business you should change all the passwords. I recommend using a password manager to create strong passwords with upper and lower case letters, numbers and special characters.
WHO'S WHO
Don't use obvious user names such as Admin or Webmaster and be sure to remove any visible Meta login options from the website as they are an open invitation to hackers. You may as well put a sign on the home page saying “Open House-Come On In”!
SPARE KEYS
Just as it's handy to have a spare set of keys at a trusted neighbors house, it's a smart move to set up a secondary User Account with full administrator access. I had a client who accidentally locked herself out of her own website, but because we had this safeguard in place she was able to login using the secondary user credentials and change her primary account password, because she was prepared her problem was solved in just a few minutes and a few clicks.
LOCK THE WINDOWS & DOORS
So here's my confession “I'm a recovering Plugin Addict”, when I first discovered WordPress I was hooked from the moment I realized this was the platform that would enable me make changes to my websites quickly and easily without need and cost of a web designer.
Once I learned about Plugins my mantra quickly became “I'll bet there's a Plugin for that” and I merrily went along installing them by the boat load! Then I met Regina Smola at a NAMS conference in Atlanta, I was genuinely horrified when she explained every plugin “provides another potential point of entry for hackers”! I quickly began to evaluate each plugin based on necessity of function and deleted every one that does not provide or address an essential function.
I try to only ever use Plugin's listed on the WordPress.org Plugin Directory http://wordpress.org/extend/plugins/ and I check WPSecurityLock for alerts before installing.
WPSecurityLock issues regular Plugin Security Alerts, I recommend clients sign up for the RSS feed and have it delivered right to their email inbox to be sure they receive and act on those alerts as soon as possible. https://wpsecuritylock.com/wordpress-security-report-06-22-2012/
INSURE YOUR PROPERTY
You can get no cost or very low cost “insurance” and peace of mind simply by implementing an automated back-up plan with a secure remote copy of your site. It's important to be proactive about securing and protecting your most important business assets and that includes both your website and your data. The most effective way to recover quickly from hacking or a tech failure is to have procedures and processes in place to restore to the most recent incarnation of your website.
Protecting your website assets not only gives you peace of mind but it can also increase the value of your online business should you ever decide to sell. WordPress websites are highly desirable to buyers because of their ease of management, even for those who are not programmers or developers. A site with a “clean” security history will also be better positioned to command top dollar from prospective buyers.
About Debra Lloyd
I bought my first offline business in 1993, launched my first website in 1996 selling packaged baking mixes derived from that same business and have never looked back. I'm an experienced web business owner and consultant who made a ‘career' out of avoiding learning any HTML code whatsoever, so naturally, I became a huge WordPress fan and advocate in 2008 (when I sold a WP Premium Theme business for a client)!
I've worked and consulted on hundreds of websites across all sorts of business models and I love that there's always some new tip, tool, technology to ‘get my head around' if nothing else, it helps me keep up with my college student daughter :).
I'm a Brit by birth, lived in a few other places too, mostly been in the US since the 80's but yes you'll still hear me use funny phrases and terminology (can't help it but feel free to ask for translations they're always available – no charge) and if you stick around or come back form time to time, you'll probably notice as I flit between my two main bases of the UK & US as often as I can.
I love to travel, cook, enjoy wine, good company, music and movies in no particular order, but I like it best when I can enjoy them all at the same time! I hope you'll come connect with me, I look forward to ‘meeting' you…
You can connect with me at:
NextGenBizTools.com
Home – http://nextgenbiztools.com
About – http://nextgenbiztools.com/about/
Hey Debra,
Thanks for the great security checklist when buying an online business! Each point is right on target.
Great tip on having an automated back-up plan. I just got a new client that has over 20 websites that have been hacked. EVERY file on the server is defaced except for hidden (dot) files, including .php, .html, .js, .jpg, .gif, .pdf, .mp3, .zip, .etc. It’s a nightmare. No remote backups were done and the only available backups are the ones the host overwrites weekly and they’re all hacked. Imagine if the client had those sites up for sale.
Yougetsignal.com is a pretty cool site. I’ve added it to my arsenal of scanning tools.
Oh, and I cracked up when you said, “I’m a recovering Plugin Addict.” Maybe we should start a PAA clinic 🙂 But on a serious note, I’m glad you are choosing your plugins carefully and monitoring them.
Thanks Regina for the opportunity to share this – you really opened my eyes when you helped me understand that every installed plugin is a potential point of entry for hackers. That got me thinking about what people should do when they buy a web based business to ensure security just as you would when you buy a house or business offline, it’s essential to change the locks.
Cheers,
Debra
Lots of very useful information here, Debra, and I’m going to share it. I also like the alliteration you used with checking out the neighborhood, buying insurance, etc. Well done!
Thanks for noticing Kurt – I tried to put it into terms that we could all relate to, nice to know it worked for you.
When I met Regina I was sitting fat and happy thinking I had good ‘safe site’ practices, but once I learned just how lacking they were and recovered from the shock I decided to develop a checklist for the absolute minimum items I should have clients look at and consider both before and after they buy.
Cheers,
Debra
Great post Deb. I like the idea of setting up a second admin in case your primary gets hacked.
Hey Ken,
Thanks for commenting. I can’t tell you how many times I’ve been able to go in and resolve an issue very quickly with this very simple solution of having a back up admin user account set up. Funny how the simplest of things can save us so much time and aggravation.
Cheers,
Deb
Debra –
These suggestions are terrific (and SIMPLE) things that people can do to add some safety to their site. It’s great that you are spreading the word as it cannot be said enough!
We have all heard horror stories (some too close for comfort) about losing a site and NOT having a backup. That should be one of the first things that people do – implement an offsite back up system!
Again, thanks for sharing!
Paul,
Thanks so much for jumping in here. Regina could tell you simple is what I like best always fits me to a T 🙂 Yep for sure all of these suggestions have come from experiencing that sick to the stomach, cold sweat moment of realization that ALL you work was just lost! I often find immediately post acquisition of a site, the focus is ALL on confirming control,changing passwords and such which is all very important but many owners don’t ever ‘get around’ to setting up ‘just in case’ backup systems.
Cheers,
Debra
This specific theme is one area this I are actually investigating for a though right now and the knowledge can be remarkable. Thanks a lot for revealing that information
Can I be assured that I won’t get hacked if I use plugins from WordPress’ directory? Coincidentally, I recently experienced something odd on my site. I have hardened passwords, but when I logged in to install a plugin, I saw a number of plugins listed but I had never installed on my site. I know I haven’t installed them because the description was in some other language, Russian I think.
Hi Jean-Phillipe,
Thanks for posing this really important question. Regina may have more to say on this but here’s my 10c.
There are no ‘guarantees’ that using plugins even strictly from the WP directory are hacker-proof, but my understanding is that they are far more likely to be secure than plugins NOT found in the directory.
My solution – I became a member of http://www.SafeWP.com as soon as membership opened and am finding it to be an excellent way to have trusted go-to security resources available and also to check out plugins before you install them. It’s fantastic value and worth every penny for the peace of mind and resources it provides – go check it out.
Cheers,
Debra
Hi Debra,
I’m a big fan of this site and have read a number of posts in the last few days but this is hands-down the one that I’ve enjoyed the most. I know that sounds like a spammy comment, so I kinda feel the need to reinforce the genuine nature behind it.
The beautiful thing about comprehensive checklists and guides like the one that you’ve penned here is that they contain small – yet vital – things that most people wouldn’t consider. Most people buying an online business would think to ‘change the locks’ in terms of passwords but nowhere near as many would know that leave a Meta Log In present is like an open invitation for the type of nasty people online we all try and avoid.
I honestly enjoyed this post from start to finish, especially the way in which you write. I’ll hop over to Next Gen Biz Tools now and check out some more of your work!