Secure an online business: The things you absolutely need for your pre-purchase checklist for the best security by Debra Lloyd
You've probably heard the old saying “there's plenty of ways to skin a cat”! Well there are also many ways to start an online business. You can start from scratch and build, but that can take time and a lot of work before you see results.
In the past 5 years especially, we've been seeing people leaving the corporate world and opting to buy an existing online business. This can be a very smart way to get started quickly as when properly researched, buying an existing online business ensures you will have immediate cash flow to replace a regular paycheck.
There are a number of things you absolutely need to make a part of your pre-purchase checklist beyond the standard verifications of revenue, expenses and traffic stats. There are also a few security precautions you need to make as soon as you “get the keys” to your shiny new website too:
CHECK OUT THE NEIGHBORS
Do you remember when your parents would tell you, “Be careful who you hang out with or you may be found guilty by association?” Well like most old clichés and sayings, they're born out of common sense and this is one that can also apply to shared web hosting too.
One of the standard checks I run on a domain is a reverse IP check to see other sites hosted on a shared server. I use Yougetsignal.com to run the check because it flags sites with explicit content which can be a concern if not issue.
CHANGE THE LOCKS
Just as when you buy a new house it's a smart investment to change all the locks and update the alarm system codes,when you buy a web based business you should change all the passwords. I recommend using a password manager to create strong passwords with upper and lower case letters, numbers and special characters.
Don't use obvious user names such as Admin or Webmaster and be sure to remove any visible Meta login options from the website as they are an open invitation to hackers. You may as well put a sign on the home page saying “Open House-Come On In”!
Just as it's handy to have a spare set of keys at a trusted neighbors house, it's a smart move to set up a secondary User Account with full administrator access. I had a client who accidentally locked herself out of her own website, but because we had this safeguard in place she was able to login using the secondary user credentials and change her primary account password, because she was prepared her problem was solved in just a few minutes and a few clicks.
LOCK THE WINDOWS & DOORS
So here's my confession “I'm a recovering Plugin Addict”, when I first discovered WordPress I was hooked from the moment I realized this was the platform that would enable me make changes to my websites quickly and easily without need and cost of a web designer.
Once I learned about Plugins my mantra quickly became “I'll bet there's a Plugin for that” and I merrily went along installing them by the boat load! Then I met Regina Smola at a NAMS conference in Atlanta, I was genuinely horrified when she explained every plugin “provides another potential point of entry for hackers”! I quickly began to evaluate each plugin based on necessity of function and deleted every one that does not provide or address an essential function.
I try to only ever use Plugin's listed on the WordPress.org Plugin Directory http://wordpress.org/extend/plugins/ and I check WPSecurityLock for alerts before installing.
WPSecurityLock issues regular Plugin Security Alerts, I recommend clients sign up for the RSS feed and have it delivered right to their email inbox to be sure they receive and act on those alerts as soon as possible. https://wpsecuritylock.com/wordpress-security-report-06-22-2012/
INSURE YOUR PROPERTY
You can get no cost or very low cost “insurance” and peace of mind simply by implementing an automated back-up plan with a secure remote copy of your site. It's important to be proactive about securing and protecting your most important business assets and that includes both your website and your data. The most effective way to recover quickly from hacking or a tech failure is to have procedures and processes in place to restore to the most recent incarnation of your website.
Protecting your website assets not only gives you peace of mind but it can also increase the value of your online business should you ever decide to sell. WordPress websites are highly desirable to buyers because of their ease of management, even for those who are not programmers or developers. A site with a “clean” security history will also be better positioned to command top dollar from prospective buyers.