Website security basics every owner should know
Small business websites don't get hacked by masterminds. They get hacked by automated scripts that roam the internet trying the same few unlocked doors on every site they find. Which is good news, in a way: locking those doors is basic, and it's mostly a checklist.
The four basics
- The padlock (HTTPS). Encrypts traffic between visitors and your site. Without it, browsers literally label you "not secure" next to your address. Certificates are free these days; there's no excuse left.
- Updates. If your site runs on WordPress or similar, its plugins and themes get security fixes constantly. Unapplied updates are the number one way small sites get compromised. Someone needs to own this job, monthly at least.
- Backups. Not "the hosting probably does it". Known, tested, automatic backups, stored somewhere other than the site itself. The difference between a bad afternoon and a lost website.
- Passwords. One strong, unique password per account, in a password manager. The admin login for your site protects everything; "Summer2024!" does not.
Why it matters beyond disaster
A hacked site doesn't just go down. It can quietly send spam, host dodgy links, and get your domain blacklisted, and Google warns visitors away long after you've cleaned up. Prevention is dramatically cheaper than recovery.
The check
The free SiteMOT includes the security signals visible from outside: the padlock, the secure connection, and the browser trust basics. It won't audit your passwords for you, but it will catch the failures your visitors and Google can already see.
See where your site stands
The free SiteMOT tests your live site in about a minute: speed, Google visibility, mobile experience and more, with every result in everyday words.
Run my free checkNo card, no signup, no pressure.