Tony skinner 00:02
Hi, and welcome to the podcast channel for podcast my business and YouTube for content made easy. So we’re now our across everything, and we’re joined today by James from thewebsiteguardians.co.nz. The website guardians as we found with Google, you got to spell everything correctly.
James 00:25
Yes, yes. The website guardians. Yep.
Tony skinner 00:28
Yeah, great stuff. And we had some fun. Because the other day, your internet, we had issues. And we’re all very familiar with that in everywhere, because we’ve got NBN. And there’s one thing you can guarantee with technology, it will fail at some stage.
James 00:47
Yes. And usually when you most want it to be working.
Tony skinner 00:53
I remember back in the days, you do Word documents, and you forget to save it. And you do when you say you do all your assignments, and you’d forget that little thing about CTRL S
James 01:01
control it. Yep.
Tony skinner 01:04
So many things. And one of these things they weren’t understand. And look, people don’t realize, I mean, most people, they say, Okay, I turn the computer on. That’s as much as most people know about computers.
Tony skinner 01:20
And it comes to the same with websites, I’ve got a website, it’s done, I’ve paid for it. Surely that there can’t be anything more to do. But considering the prevalence of WordPress websites, and I recommend WordPress websites, there’s so much more to know, and hacking and everything else that can go on that. That’s just the first part of the journey. So what do you recommend would be the first few steps once you have a WordPress website?
James 01:48
Yeah, so like you mentioned, WordPress, it’s a great platform, I also recommend it, you can do so many great things with it. But you do need to be careful. And part of you know, because it’s really popular, it also makes it a popular target for hackers, unfortunately, and a lot of websites, they just get put up, and then sort of forgotten or forgotten about, but they’re not looked after.
Tony skinner 02:17
Number two, sorry, and just just on that. In fact, if you don’t have HTTPS, and the SSL certificate, Google could easily put up a warning that your site is unsafe. See, so if someone sees that your site is unsafe, guess what will happen?
James 03:25
Yep, they’re gonna go somewhere else. This is especially true on something like the Contact Form page, because it’s a form. So Google goes, Oh, they might be trying to steal information here. So yeah, this is us. difficut really important. The next thing you want to do is make sure you’re having your website backed up. Now, this is in case something does go wrong, so that you can get everything back.
James 03:51
Again, web hosts will offer backups. But I recommend you do your own backups to either to OneDrive, or Google Drive or not on the website server. And the reason for this is that if the website server gets compromised, your backups will get compromised. And also the backups that website hosts offer. Some websites posted, you can get it back, like when you want it on demand others, it’s just a disaster recovery backup.
James 04:20
So if the server goes down, they can bring it back up. But you can’t just restore your own website. So make sure it’s being backed up and make sure it’s being backed up to another server just gives you that control and redundancy and safety. If something goes wrong, you can get everything back.
Tony skinner 04:37
Now I do check with my web hosts or web host. Literally that question about backups. I always ask about that. I’ve got a few sites now. And I always ask I was make sure but I’ve never done the backup myself. So how would I easily do a backup of my entire site
James 05:00
There are plenty of plugins out there that will do backups for you. And you just need to check when you’re installing the plugin that it will backup to a third party sites. So one that I recommend is updraft might be Updraft Plus, that’s that will do the backups, it will copy them to a third party server for you. They do have a free version, which I think allows you to backup to one destination. The premium version allows you to backup to more services. So you just need to check which one works for you the best.
Tony skinner 05:36
Yeah, and it’s about getting that level of control. And wow, that’s a great segue to plugins, because plugins probably create more problems for WordPress websites than anything else. So what is a plug in? And what do you need to watch out for?
James 05:56
Yep, yep. So plugins are what we use to expand the functionality of webs of WordPress. So WordPress out of the box is a blogging platform. It doesn’t do much else. plugins allow us to add functionality like, like backups they were talking about before, but also adding in ecommerce, adding in some of your Google and Facebook pixel tags, and Google Tag Manager tags, adding custom fields, to your blog posts or to your products, all sorts of things.
James 06:27
There’s 1000s and 1000s of plugins out there. Yes, they are the number one, probably the number one source of problems with WordPress, but also they are what makes WordPress so powerful. So I guess a couple of recommendations with plugins, make sure you get them from a reliable source. So there is a plugin repository on wordpress.org, which if you’re adding a plugin from inside WordPress, when you do the search, that’s what it’s searching. That’s a good start. If you’re going to another company to get it, just do a bit of due diligence on the company.
James 07:00
Make sure that the plugin is reliable that it’s going to do what it says on the box and it’s not going to do anything else. The other thing was plugins as you need to make sure they stay updated. And that’s where a lot of the issues can occur.
James 07:14
So when you update the plugin, sometimes the plugins can have what’s called a conflict. And that means that plugin a doesn’t like plugin be what stops plug in be working properly. Now, this isn’t malicious plugin, a developer wasn’t setting out to plug in BS just maybe they’re trying to add a Size field to a product. And one of them’s trying to add a color field to a product. And they both are trying to do it first, or something like that, that can just cause things to not quite work properly.
James 07:52
So what you need to do as your plugins is keep them updated, because that’s a big security risk if they’re not updated. That’s the way hackers get into WordPress sites generally is that there’s a plugin that’s insecure, and an update has been released. But the website owner hasn’t updated the plugin. So keep your plugins updated. But what you need to do is when you update your plugins is test that everything works, as expected.
James 08:18
So update your plugins and then send a contact form submission, do an order on your website, just have a look at the website, make sure all of the images are in the right place, and that the colors are still the right colors and those kinds of things. And in an ideal world, you should be doing these updates on what’s called a staging server first. So if something goes wrong, your live server is not affected. But if you don’t have a staging server, then do a backup. Do your plugin updates, do your testing?
Tony skinner 08:50
Yeah, that’s why you need to have a host looking after your site. And I guess that would be maintenance contracts and things like that. So that way, they do the updates for you, they do the testing for you. And I know what’s popular. WordPress can be easy to make changes and work with as an individual. I’m not a big developer. I can I’ve been around web and whatever I do SEO and all that so I know it pretty well. And I just want to warn everybody when we’re talking about WordPress, don’t touch anything called .c s s.
James 09:31
It’s it is it is a great platform, you can do the updates yourself. And that’s one of the big attractions of it is that you can get a website put up in to a WooCommerce site, you can manage the orders yourself, you can update the product yourself. You can change the pricing, add new products, all that kind of stuff. But you can also cause things to go wrong. So what you want to make sure is that you only have as much access as you need. So so talk to the person who built your website.
James 09:59
I recommend that people have two logins, they have a, an admin login, the administrator login, which lets them do absolutely everything. And then they have another login that they use on a day to day basis. So that’s the one that you use to check your orders or add a new blog post or add a new product. Because when you’re logged in as that user, you can’t cause too many things to go wrong.
James 10:22
You can’t see the plugins, you can’t find the file editor and edit the dot css file. Yeah, so two logins just in a way it’s protecting you from yourself, but also just take some stress out of it. Because if you know you’re logged in, in a way that you can’t break the website, then you won’t be worried when you’re checking your orders that you’re going to break the website. Whereas if you look, when you log in with that administrator login, you can do everything, then you start getting worried that you can break things.
Tony skinner 10:51
Yeah, I’ve had plenty of clients that have gone in and go, Yeah, look, the look and feel of that particular page. And they’ve done. They’ve looked up some YouTube videos, because there are lots of YouTube videos for WordPress. And what did they say? If you have enough dynamite, give yourself a headache? Be wary of that. So yeah, you’re right, get that alternative login. So any other tips and tricks you can think of for WordPress sites?
James 11:24
Yep. So have you also you want a security plugin, as well. So something like wordfence or Malkia, which just provides you an extra bit of protection. Again, they have a free version. So at the minimum have the free version, but I highly recommend the premium versions because they add a bit more support.
James 11:43
Make sure you have strong passwords. Because that’s another another way that hackers get in is they’ll just try username admin password admin 123 and password 123. And that works, unfortunately, more than it should. So yeah, have those. And then the other thing is get help on this. If you’re not sure. Talk to your developer, talk to your web hosts, talk to me, like, you know, get if it’s not your forte, and you’re worried about breaking something. There’s plenty of support available out there to help you keep your website secure without you having to do it yourself. Yeah,
Tony skinner 12:25
I think there’s, there’s a habit, thanks to COVID. Lots more people have started up their own business or their own site on their own whatever. And they’re all running on a smell of an oily rag. And I’ve heard I chaos can set up WordPress. And they set up WordPress, and they look at YouTube videos. And I spent eight or 10 hours looking at a YouTube video and yeah, I know what I’m doing. Yeah, they go do something and they screw it up. Don’t do that. That’s what I call false economy.
James 12:56
I guess Yeah.
Tony skinner 12:57
Pay someone who knows what they’re doing. half an hour’s worth of work. Okay, my question a couple of 100 bucks. But how much is your time worth spending eight to 10 hours, and you still get it wrong? Why bother?
Tony skinner 13:10
What’s what’s the actual point. And what I’m seeing a lot more now on on websites, including, especially WordPress websites, is 2FA. So I’ve got a client that just started a new website, and wordfence thanks for reminding me about that. I got a notification from the web developer, to set up 2 FA and 2 FA is just on the mobile. It’s under Google Authenticator. And you just set it up.
James 13:36
Yeah, and that’s highly recommended, not just for your WordPress website, but for all the websites that you log into, if they offer to FA or sometimes they call it multi factor authentication. set that up because it just adds that extra level of security.
Tony skinner 13:51
So just out of curiosity, so you got all these hackers floating around out there. Now, back in the day, they used to just target high traffic websites and just take the traffic and steer it elsewhere or whatever. Now hackers will get into any website, no matter how much traffic you’ve got.
James 14:10
Yep. Yeah. Because what what they’re doing now it’s all automated. So they’re not targeting us specifically. I do talk to business owners, and they’re like, why would a hacker target me? Because, you know, I’m just a small High Street store. They’re not targeting you necessarily.
James 14:24
Because you’re you they’re tagging you because you have a WordPress site. So they have these automated bots that do these massive scans that find WordPress websites, and then see if there’s a vulnerability, so I’ve got a plug in, that hasn’t been updated. That hacker will get an alert and then they have an automated tool that will go and exploit that that hat. So unfortunately, no one is safe. COVID you mentioned about lot more people getting into business and getting websites. Along with that.
James 14:56
Unfortunately, it was a big increase in cybercrime and hacking So it’s out there. And it’s, it can take many forms as well, right? It’s not just people stealing your traffic, but they might be trying to steal your data, get ahold of your customer list. If it’s on there, they might be sitting on your website to be part of a bigger attack later on. And then, or they might just hold your site ransom.
James 15:25
And all of these things, none of these things are good for business, you don’t want to have to go to your customers and say, we’ve been hacked, you had your personal information was in the database.
James 15:35
You know, so Bob says we’re sorry, or have to pay money to a hacker to get website back. You don’t want any of that hassle. It’s really bad for business. So make sure you’re doing those basic security things that we’ve talked about. You can do them yourself. And there’s some great free products out there. So at the very minimum, do those. But like you said, Tony, don’t get caught up in spending hours and hours and hours on this. You know, if you’re going down a rabbit hole, stop and talk to someone who can help.
Tony skinner 16:05
Yeah, absolutely. And that’s the key thing is, there is plenty of help available, such as James at Thewebsiteguardians.co.nz. And we didn’t start with the rugby, but we’ll finish with the rugby. Because a couple of years ago,
James 16:19
I was I was hoping you forgot.
Tony skinner 16:22
We discussed that prior to start an interview, because a few years ago I interviewed Sir John Kerr when he was a New Zealand All Black legend. And we got into things about rugby. And yes, we’d lost to England only just that the All Blacks lost to who
James 16:42
we lost to Ireland.
Tony skinner 16:44
And how will you go in the World Cup of Rugby.
James 16:47
Well, Ireland actually doing really well. So it was it was hard for us because it’s our first series loss on home soil and a long time and it’s definitely our first series loss to Ireland, on home soil. But I think as hard as it is to say as as a an all black fan out Ireland did play really well. And the northern hemisphere teams are a lot of them are playing really well. And I think next year, the World Cup is going to be very interesting. It’s not going to be as easy for the southern hemisphere teams as we might like.
Tony skinner 17:21
No, it’s not. But I am hearing that refrain from New Zealand friends, saying well wait for the World Cup, just wait for the World Cup. So this doesn’t, this won’t count very much when the World Cup comes around. We’ll win it again, again. Maybe you probably will.
James 17:40
Well, hopefully we take the lessons from it. Right. And it was the scare we needed.
Tony skinner 17:44
Yeah, that’s right. Yeah. And again, getting back to being scared and whatever. So please remember, don’t click on links from emails that you don’t know, that says something about your website, if it’s not from your host, or your developer, don’t click on it.
James 18:05
That’s for sure and and on that one of the ways that some of these exploits happen is you might look at the link and it might be your website. And you might go cool, I can click on that link, because it’s my website. But one of the ways they do get in is they send you a very specially crafted link that when you click on it, because you are logged into the website as the administrator, they can then take over as administrator.
James 18:28
So it’s a bit, it’s a really great reminder, don’t click on links that you’re not expecting. If the developer says Check out this thing on your website, just go to your browser and type in your website domain manually.
Tony skinner 18:42
Yeah, because it is difficult because when you get miles on your PC or laptop, you can hover over it with your mouse and see the final destination. But on your mobile, you can’t. So I use my mobile for emails, like everybody, as well as the computer. But yeah, don’t click on any links. In fact, don’t click on any links on any emails on your mobile phone
James 19:12
or text messages. Links and text messages.
Tony skinner 19:17
Yeah, I get those and it goes. I actually got one today in my very old Outlook account that I still got because it’s actually my name, which is rare. And it was crypto Of course, we need to login and change your password click on this link. We’re going Why would I do that? Yeah,
James 19:42
yeah, it’s it’s a numbers game. For these these hackers, right? They send out a million of those texts and hope that 20 people click on them. So, again, you’re not being targeted specifically. It’s just a mess automated system. But you just got to be sent to We’ll have your wits about you and even ones that seem legit. You know, like coming into Christmas, we’ll get the courier once again, where it’s a customs fee or whatever for a package you are actually expecting. Don’t don’t click on the links. Yes, and text messages, links and email just as a general rule, don’t click on it. Yeah,
Tony skinner 20:19
that’s exactly right. No links. All right, thank you for that. James. Anything else you’d like to add?
James 20:25
No, I think that about covers it. But I just want to reiterate that you know, security and updates and maintenance it’s really important for a website, you’ve probably paid a lot of money for this asset that’s helping your business make sales to grow to get new leads, please look after and just take some of the things that we’ve talked about in this podcast, do those steps at a bare minimum and that will greatly help you
Tony skinner 20:53
right? Okay. So um, yeah, hit to the podcast channel, podcastmybusiness.com.au will pick up my business.com today you and for the video, head to contentmadeeas