WordPress Security

A downside of WordPress’ popularity is that it can be a target for malicious software and hackers. wordpress-security“Who’d want to hack into my little company’s website”, I hear you ask. Well, for the most part no human entity is directly interested in you or your website. However, “bots” are! Bots are applications that run automated tasks. Many of these are maliciously designed to trawl the web, searching for weakened website defences. Did you know that, as of September 2016, 56% of web traffic is that of bot’s! There are thousands of forgotten WordPress websites that are default installations, which makes them easy to get into. These are the sites the bots are looking for. There are however simple measures you can take to make it much more difficult for anyone or anything to get into or affect your WordPress website and make sure you don’t get caught in the crossfire.

Core updates

Core updates are updates to the WordPress software itself. These are key, not least because it maintains security. A big plus to WordPress is that it is regularly being reviewed and updated. If there are issues, they will be fixed with a core update, hence it’s importance. WordPress is also worth updating to make sure it keeps functioning as you want it to when using your website on a day to day basis.

Plugin Updates

A common route into your website is through the plugins you install. Plugins provide functions to your website. Things like your social media feeds, e-commerce systems and image galleries all usually require plugins to function. If these plugins are not kept up to date, it can create a route in for any malicious software. As part of our day to day website managing process, we ensure that all plugins are kept up to date.


The obvious advice… have secure passwords. However, whilst it may seem obvious to most, some people choose passwords that are easy to remember rather than secure. We recommend that you select 3 random words (ie not names of children or pets!) that mean something to you, but won’t to anyone else, and string them together. The longer the password, the better. Make sure your WordPress “back-end” passwords are secure and not easy to guess. You can use software such as LastPass, to manage your passwords. It allows you to set more secure passwords without having to remember them all.


To access the back end login section, the standard address is /wp-admin. You should change this from the first moment you set the site up. If it is something different and less obvious, it is an added layer of security. Changing the back end address plus many other security features are available through easy to use plugins. We use iThemes, which we have found easy to use with great functionality.

In Conclusion

It’s easy to not do anything about your security. However, it’s not at all difficult to manage it, and keep things up to date. There’s no excuse not to maintain your website security, so don’t get caught out!

Domain Control – do you have yours?

domain control - what you need to know
Do you control your domain name?
Your website and associated domain address(es) are probably your most valuable pieces of marketing collateral. How much of this critical stuff do you actually own and, importantly, control? In this article I am focussing on controlling your Domain Names. In a future article I will turn to look at the control of the website hosted on your domain. Like most businesses, you may well have specialist suppliers you work with for your website and email. However, what happens if you wish to start working with someone else? Most ISP and web service companies recognise that circumstances change and they are supportive in making transfers. Transfers happen regularly and are normally very straightforward yet sometimes a supplier may be reluctant. There could be a disputed invoice or other issue. If a supplier goes out of business things can get messy if you don’t have control of your domain.

Domain Control – What do you need to know?

Your Domain Names/URLs – e.g. bsamarketing.com, marketingmatters.net, bsawebworks.co.uk – are the basic elements of your web presence. It is on your domain that you host your website, email, online shop, blog etc. You never actually ‘own’ a domain name, they are all managed by a range of specialist registrars. You ‘register’ control of your preferred domains (on a first come, first served basis) for one or more years. While a domain is in your registration, you have domain control. You can dictate how your domain is used. If you find yourself in dispute over a domain registration, there are arbitration processes. These can be complicated and lengthy. It is better to avoid the problem! Let’s have a look at the top 3 things you need to manage a domain. If you have these then you are in control…

  1. Owner Contact

    When you register a domain you can specify a number of contacts. The common ones are ‘Administrator’, ‘Technical’ and the most important – ‘Owner’ I have met several businesses who believed they ‘owned’ the registration of their company domain but got a surprise when they checked! They found their company domain registered with their web supplier as owner. They had no legal control overt their own domain. Note: https://who.is/ is a good starting point to check your own domain)  If you find yourself in this position I suggest you contact your web supplier and ask to have the owner contact changed to you. There is no problem for them to stay as Administration or Technical contact. In fact this can be useful, but make sure you are the registered owner contact and the registration shows your own address.

  2. Domain Control Panel

    OK, you are the registered owner of your domain, can you control it? When you go to a domain registration website to register a domain name, you will need to set up an account where your domain(s) can be managed. The login details for this account (URL, user name and password) give you access to a Control Panel where you can control and manage your domain(s). Even if you rely on your web supplier to register domains on your behalf, I strongly recommend that you ask them for the login details. Keep a copy of the up to date login details – just in case! One issue that can arise is your web supplier having a single account where they register domains for all of their clients. Although they can still register your domain in your own name, they will probably (and understandably) be reluctant to hand over their login details. Newer and more sophisticated domain registration websites are more flexible. A web supplier can have their own master account login and set up sub-account logins for individual clients. If you have these sub-account login details, that is fine. You should have full control of your own domain(s) from there.

  3. Registration Renewal Options

    You register a domain name for a specific number of years. If you forget to renew one of your domains, it expires and you lose control. The domain is then available for anyone else (including your competitor!) to register in their own name. Renewal notices are normally sent by email to Owner and Administration contacts (another reason you should be the owner contact!). However, it can be easy to miss these in all the emails you receive. You will normally receive numerous renewal notices so you should be unlikely to miss renewing your company domain but it does happen. Is there an alternative? The best I know of is auto-renewal. This is only offered by some domain registration websites but with it you set your domain to automatically renew on expiry. You need to watch that you don’t end up spending money on domains you no longer need but I think this is better than risking the loss of your primary company domain! BSA Marketing set up all the domains we register for ourselves and our clients to auto-renew!

If you have any questions about domain control or want some help ensuring you have domain control, do get in touch.