Website Security Basics for Small Businesses

Hackers don't just go after big companies. They scan the web automatically for vulnerable sites - and small business sites are easy targets.

HTTPS is non-negotiable

That little padlock in the browser address bar? It means your site has an SSL certificate and connections are encrypted.

Without it, Chrome shows visitors a "not secure" warning. That's going to put people off. And Google ranks secure sites higher.

Get HTTPS sorted. It's usually free these days.

Updates matter

If you're using WordPress or any CMS, keep it updated. Same for plugins and themes. Most hacks exploit known vulnerabilities that have patches available.

Set up automatic updates where you can, or commit to checking monthly.

Good passwords

This sounds obvious but people still use "password123" or the same password everywhere.

Use strong unique passwords. Use a password manager. Don't share logins unnecessarily.

Backups

If the worst happens, you need to be able to restore. Daily backups minimum. Test your backups occasionally to make sure they actually work.

Cheap hosting = cheap security

£3/month hosting usually means minimal security. You get what you pay for. If you're handling any customer data, invest in decent hosting.

What to do now

Check your site has HTTPS Make sure your software is updated Check your backups are working Use strong passwords

If any of those are missing, sort them out. The hackers aren't waiting.