First of all I'd like to do uh an acknowledgement So I'd like to acknowledge the traditional custodians

of the land that we meet today uh and pay my respects to their elders past present and

future I'd like to extend that respect to Aboriginal peoples present today I'm proud to be hosting this

event as part of the 2025 New South Wales Small Business Month program in partnership with the New South Wales

Small Government So let's kick off today with a poll to see where everyone is at So if your

website was hacked today tonight what would you do first Um so in the chat if you wanna click one

of the numbers uh put a 1 for I know exactly what to do uh a number 2

for I'd probably Google it Number 3 I'd call my hosting company and number 4 honestly I would have

no idea what to do so put a 123 or 4 in the chat Just now Let's see where

people are at And number 4 Wonderful to be truthful absolutely Number 2 probably Google it

Yep I probably do the same Anyone else You don't have to that's all right So we've got a better

range #2 Google it 4 Honestly I have no idea yeah Yep that's that's fair enough That's

kind of followed I'd expect Uh let me just introduce myself a little bit before we go on

Uh hi I'm Will Brown Uh I'm a WordPress consultant and educator I've been working with WordPress uh since

about 2006 Uh but these days I spend most of my time helping small business owners simplify the websites uh

keeping them secure fast and easy to manage I also run a few local community meetups where we

help each other learn and grow as well as uh national conferences such as Word

Camp Sydney and um the Linux conferences as well everything open So I have seen

how stressful it can be when websites go down I've had one of my websites

go down uh in the past Uh it's not just the tech it's your reputation and income on the line

as well So that's why I love helping small business owners I feel confident managing and protecting their websites

Now if you want to get in contact with me after this webinar um you can visit my

website zeropointdevelopment.com or you can email me personally that's Will with one L at zeropointdevelopment.com So let's jump

into the goodies shall we I'll just get rid of myself There we go OK so

let me set this up for you Now you might think I'm a small business who would

even bother attacking me But that's exactly why many small businesses get targeted Malicious actors um those hackers

they don't really pick fights Um they're looking for soft entry points So In this

portion I'll walk you through why your business is at risk what's on the line and why staying calm

really matters more than ever Uh now just a little bit of a caveat I'll talk about WordPress throughout this

but it's it's not WordPress specific So these tips and techniques that I'm gonna share um these

are are relevant to if you're on Squarespace if you're on Wix if you're on any other system

So I will use some Um WordPress specific examples um but you know they can be exchanged for anything on

these other systems So this is very very kind of general cybersecurity for for websites OK so Why small businesses

are attractive targets um they're a bit of a low hanging fruit Um automation Uh it's and

scale so hackers deploy automatic tools uh that can scan thousands of websites in minutes uh

for common vulnerabilities things like outdated plug-ins weak login credentials misconfigured servers things like that Um small businesses

are usually have lower defenses So the big organizations they usually invest in dedicated IT security Uh small businesses frequently

don't just can't afford it Um overlook maintenance Uh so many smaller sites are set and forget So uh

weak passwords expired SSLs plug-ins that haven't been updated or tested in in many uh months or

even years uh I've come across those Um yeah so those are kind of the the lower

hanging fruit that most small business owners they're focused on running their business and they don't really have much time

to go uh and check that their website is uh is all secure So what are

the real costs uh when a website is hacked Um this is the kind of emotional and business impact

part So um downtime uh equals lost revenue of course So even an hour offline can uh mean missed

sales uh misleads uh or service disruptions Uh and for maybe a small e-commerce store or

a local service website uh that can really ripple uh across the whole the whole day Um

Lost trust and reputation so your brand perception can take a hit uh customers can question the security of their

own data if you're allowing them to upload data for example uh a WooCommerce profile um things word of

mouth uh their website got hacked and maybe they're careless uh and of course uh

rebuilding that trust is really really much harder um after a hack Then you've got recovery and

cost time as well uh it's even taking the site down and restoring it you're gonna spend hours to

do that coordinate with the host developer all these things So all these hidden costs

um can really really pile up You could be in a position where you're regulatory uh

legal compliance exposure as well Um so in some industries data breaches can trigger obligations such as privacy laws

notification of duties things like that So even if your business is small uh a breach in personal

data like customers' names emails might require a disclosure in your uh jurisdiction Some stats So I put some stats

on screen there's lots lots more um and what I'll do is I'll make these slides

available after the webinar um on a page on my website and they've got links to stats and things as

well so you can go in and get more information But um the average cost of

a cyberattack uh in Australia small medium businesses 2025 this year um is estimated at 122,000 with 60%

of small businesses closing uh after six months of the attack And that is that is really scary I mean

costs can really mount up especially if you're at legal and regulatory Make that a little bit bigger for

you Uh according to the Australian Bureau of Statistics the ABS data uh more than 1 in 5 businesses 22%

reported experiencing a cybersecurity incident in 2021 to 2022 and that was up 8% from the previous couple of years

Uh and in recent reports uh they show that small business cyber incidents are actually increasing Small business cybercrimes

increased 8% year on year with an average cost of the incident Um roughly $50,000 And

massacred themselves they report that up to 309,000 Australian small businesses said they've been targeted

by cyber attacks and of those 33% claim financial loss Um that that's just scary scary

stats There's lots more so I I won't go on because this get worse and worse Um but

a a couple of things to see around that um when something bad happens uh reaction without a plan leads

to mistakes Um so deleting things making wrong restores introducing new vulnerabilities we don't want that So what we

do want is good planning We want to be calm have a good mindset um and employ a faster

and safer recovery process because you know what you're doing Um so you won't always prevent hacks um but you

can control how you respond to these hacks Um so this session's all about giving you that

control It's uh a practical realistic roundup that you can follow uh when you're under that that

pressure that pressure So within that background um the small businesses are targets um the cost can be

real could be considerable uh and what you do first is really really critical So let's dive into the the

one hour emergency plan uh that you can apply even if you suspect that your site is

being compromised Now let me tell you a quick story Um it's very typical of what I see across small

businesses here in Sydney New South Wales Uh local Sydney Mexican food truck business Uh they had 2 trucks

that traded at the weekend markets and they had a small brochure style WordPress website

It listed their weekly schedule so where they'd be what times uh where the trucks would be They operated

on a Friday Saturday and Sunday mostly Um that's where the main revenue was Uh so

the owners were flat out running their businesses Um so website maintenance had slipped Plugins hadn't been updated in

months I think 7 or 8 months that's sort of timescale Uh and some were known to have security

vulnerabilities This is why you need to keep things up to date Um so what happened

at midday uh one Friday they noticed that their phones had gone quiet no online

orders which was a bit weird a bit unusual Um you'd have no phone calls

at all Uh and come lunchtime uh no big queues were outside the truck um

and that was a big red flag So um when they checked the website uh

everything looked fine uh but behind the scenes um the attackers had slipped in a few nasty

surprises They had put a crypto miner hidden on the homepage and they only had a few pages on the

website um but they put a crypto miner on the homepage Um what that does is it hijacks

visitors' devices and actually mines Bitcoins Um a big sign of that is if you visit

a website and you suddenly hear your uh laptop or computer fan go into overdrive it goes woo woo um

then that's that's usually the sign that there's some sort of crypto miner on that page and they

steal the resources off your computer and then they use that to go and mine um cryptocurrency

for for them to make money Um they did notice a change Um the event

schedule page uh had been changed So it had wrong times and it had wrong locations for

for both trucks Now that's that's a bit atypical Um usually when hackers hack a small business website

uh they don't really touch anything Um they install malware or they do some stuff in

the background They're basically using the website as a a transport for other stuff Uh but

in this case um the person had had Nefariously went in and just changed the schedule for whatever reason um

they wanted to do that So uh by Saturday the next day uh regular customers

um you know um had shown up to the wrong park uh no food truck uh assumed that the business

was stopped trading or something had happened to that So trust trust them The impact though um the owner

told me that uh they had lost the whole entire weekend trade It's approximately 67 to $7000 Um

now that's not just website downtime that's that's real world financial loss uh plus hundreds of dollars

in food waste as well um and a big dent in the customer trust Uh

this is a real a real story happened a couple of years ago Um they also had to

pay uh for urgent urgent help from me uh to clean and restore the site uh recommunicate

with their audience as well and reassure the customers through social media So it was it was

a huge thing to do It's a it was a a big big loss for them

in in across all sectors not just financially Um the site had no regular backups um so we

had to wait until business hours in America because they had a host in America uh to

contact their the web host support and just kind of pray that they had a a backup uh which

thankfully they did Uh not all web hosts take regular backups um most do um but thankfully we did

get um uh some backups from there Um I removed all the vulnerable plug-ins I installed Word Fence

it's a security um monitor um and um enabled what we call two-factor authentication and I'll go into that

a little bit later uh and tell you what that means Uh but basically uh

we had uh within 2 days uh the site was clean uh the schedule was back online proper schedule And

the owner learned how to run updates uh safely and keep backups uh off-site all by themselves Just

a process that they did um every week So the key point here really is a website

hack doesn't just hit your site it hits your income uh your reputation your customer relationships So

it's all intertwined together It's it's a bad experience for everyone basically So that's why

having an emergency plan isn't really optional Uh it's an insurance for your livelihood your business Uh and

that brings us to why it's not just about fixing things when they break but it's having a clear plan

ready before anything goes wrong Uh so let's talk about the one hour emergency plan Let me

just make that big so you can see everything There we go OK So before we get

into the steps a quick note um oh yeah I said this before so I'm gonna use WordPress as examples

today Uh you've already heard me mention a plug-in um but whether you're on Squarespace Shopify Wix

or something else uh the principles are identical Every website big or small uh runs on

logins updates uh and backups so this plan can work for you no matter what platform that you're gonna

use OK so here are the steps Step one stay calm And the very first thing to do actually is

is nothing dramatic Um so we don't throw up our hands in the air we don't

run around uh we just you know take a step back uh take a deep breath

And then let's just say I I've got a plan for this let's put it

in action So actually most damage happens because uh business owners tend to panic uh they start changing passwords

they reinstall plug-ins they delete things uh and in doing so they kind of wipe all

the evidence uh that could help them fix it So uh take uh a deep breath uh grab a

coffee because we're gonna be in it for an hour um and um Just remember that you know

you you've got some options you've got this plan that you're you're following So step

one stay calm Step 2 is go offline if you can Um so your goal in

the first few minutes isn't to fix anything it's to stop the bleed Um if your host

gives you a suspended site or a maintenance mode um you can flick that on Um the shop visitors

uh it stops the visitors sorry from getting um infected or seeing something embarrassing while you're kind of actioning this

planning and getting help Now if you're a managed hosting uh you can simply contact the support and say you

know please isolate isolate my site I think it's been compromised and they'll know what

to do But in most cases uh even when visitors are are locked out of

your website Um when you've got it in this lock mode um then you you can usually

log in as an admin and still view the site um and we'll do that next So if

you're able um you can also post a temporary holy message say something like we're performing urgent maintenance It kind

of shows professionalism and it prevents rumors and at least you know people are not

seeing anything bad uh you're in control of that situation So here's a pro tip uh

most reputable hosts have a 24/7 chat support Um so even if you can't get them by phone um give

have a look on their site to get the chat um and they'd uh they'd rather isolate your site for

a few hours uh than have it sending out spam and malware because the hosts themselves don't

want to be responsible for infecting other people Um so yeah do try and get in contact with your your

web host um as as step two Try and bring your website out of uh public

view uh so we call that we call that maintenance mode if that's possible If not again if it's

possible put up some sort of holding screen um or ask your web host to

put up a holding screen that just says you're doing some sort of update maintenance and you'll be online shortly

So step one stay calm Step 2 try and go offline if you can Step 3 is the

the vital next part now If you're not able to go completely offline then that's OK You can go straight

to this one here Uh it's and this one's called capture the data So capture what you see Uh

so the next one is to grab screenshots or even just take your take your phone if you

don't have to do screenshots and do some snaps of what you're seeing um on on the

front end of your website if there's anything weird happening Um it could be things that look a bit off

um strange pop-ups maybe new users in your admin list uh weird file names in your

media folder anything that just looks a bit off Now it sounds small but those details can really

um save your developer or host hours and hours of detective work later So think

of a little bit like an insurance claim um you know the clearer the record the faster the fix

So number 3 is to not panic it's to capture the you take lots of screenshots

lots of phone uh videos or something in the different areas of your website It looks a little bit weird

And again that just gives um the developer the host uh a little bit of information to

help narrow down and to see exactly you know where um where this is happening Um now

a a little bit of a side thing I'll I'll stop here in in the steps The food

truck um what had happened was when we looked at it um when I went in I could see the

schedule had also changed The owner said the schedule had changed So I was able to because it's running WordPress

and WordPress keeps what we call uh unlimited um um Versions versions of those I was able to look

through previous versions and see when that page was updated uh and that gave me a particular date I

could see that it was updated by somebody called um well it said undefined so somebody had managed to

create a new user through a vulnerable plug-in They had actually um uploaded a bit of script

Uh and executed that ran that on the web server which allowed them to create

an admin user They'd logged in they changed that they'd installed a crypto they changed that schedule page

because some sort of weird kick that they got I guess But that that gave me a

date a date that I could then go and look in the the log files and

and uh see roughly what had happened I I found out how they'd uploaded this This

vulnerability So taking on all all that information and giving it to somebody who's looking and trying

to fix the website that's really really really important Um OK so step four is don't unplug

everything yet Um now you might be tempted to start deleting plug-ins uh rolling backups immediately but hold

off on that Um you can't fix what you don't understand straight away Uh and once

you wipe the evidence that's it you know it's it's usually gone or you make

uh matters a little bit worse Uh so containment first diagnosis next and cleanup comes after we

know what we're dealing with Uh so step 5 is um tone and reassurance So I've helped

business owners through this exact stage dozens of times Um this the ones that generally stay calm get

back online quicker uh spend less money and usually keep more of their data intact The panic clickers

um they often make things worse they delete backups or they they reinstall something that is

really really old and just makes things worse Um if you can uh send out a communication

uh to your customers uh letting them know that there's a problem an issue uh and that you're working

to resolve it and that could just be that holding page just say look we're performing vital updates

on our website and we'll be back online as soon as possible Silence is is the

the worst thing you can probably do because it doesn't instill confidence in in anyone So this first

step step one is about fixing Uh so it isn't about fixing it's about um containing freezing the situation

so it can't get any worse And so that's all you need to remember uh when your website

start to arch strange pause isolate and document Uh so once you've contained the problem uh and

taken a few deep breaths uh then we can start to look under the hood Um so step two

is where we do the detective work Um 5 quick checks um that'll tell you really what's what's going

on So step two is run your 1st 5 checks and we'll we'll look through these checks Now so now

that you've contained the situation it's time to play detective Uh these next 5 checks they will

help you figure out what's happening uh how to do the deep um dive as the

problem goes on Uh you don't need to be technical uh you're just gathering clues at this stage

So think a bit like a a checklist uh for your mechanic So you're noting what's wrong

uh before deciding what to repair OK let's have a look Here we go Uh so

step one well substep one is uh check the logins so who's logged in Um

so start by logging into your website dashboard if it's still accessible and look at your list of users or

admins If you see accounts that you don't recognize like strange usernames um or accounts with admin privileges uh that's

that's a big red flag So you want to be um Documenting documenting that um WordPress doesn't natively record who

logs in I'm not sure about Squarespace and Wix if they have records the same um But you can install

a little plug-in if you are running a WordPress called Simple History Uh it quietly logs

who logged in when and what they did on the website It's really lightweight it doesn't slow down your

site so it's a good one to leave running long-term Uh you can install it from

the admin plugins dashboard simply by typing in simple history And then you've got that

thing you've got that thing that evidence that you can then go and have a look at and see who's

logged in who's done what on your WordPress website OK so if you can't get into

your site your host may be able to check the access logs for you Um

so every time something happens on on a a website um when people are visiting uploading downloading stuff

it's all recorded um in server logs So maybe uh your web host can have

a look through those and see if they can see anything uh a a bit weird a bit

uh different Um so that could be a good place for you to to figure out

what had happened So step two is password reuse So be honest with yourself If

your site is compromised one of the first questions you should really be asking yourself is did I reuse this

password somewhere else Now many hacks come from password leaks in unrelated systems uh maybe not

the site itself Uh so um this is why I use tools like Bit Warden Uh so I use

Bitwarden but there's other tools like OnePassword Um they really do matter They help generate unique passwords unique long passwords

um so that um one leak doesn't open every door So if you again be honest if you are that

person who finds it difficult remembering passwords and you use the same password for everything

it's time to kind of break that that uh that functionality and look at using um a password

tool like bit wording or one password Now um The the rising credential stuff in attack so

attackers use leaked credentials from other sites to log into admin panels Um now it's

not just if you are running the WordPress stack it's not all about WordPress you've

got WordPress as your front end but then you've probably got things underneath like FTP um you've maybe got

your C panel or control panel or your web host and dashboard that you log into Um you've maybe

got email an email server that you're logging into as well So make sure ensure that you don't use the

same password for each of these services OK so step 3 is plugin and theme status So next open your

plug-ins uh or extensions list and look for anything that's uh showing as outdated Uh

the most common entry point uh is an old plug-in uh with a known vulnerability There's databases out

there that um show plug-in vulnerability so it's easy for a hacker just to look at those compare

versions and say right I know exactly how to exploit that problem to get into that website OK

so here's an example If you go into your plugins page you can see that these two plug-ins um

need an update Um so you want to be checking that regularly and just uh making sure that those

are all updated Um anything you haven't used in months deactivate it Um that's probably it's like leaving a

an unlocked shed door You don't want to give the hackers any any um way to get into

your website So make sure everything's updated If there's a plug-in you don't use delete it and remove

it uh from the system Step 4 is um domain and Google warnings Uh so check your

domain uh and the search presence as well Now you can do this I'll just make this

big food so you can see Um you can do this by um using Google itself

So what you do is you go into Google and you type site so the word

S I T E with a colon and then you type in your domain name so your website.com and

then you press return Uh and what you'll see is um if you see any odd results like random

pages pharmaceutical links Missing links it could indicate SEO spam Um also check if browsers or Google

search console if they're flagging um stuff on your site as deceptive or contains malware um you'll probably

see a big red um screen or your visitor will see a big red screen to say that the site

contains malicious links uh things like that Um so don't panic it can all be cleared

once the site is is cleaned but it's important to make a note of that

now so we can then go back once it's fixed and clear up um all that

mess Number 5 is email or traffic anomaly So first finally uh take a quick

look at your email um and your search traffic using Google Analytics Um are you suddenly getting weird

delivery failure messages or are you getting spam complaints Uh that could mean your domain is being used

to send junk mail uh in the back end Um again your website might look

fine from the front end um but you know these hackers could be using it to send

out malicious emails and other things like that So you know check your emails Um to see if

if you know you get like do not replies or out of office messages or or stuff like or

complaints Um if you've got analytics installed uh look for traffic spikes from countries that you don't

usually see Um those patterns will help you develop understand what kind of attack uh this

really is So the key point here really is um you can't fix what you don't understand

Uh so these 5 checks in this second step uh give you facts before you act on

this Now once you've gathered um this info uh who logged in uh what's outdated any

odd traffic it's time to reset control So step 3 is all about reclaiming access safely

so that you can uh you're the only one that's in control you're the only one

with the keys So step 3 reset and access safely Now once you have contained the issue and checked

what's going on the next step is simple but crucial Uh you need to make sure

that only you have the keys to your website So this step is about reset and

access safely It's not just about changing passwords Think of it like uh rekeying the locks in your

shop after a break-in So again 5 steps here Uh change your admin passwords everywhere Um so again as I

said previously start with your website's admin login page change the password for there but

then work your way down the stacks FTP your domain registrar your email accounts everything that's linked to your

your website Hackers of um often try to pivot Um if they can get into your host then they

can reupload malware even after you clean the website So make sure that full stack Uh is all the

passwords are are changed for those Uh and don't reuse your old password generate a completely new

one so I recommend when you're generating passwords that you use at least 16 characters like

random characters not memorable Um or um if you want something to remember you can use 4 short random words

altogether Capitalized with a number at the end Um so non-related just random words and that um

it helps you remember and it is as secure as the the random numbers Uh but make sure

you never to store it or write it down in the plain text and store it in the password manager

it's fine but don't write them down on a You know don't don't use one of the

pads and stick it to your monitor or something like that just um get rid of the whole security

OK so uh Number 2 is use a password manager We talked about that just a few slides ago Um

now I know remembering these long passwords if you're using 16 character random uh letters and numbers

and stuff it sounds impossible to remember and that's a good point because it's good for security

But in a in a bad point you obviously if you're managing lots of different systems with

lots of different passwords you know it sounds um impossible to to keep track of those So password

managers that's where they come in Uh I personally use bit wording Um I did use LastPass

for a while but they uh they actually got broken into Although I don't think anyone ever got I

don't think anyone ever unencrypted the the password database stuff that they had but they

did manage to break in and steal steal some data anyway So I moved to Bit Warden Uh but

you can use one password as well It just saves your sanity It uses strong unique

passwords um securely and it autofills them when you need them as well So you log into your

your master password and then you've got all these logins at your fingertips securely Um

it's only only downloaded and encrypted on your local machine when you're actually uh using it So

um all the top password managers use end to end encryption so even they can't

see what your passwords were Um it's one of the safest moves that that you can

make Um I started using a password manager in 2008 Uh so I currently use Bit Warden it's an

absolute game changer so I can generate 16 or 24 character passwords uh random letters or numbers in uh

just a couple of clicks uh and that's longer than most hackers' patience to be honest Um plus

it's got an authenticator app Bit Warren has an authenticator app um which we're gonna talk about in step 3

So that's a handy segue Uh so next uh you want to turn enable multi-factor authentication Sometimes it's called

in without your phone or a one-time code I think I've got a screenshot for that yes

I do So if you if you are using WordPress uh the Word Fence security plug-in has this

built-in the free version has it built in So you can connect it to a free app like Google Authenticator

Offi or the Bit Warden Authenticator app itself uh and both uh take out uh

take about a couple of minutes to set up Um so here we are so we've logged

into WordPress using our username and password and now it's asking for a a two a

two-factor authentication multi-factor authentication code but you then go to your phone You pull up the app

on there and you see all these random numbers They cycle every 30 seconds It's

usually 6 numbers uh that you type in um and with that code you can then

log in But the whole idea is that using the passwords hackers can guess or bots can

guess but they don't have this code It's on your personal device um so that's a good thing to have

The analogy so think of MFA as a second deadbolt on your front door Uh you

can pick one lock uh but you're not gonna get through both OK let's get rid of those Um

step 4 in this one is clean up user accounts So while you're in the admin area

uh remove any users that you don't recognize or if you no longer need access specifically for

admin people Um if you work with freelancers or agency disable their accounts once a project is done uh

don't leave extra doors open for those And the last step here is it's optional uh it's an advanced

tip Uh check your host account recovery details So make sure that the email address that's tied to your

hosting or domain register is current and secure Quite often um these services will Sometimes

asking you um for a verification they might have uh QFA MFA installed as well

and they might send you an email or an SMS to uh to verify your login So make

sure that those details um are correct as well Especially if you've come into a business if you've inherited

a new business or you've changed over some stuff or you've had changes in uh in the

the senior leadership uh make sure that uh your details are the ones that these

uh services are gonna Um come back to you for for information on OK so uh let

me go Uh once you've reset control uh once you've confidently that you've you're the only one that's

got the trusted logins it's time to call in some backup literally Uh step 4 it's all about getting

help from the right people and knowing uh what they can and can't do for you So once you've

locked down the access Let's make that a little bit bigger for you Uh it's time to get

help uh the right kind of help Uh this is where a lot of small business owners uh

waste precious hours calling the wrong people and assuming that their hosts will magically fix

everything They don't Uh think of this step as building uh your emergency crew So each person plays a

specific role So here are the steps within this step 4 start with your with your

web host uh support team Uh your host is probably gonna be your first call because they control that

environment where your site lives in the server Uh they can take the site offline safely uh

so that malware doesn't spread They can restore a backup copy if one exists uh just be just

uh note that sometimes hosts might only take a weekly backup not a a daily backup

so you have to uh think about that in advance Uh check access logs server access logs to see

who's logged in when or check the the plug-in uh history that little plug-in that I mentioned and scan

the server for obvious malicious files and you can do that using Word Fence Uh

it can run a file scan it scans all your files on your WordPress uh on the server and it

can flag ones that it thinks are a bit suspicious Um but here's the key um

for web posts uh they don't usually fix um your your site's code Um web posts are like

your landlord you check check for smoking damage um but they don't repaint your walls that's

that's up to you Um so when you contact them be very clear and calm and

see if something like my my website's been compromised uh please isolate it and preserve

the backup copy uh before making any changes So this tells them that you're organized and prevents uh them

from kind of wiping out valuable evidence Step two is um contact your web developer or your tech

person Uh so once the host has done their part uh loop in your web developer um that

might be a freelancer or it might be an internal person Uh the developer handles removing malicious

code malicious files uh cleaning up databases uh reinstalling clean versions of the WordPress plug-ins and themes Uh they'll

do some testing to ensure that the infection is gone Um they might add monitoring tools um like

uh firewalls like like Word fence uh two-factor authentication get all that stuff uh set up uh and they might

then um you know send out to Google to try and clear up any warning pages or

uh things in that nature So it's really important to know who to contact after that um cos

you wanna be get online as fast as possible So right now uh we're after this webinar

um you wanna make sure that you know the right people to contact if this happens so

that you're you're saving your time Um so they're your mechanic basically uh the host provides

the workshop but the developer does the the repairs Um so in the food truck hack that

I mentioned earlier uh the host did quarantine the site uh but they couldn't touch

the code or wouldn't touch the code to be honest Uh so I came in the next morning

uh cleaned it up um and had them trading again you know within a couple of days So collaboration is

really key um to get you back online quickly Number 3 it it's optional Um this is

a specialized cleanup services So if you don't have a regular developer if you don't

know who to turn to you can't get that IT contact There are some reputable services

that can do one-off cleanups It is uh Securi so S U C U R I uh and there's Malcare

M A L C A R E Uh they are two that I've had clients use in the past

They charge a flat fee um and typically remove malware within hours uh reinstall plug-ins

make sure that the thing is safe Uh after cleanup uh they can also submit uh those requests to Google

uh to lift any of these uh you know the site might be harmful warnings or

contain malicious links So they can do all that for a one-off fee if you really don't have anywhere

to turn to um for that Uh but before paying anyone check their reviews um and ensure that they include

a post-clean monitoring So it's not just a quick wipe it's you know to monitor your website over the

next week or or month for example just to make sure that everything is actually cleaned and

that people are not getting back in somehow the hackers Uh number 4 is actually what not to do That's

why it's in red there Uh so don't post in random Facebook groups asking who can fix a hacked hacked

site cheaply Uh you will get a billion uh messages uh from unverified people all over the place offering instant

fixes from $2 to $1000 So uh stick with your existing relationships um your host your developer or one

of these known uh security uh providers So this is all about trust It's not not particularly

about speed for that that specific cleanup step So in a website emergency you need to know

um you need a team So you need to know um who the host is um so

they can contain the fire who your developers or IT person is so they can repair the damage

and security services make sure that it doesn't flare up again So once you have that

support team uh and you know who they are and it's on um and you've handed over

the evidence that you've gathered that your job basically shifts from reaction to prevention Uh so step 5 is

all about um locking it down uh so you don't have to go through this whole process again fingers

crossed Alrighty So you've made it through the emergency Uh the site is back online passwords are reset

everything's working again Now comes the most important part is locking things down so you don't end up

back here next month So this step is all about prevention uh simple habits to protect your time

your money and your sanity because you don't want to go through this 2 or 3 times

So uh schedule in a monthly 50 minute website check That's all we need to do Treat it like a

business health habit So first up auto updates Most small business hacks happen because plug-ins

or themes are months out of date You've just been busy you're running your business you

haven't had time You haven't put the thing in your calendar um so you've not had time to

go and check and update and make sure the website's all sparkly and and running securely Um

so enabling auto updates um can really help with this Um it means that those security

patches are applied automatically in the background So WordPress specifically has an option where you can enable plug-in by

plug-in uh themes as well to auto update So whenever a patch is released boom that gets updated and

your your website's secure Now it's a digital equivalent of checking your smoke alarm batteries you

know every every 6 months um For auto updates if you're running a small business website 2 or

you've got a bigger business website if you've got an e-commerce website or uh Like a

courses website or a membership website then you've likely got a lot of plugins um that's providing a

lot of different features to for that ecosphere to work Now in some circumstances when

you're updating WordPress plugins uh sometimes there can be a conflict and that can cause

an error and then that can bring your website down It's nothing bad nothing nefarious it's just that you

know lots of plugins that work together sometimes they don't do that nicely if you've got lots and

lots of plugins So um if you are running these these big big plug-ins these

big e-commerce stuff then what I would suggest is and most web hosts do this

is uh to create what's called a staging or a development site So it's a copy of your live website

that runs in the background that only you have access to that then you can

then um update the plugins so you can make a fresh copy go in update all the plug-ins

in there like you know make sure they're all updated And then check the front end of the

website and the functionality to make sure it works And if it does that's fine Then you can just reapply

that um to the live website So it's just a little bit of a caveat So rather than

doing it on your live website you've got these big business websites um copy over to

a staging server uh and then update all that make sure everything's fine and that they'll work nicely

together and then you can apply that on on the live website and be confident that it's it's

gonna work Number 2 is keep backups off-site Um so these are your safety net of course Uh

I hope you'll never need them uh but you're very glad to have them when a disaster like this

strikes Um so make sure that your website is being backed up regularly uh and not just sitting on

the same server Uh why Uh because if your host gets infected uh that backup could get infected too

Uh for WordPress ensure that your backup files you back up the files and the database So

apart from image files and documents WordPress stores pretty much everything in the database so you need to be

backing up that as well So best practice for backups is aim for at least 2 copies uh one with

your host uh and one that you take in an off-site maybe it's a cloud

storage like Google Drive or Dropbox Uh you can have tools like Updraft plus Blog vault

or Jet Backup uh make these things really easy to automate Um if you only

have one backup um So yeah I mean if you only have the one backup you

don't really have a backup you really need two So what I mean by two

is talk to your web post ensure that they're doing a backup um as well uh but take your own

backup so you've got access to that in an emergency like the like the the the van the

food van the food truck um we had to wait hours before um the way post came online cause

they're in America uh to ask them if we could get access to the backup We didn't have

uh access ourselves and that we don't want you don't want to be in that situation Um

I think I've got this somewhere but uh when when should you take backups I think a lot of

people ask me like this Um so if you've got a static website like a one-page business website monthly

it's fine If you're updating content like blogs and stuff then weekly if you're running e-commerce membership site LMS

type site you wanna be doing daily or probably hourly like real-time uh backups as well Uh and there's

different solutions for those I don't want to get into them but just kind of be aware that if

you've got different types of site you might need different types of backups Uh so number 3 is delete

unused uh plugins and themes Uh do a quick spring clean Uh every inactive plug-in or

theme is another backdoor It's a possible backdoor that hackers can try and open Uh if you're not using

it delete it Uh don't just deactivate it You can always reinstall it later on There's no problem

with with doing that So even in active files uh it can be exploited um

if they're still sitting on your web server and that's basically what happened with the food truck as

well Um there was a a plug-in that hadn't been updated in about 8 months It had a

new version ready to go but it hadn't been updated on on that uh on that server and um

somebody a hacker used that they'd used a bit of that code within the plug-in

that allowed them to upload Um a a separate file and bypass the normal WordPress security and then they use

that uploaded file to create an admin user uh for themselves So yeah even if it's unused

uh deactivated it's still it still could be vulnerable Step 4 is monitor with Word Fence alerts or

some sort of security um plug-in Uh so turn on ongoing monitoring uh so that you're not flying blind

Here's a screenshot of uh Word Fence So I like this plug-in Word fence I install it on all

my websites I saw it on my client websites 99% of the time I use the free version Um

sometimes if they've got a big website like an e-commerce membership um then I'll urge the client to pay for

the pro uh at which they get daily update um risk updates uh as they happen Whereas

the free version you've usually got to wait 2 or 3 days Um so this is awesome Um

if you like having this it's like having a security guard who never sleeps you know and doesn't bill overtime

Um so here's a screenshot here uh it just gives you a quick lowdown as to

if any issues and what it's done and what it's scanned and things like that Um so you don't need

to obsess every on every alert that comes up just glance at the emails once a week Uh

the goal is to be aware and not have not having anxiety Uh number 5

optional bonus if you have time Um there are a few extra habits uh worth mentioning briefly

Uh one is review your users every quarterly Remove old staff or old contractors if you're using your website

that way Uh make sure that your SSL certificate is renewing automatically Um you know you want

to make sure that every communication on that website is secure We don't want the SSL certificate to expire Um

because that sends unsecured data and also sends pretty bad trust signals to your uh your client base as

well Yeah I keep all these contact details uh in your um domain registrar up to

date So it's not just about the website it's also about your domain name So wherever you bought your

domain name um Your domain name actually stores the contact details So if after 5

or 6 years uh a domain is up for renewal something like that it will send an email out

to the admin people and the contact people within that database for that domain So

make sure that you're logging into your domain registrar the place where you bought your domain name

And make sure the contact details are are yours So when it comes around to renewing the

domain uh then it's sending you out a reminder that this is going to expire because you don't

want people to pick up your domain name if you've left it expired because they'll get access

to your whole website and your emails and that's just another big nightmare security Um so take these

minutes um uh to kind of close off all these sneaky uh loopholes The key point here really

is uh security isn't a one-time fix It's a it's a good habit that's done consistently So

I'd really urge you to to add that into your calendar If it's weekly if

weekly is too much that's fine But at least ensure that you've got a time slot monthly to spend

and everything is is good to go OK And that's it That's your kind of

respond quickly Um you can recover safely and you can prevent it from happening again in the most part

Uh so in the next uh yeah let's just have a quick poll Here we go Alrighty so before we

wrap up let's do a quick check-in Uh nothing formal and just see where everyone's at Take 1 if

you already have plug-in updates turned on Uh 2 if you don't or 3 if you're not

really sure at all Uh so type the number in the chat See where we're at You

might not have WordPress website so you might not need to do that 3 no idea OK Oh that's

that's OK That's one thing on your to do list for today is to go in

yep we've got to go no as well OK So yeah so have a look at

what type of website you have If it's a a small business kinda page few pages

contact forms services and then then I would urge you to turn on auto updates Um if it's a big

Business website e-commerce membership uh then have a chat to your web host and learn about this copy from live

the staging or or development so that you can then um you know do those updates properly And that's great

thanks for that everyone Um so here we are towards the end here Um so

remember today wasn't really about turning you into cybersecurity experts Um I'd love to do that but we don't have

time today Um it's all about knowing what to do first um when something feels a

bit off or you know something's happening with your website Uh so let's recap these steps

quickly Uh so one is don't panic you want to contain the damage Um two is run

your 1st 5 checks You wanna Um make sure that everything is you want to

capture that data uh as well so you can give it to the person who's gonna be fixing it

Um then you want to reset access safely make sure that you're the one in control that you've got

all the keys you're only one that's got the keys to the website You want to then call the

right people in so this means having a list of people that you can contact Uh

so make sure you do that Probably um another thing on your to do list

today So make sure you know who are the right people to call Uh and

then spend that time 150 minutes per week or 150 minutes per month is locking it down for the

future making sure your website's updated and fixing all those little uh security Yeah Lauren's asking can

you please repeat the cleanup services and company Um yes I can It's I'll put it in the chat

So Curie Is one of them and Is it Mount Malk here is the next one is Wellcare

um Secure is probably the one that people will recognize the most as as as the

brand for those that that would be the first one I'd probably go to is Secure If you don't have

an IT person or at hand um they do those one-off services and and they

tell you how much it is upfront you pay them and then they do all that stuff

and they they will they will lock it down So I've had clients that have uh used Securi in the

past and that's worked really well for them Yep so that that's your roadmap Uh so

whether you're on WordPress Shopify Wix something else um these steps work every time Um they're they're general principle

steps that you can work through um to kind of isolate that um you know gather the

evidence uh take back control and then call the right people to get get it fixed Um the fact uh

that you're here today means you're probably already ahead 90% of the small business owners uh

who'll face this kind of issue unprepared which is is never good Um you have the

knowledge now to act fast and to protect your your business website as an asset Uh so security uh confidence

doesn't come from knowing code you don't need to know code it just comes from having a plan That's

everything in your website you know something this is an issue you wanna have a plan in

your business to to address that So speaking of having a plan uh I've put everything that we've covered

into a simple downloadable checklist that you can keep handy Um so I've called it the website emergency checklist download

Um so you can QR code that there or you can visit uh this page

here Um so if you visit zero.development.com/SBM for Small Business Month um then you will see the

um as a page for for the cybersecurity webinar Um there's also some links for um this guide that

you can download it There's no email or or stuff like that it's just direct download Um so it's

your instant uh worksheets as well and there's recommended tools and plug-ins I think I I mentioned the security and

Malcare for those um as well in there OK so have you got any questions We're coming almost

to the top of the hour One minute left How good was that Uh if you've got any questions then

you can drop them in the chat just now Um otherwise if you give me a few

hours today um uh you can visit that SPN You can visit just now and download that But then what

I'll do is I'll upload this webinar for a replay uh and I'll add the slides

and stuff later on uh today or maybe tomorrow as well So if you missed

anything or want to recap uh you'll be able to watch that um at your leisure at

some point later today or tomorrow probably tomorrow And if you've got any questions then

please uh let me know You're welcome Elizabeth Yes I appreciate your time as well taking

an hour out of your busy day uh to watch this it's no no small feat Oh yeah

thank you EC Thank you OK I'm not seeing any questions coming through and I know you're all busy

people If you do have questions you can visit zero Development.com um and there's a contact

page on there you can contact me directly just put in the subject cybersecurity webinar

uh and um I'll get that information I can answer your questions if you've got specific questions

Uh Laurel says any Facebook professional dashboard Safety advice Facebook professional what what what what what do you

mean about that Laurel I'm not quite sure Is that about Facebook itself cause Yeah I'm not quite

sure exactly what you're What you're mentioning there I'm just looking through if anyone else has got questions Yeah if

you want to get in contact with me uh Laurel about that specific question then

just email me and I'll see what I I can do I'm not quite sure what aspect you're you're

meaning about the Facebook uh dashboard there I don't use Facebook very much Uh I'm mostly on LinkedIn um

these days I'll go back to see Mm Business account not a personal account For for

Facebook yeah I'm I'm not I'm not sure to be honest Laurel I don't really use Facebook very

much I used to use it but um it has it's got so much spam it's got so much

misinformation Um they control the rules on Facebook as well they change things they give

access they deny access It's really difficult for me to justify business building my business model

upon Facebook Um I used to use them for groups a lot I've actually moved to

Telegram Um so all my stuff all all my groups are hosted on Telegram mostly Uh

I do have a couple of groups on Facebook that I update every so often

but I've seen a huge decline in Facebook over the last 23 years There's not

as many people use them Most people are using Instagram now Um most of my business contacts are on

LinkedIn um as well So yeah if you do if if you can send me an email

I can try and give you some help but um yeah I don't really work that

much on on Facebook these days OK that's great thank you so much I'm gonna let you you go

uh to run your business Um remember to have a look through the security plan

uh jot down those contacts At least you've got you know something there ready to go if something happens I

wish upon you that this never happens to your business but please take that time to

make sure you secure your website OK everyone thank you so much I am gonna

end the stream Um I am doing another webinar next week um Let me just have a

look uh I can't believe I've forgotten what it is Vince this one Automation automation starter kit it's

gonna save you 5 hours per week So if you want to do that uh then

sign up for that one you'll find it on the small business website uh schedule Jerome thank you very

much Have a great day and hopefully see you in the next webinar Bye everyone