|

Episode 570 Agency Chat With Ryan Waterbury Why You Need A Security Care Plan?

ByRob
Tweet
Share
Pin
Share

Show Summary

This podcast episode, featuring Rob Cairns and Ryan Waterbury, discusses the critical importance of a security care plan for WordPress websites. They emphasize that businesses often underestimate the risks and costs associated with neglected website security, leading to hacks and significant financial losses. The conversation highlights the necessity of proactive measures such as frequent updates, robust backup strategies (including the 3-2-1 rule), limiting administrator access, and implementing advanced firewalls and spam protection. Both experts argue that website security and maintenance are ongoing processes that business owners should outsource to specialists rather than attempting to manage themselves, ensuring the site’s continuous health, functionality, and reputation.

Show Notes

Key Discussion Points

  • The “Why Should I Care?” Mindset: Many small business owners believe their modest website won’t be targeted. Rob and Ryan explain why this thinking is a direct route to getting hacked and the substantial financial losses that can follow, often far exceeding the cost of a proactive care plan. Ryan shares a shocking story of a client who lost $20,000 in revenue due to an outdated and unmanaged site.
  • The True Cost of Neglect:
    • Ryan has spent over 80 hours cleaning up just five hacked sites in the last year.
    • Initial recovery can be charged at a top-tier rate, plus hours of cleanup, sometimes leading to a $5,000+ bill for a single incident.
    • Compare this to typical care plans: around $100-300 per month (e.g., $200/month = $2,400/year for a mid-tier site), which offers continuous protection.
  • Comprehensive Backup Strategies:
    • Don’t rely solely on your host’s backups, which often only go back 30 days and may already contain malware.
    • Both Rob and Ryan adhere to the 3-2-1 backup policy: three copies, using two different methods, stored in one offsite location.
    • They recommend keeping three months (91 days) of backups.
    • For high-transaction sites like e-commerce or LMS, hourly or even twice-daily snapshots are essential to minimize data loss.
  • The Principle of Least Privilege:
    • If your site has multiple administrator accounts (e.g., 12 or even 21!), you’re creating unnecessary security risks.
    • Limit access to only what’s necessary. Ryan creates custom “site admin” user roles that allow content management without access to critical plugin, theme, or file editing functions.
  • Beyond “Set It and Forget It” Updates:
    • Weekly updates are no longer sufficient. Both Rob and Ryan perform updates on clients’ sites multiple times a week.
    • Avoid turning on automatic updates without a proper care plan and pre-update backup strategy. Updates can break things, and you need to be prepared for quick rollbacks.
    • AI is accelerating both exploit discovery and patching, making frequent updates even more critical.
    • Investing in care plans covers the work involved when updates inevitably cause conflicts.
  • Website as a Business Asset: Your website is your 24/7 marketing and sales tool. Downtime means lost revenue and damaged reputation, even for non-transactional sites.
  • Form Security is Paramount:
    • Regularly test your website forms. Untested forms are often broken lead capture tools.
    • Implement solutions like Cloudflare Turnstile to dramatically reduce spam submissions.
  • Why You Need an Agency (Like Ours!):
    • “Your job is not to run your website and secure it.” – Ryan Waterbury.
    • This is the core message of the episode: focus on your core business and delegate website care to experts.
    • Professionals stay updated on security threats, manage resources (like server upgrades for active firewalls), and implement best practices that the average business owner doesn’t have time to learn.
  • Security is a Process, Not a Product:
    • There’s no such thing as a “perfectly secure” site. The goal is hardening your site to make it incredibly difficult for bad actors.
    • This involves continuous monitoring, reading security bulletins, managing firewalls, implementing two-factor authentication (2FA), and understanding evolving vulnerabilities.
    • Even after a site is recovered from a hack, it takes time for it to “fall off the radar” of the hacking community.
  • The Importance of a Hosting Partner: Choose a web host that acts as a security partner, not just a vendor. Beware of hosts known for upselling security packages or having poor baseline security (e.g., the former EIG/Newfold).

Resources Mentioned

  • Sucuri
  • Patchstack
  • SolidWP
  • Hacker News
  • Cloudflare Turnstile
  • Book: Chasing Shadows (Author to be named in show notes – check your preferred bookseller)

Don’t leave your website vulnerable! Investing in a professional care plan is essential “cheap insurance” for your most vital online asset.

Tweet
Share
Pin
Share

Similar Posts