Essential

Website & Email Security

Protecting your website & business email

Website security means protecting your site and business email from hackers, malware and data leaks. A safe website keeps your customers’ data private and your business running. We install SSL certificates, manage secure passwords, run checks, and apply updates so your site and email stay protected.

We setup the security for you so you can focus on your business. From editor access to email accounts, all are setup and secured with strong passwords – we handle the technical work. Saving you time and reducing risks. We’ve been securing websites and emails accounts for over 20+ years, all our customers trust our friendly, reliable service.

Protecting Against

  • Hackers
  • Malware
  • Bots
  • Login Attacks

Why use us?

Protecting websites and email accounts is an essential service, because in the background websites are targeted every day for weaknesses. The main reason is usually control and money, as gaining access to a website enables them to either steal data, add malicious code to infect or redirect your visitors or sell this access to someone for money, so they can do the same.

We make website security simple and dependable. With over 20 years in hosting, we know the threats and the best fixes. We setup secure email accounts for you, create strong passwords, install SSL, and monitor your site. That means you can spend less time on security issues and more time on your business.

Choosing us saves money as well as time. By preventing breaches and reducing downtime we cut costly emergency fixes and lost sales. We are approachable and trusted by many long-standing customers. If you prefer extra protection, our full security package includes boosted global speed, available when you choose the custom package option.

Get the website security you need

All our website packages come with built in security, plus the hosting and email protection that helps you to stay safer. So choose Compass to host, build and support your business today.

Choose a website package with built in Security

Weakest areas hackers use to access websites and email accounts

Most hackers look for easy targets and common mistakes. They prefer low-effort methods like weak passwords, unsecured email, and out-of-date plugins. We protect those weak points with hardened defaults, regular scans, and fast response.

Email and website weak spots often come from human error or poor setup configuration rather than exotic tools. That is why we focus on strong authentication, optional email spam protection, patched software. Below are the main weak areas, with plain explanations.

Short or reused passwords are straightforward for attackers to guess or crack. Unfortunately with all the breaches globally, many people have common passwords that are going to allow hackers into their online accounts. We enforce strong passwords for your editor access on your website and email accounts. We will even change any of your passwords for free if you have any concerns or change them ourselves if we suspect a password has been possibly compromised. This level of support is very proactive and helps support your business.

Tricked staff can hand over credentials or install malware by mistake. We recommend staff training and setting of technical controls to limit damage from human error. If you are concerned about an email, you can forward to your dedicated contact and they will reply to let you know if it is safe, often with an explanation for why it was spam so you can spot them in the future.

Email is used for password resets and business communication, making it a prime target. We will never send your login and password access on a single email. This is because emails are not safe and can be intercepted. As a customer we will have a way to pass you access and passwords without being exposed on a single email as many companies do.

For added security we recommend our optional email spam protection, helping to further reduce spam, phishing or infected emails.

Attackers try many username and password combinations to break in. Our automated systems monitor and block suspicious login attempts and limit repeated failures before lockout. These attempts are also reported to us so we can study for new weaknesses or attack styles, with this information we further adapt and improve security for you.

Malware can hide in side files and run harmful scripts when visitors load pages. Our automated systems block uploading of certain file types, block malicious attacks (often called bots), scans files on your website and sends reports to us so we can assess.

Without SSL, data between users and your site is not encrypted and search ranking will suffer. We install and renew SSL certificates and fix issues if your website needs to move servers.

One of the biggest issues with websites being hacked is they had no backups of their website. This is a serious issue as those backups are essential in an emergency. No, or poor backups, mean lost data after a breach or error. We run seven day rolling secure backups for all our websites, so your site can be restored quickly.

Please note that in over 20+ years we have never had a website hacked or infected. This is not because our sites are not attacked, almost every website gets attacked but due to the website security we put in place to protect our customers, websites and their data. This is another reason we do not migrate websites to our servers, as we cannot guarantee the code on any website is 100% safe, protecting our customers is extremely important.

If you are familiar with WordPress (or any other CMS), you’ll know that gaining admin access is like having full control of your computer. Once access is gained they have full control over your website. So we protect your website by giving you editor access so you can update your websites, we then securely protect any other access with extra authentication layers.

XSS lets malicious scripts run in visitors’ browsers via your site. Our automated security that runs on all our websites sanitises inputs and uses secure coding practices to block script injection.

Attackers use input fields to run unwanted database commands. We use prepared statements and input validation to stop these attacks. Our automated security runs 24/7 on every one of our websites, working to protect against SQL injection attacks.

Third-party plugins can carry risks if not updated. We review, update or replace risky add-ons to reduce exposure. Unfortunately there are hundreds to thousands of plugins that have weaknesses or become compromised. We receive reports of compromised plugins and restrict plugins running on our websites to maintain the security for our customer.

We reduce the reliance on third party themes from third party companies by building every web design from scratch, relying on our core design software, as this has a proven record for reliably, speed and support.

Mistakes like accidental file changes or password sharing cause breaches. We structure our websites to limit some of these issues, by promoting strong passwords and advise on how to securely store access to your website or email accounts. Human error is and always has been a weakness, but with hackers finding new successful ways to gain access to emails and computers, having safe and secure ways to still thwart them is essential to keep your website and email accounts safe.

Attackers often exploit known vulnerabilities in old software, this is especially true of software that runs all the hosting of websites online (it’s like your OS on your phone or computer). So our maintenance team manage updates and keeps the code that runs our customer websites up to date. Most upgrades are to keep your website safe, so if an update is essential, then we will make these changes in the background. Most of the time you will never know these are being updated on your behalf, we would only let you know if some software that runs your website specifically is not compatible, so we can take additional steps to resolve that issue.

FAQs about website and email security

There are many frequently asked questions that businesses ask about website and email security, below are just a few of the more common questions we are asked. If you have any questions, please contact us and we will be happy to help further.

Website security protects your site and data from hacks, malware and unauthorised access.

SSL encrypts data between your site and visitors, it scrambles the data (text and images) between the website and a visitors’ browser so hackers cannot see what a visitor is viewing, this builds trust and helps your search engine rankings. On older browsers a secure website would show as a padlock icon in the area your website would show the website address. Many modern browsers have removed this icon.

Yes we create strong passwords for your editor access and email accounts. We make contact with you personally so we can be sure you are always the person we deal with in the future. This helps to add an extra layer of security to protect against anyone trying to get us to change access information. We always have your editor access information, so if you lose it or need it changed, we can do this securely for you at no additional cost. Email accounts can be changed within the webmail, but we recommend using us to keep this up to date or changed, as we will always keep them secure and we will never access your emails without your permission.

Yes, we run daily encrypted backups on a seven-day rolling basis for every website we create. We offer an additional monthly, quarterly website backup for customers who want that extra peace of mind for critical websites that are either updated loads or run eCommerce etc. Simply select additional monthly backups when you order a custom website package.

In over 20+ years we have not had a known hacked website, but we have disaster recovery procedures in place for such an eventuality. For peace of mind, we would delete the website (as this is the safest way to clear any infection safely) and restore from a safe backup. Depending on investigation of how the infection timeline happened, we would remove the vulnerability to protect all our websites.

Yes, SSL installation and automatic plugin updates are included for the first year with all our website packages.

In one year from your deposit being paid you will receive an annual renewal for hosting, any additional data used above the 500mb hostplan and domain renewals if taken out with us, once this is paid, SSL and plugins are automatically renewed.

Unfortunately we do not support third-party plugins, if a third-party plugin negatively affects essential security updates then we would need to disable this, as security is the priority of our websites. In this situation we would work to resolve the third-party plugin and give you a cost in advance (explaining the reasons).

If you have email accounts, then it’s almost impossible to stop your email address from eventually being on a spammers list. There is no point in replying to them as that will just validate you are a legitimate email address and they will sell it to other spammers. Everyone has a different level of tolerance for spam emails. If you hit a limit where it’s affecting you, or you want additional protection from the start, we can add email spam protection to automatically help reduce spam and phishing emails to your inbox. This is a valuable service for those that use their email on social media or online advertising to promote your business.

Yes, we can both speed up our customers website speed for website visitors around the world, this service also helps to hide your website’s true location by adding extra layers of protection. This is not needed for local UK businesses, but if you have a large website and need the best speeds for visitors around the world, we would recommend having our boosted speed Simply select the custom website package and tick add boosted global speed to your package.

We receive automated reports on modified files, attacks and attempts to login to our websites, even though they are blocked, we monitor login attempts (even successful logins!), to make sure your website is safe and secure and not being accessed by unwanted third-parties. If we suspect any access that is not you, then we will contact you, temporarily remove access to that editor and liaise with you to confirm it was yourselves before unblocking or escalating it.

All our websites apply privacy and security best practices to help you meet GDPR data protection obligations. Our websites as standard do not require “allow cookies” as we do not track visitors.

We do not migrate websites due to possible security issues, not knowing the history of another website we cannot guarantee security and compatibility. So if you would like a website built by Compass Business Websites, get in touch and we can talk you through either replicating or upgrading your website.

Our standard website security is included in the price of your website package at no extra cost! Unless additional services are requested, most of our customers only receive a new bill in a year for your hosting and domains. This hosting cost includes built in security software and 500mb data used by your website and emails.

Pre-order your website package today and trust Compass Business Websites to help you keep your website and emails safe.