90% of WordPress sites are at risk from hackers. Phil Storey launched the Glow app to solve that …

Launching a company in April 2020 was no mean feat for Glow founder and director Phil Storey. Guiding his team to help small businesses in the fight against cyber crime with the aim of protecting online assets as they do so.

Sucuri, the GoDaddy-owned security vendor analysed 18,302 infected websites and over 4.4m cleaned files to compile its latest Hacked Website Trend Report. It revealed that WordPress accounted for 90% of hacked websites in 2018, up from 83% in 2018. The situation has only worsened since then, paving the way perfectly for Leeds based Glow to step in.

Glow is a website maintenance app that helps to keep WordPress sites secure, functioning and optimised for performance. Over the past six months, Phil’s team has promoted and sold it into companies who are determined to keep transactions flowing online despite the covid chaos. As more people have turned to online to maintain their businesses, in hindsight it turns out that April was in fact a fantastic time to launch! He speaks to managing editor Richard Alvin on our Business Matters podcast, hear the full version here or read on for our chosen snippets of their discussion …

Starting a company in April this year must have been a whole new challenge

Well a global pandemic and lockdown definitely wasn’t in the plan that’s for sure! However, what with the constraints on businesses that lockdown brought, and many turning to a much higher focus with online resources, we’ve ended up achieving quite an interesting start in the digital world.

Have you designed the business to encompass multiple verticals of clients?

Yes, we’ve mainly got three different kind of types of clients. We create a white labeled version of our app, branded for marketing agencies who can then sell the service to their clients without the headache of having to perform any system changes themselves. We don’t actually do any kind of delivery of service for web developers, but what they’re able to do is license Glow as they’re maintaining multiple websites. Glow is also perfect for small to medium sized businesses who want to protect their online assets without paying high developer led prices.

We’ve seen a number of templated website hosting companies thrive in recent years – Wix and Squarespace to name two, why did you choose to focus on WordPress?

Regardless of the content of actual business site itself and who it’s covering – it could be a marketing agency, hairdressers, shop or car garage website, either way, WordPress accounts for about a third of the entire internet. Crucially, if you go back, 25/30 years when Microsoft flew to popularity in the personal computer world, viruses were being created left, right and centre to attack Microsoft products and systems. WordPress is such a popular system for online trade, there are hackers constantly trying to kind of spoil the party very regularly. I knew Glow had the niche ability to protect companies on a small subscription basis.

What was the light bulb moment when you thought: everyone needs Glow in their life?

So prior to Glow I was 50/50 in a small marketing agency with a business partner of mine, and it just wasn’t working for me so I decided to leave that business. However, it was a far more stressful and complex exit than I thought it was going to be. I managed to leave with some clients, but in a city like Leeds with so many marketing agencies and web development complexes, I knew that I didn’t want to build just another marketing agency. I’ve got a pretty strong network in the area and quite a few people were saying to me ‘you know you talk about the maintenance side of things a lot. Why don’t you consider focusing on that as a niche?’ Off the back of those conversations I did some more research and created the concept of Glow.

The statistics are terrifying for SME’s – a total of 43% of all hacks occur to small business websites. For anyone concerned about security, what are the really quick fixes that our SME readers should be doing on their WordPress website?

Yes, it’s a complete misconception that you’re free from hackers if you’re a smaller business. They’re just as keen to hack their way into smaller sites, so here are three quick things you can do to help deter them …

Number one: with every WordPress website that’s built, WordPress uses a load of default settings, and one of those is the default user that gets access to the back end of the website. That user is always known as ‘admin’. Every hacker on earth knows this so we always strongly encourage people to get rid of that username and create a new one. It could be your name, it could be whatever you want it to be just as long as it is not ‘admin’, when you’ve created the new name, delete that old account.

Please don’t tell me that the default password is also ‘password’ …

Well that brings me on to my second point: the WordPress password will be unique, but it’s still a good point to make, because even though we’ve had the password game drilled into us for 20 years, people are choosing it to be their business name with a ‘123’ at the end of it. It’s just amazingly easy for hackers to get that. WordPress can generate really strong ones for you that are random, you can save it in the browser and then you never have to worry about it again so creating a really strong password is one we’ve all heard before, but it’s one that’s always worth mentioning.

Point number three, without getting too technical, is to change your default login. So again, for every WordPress website, the route to logging in to the backend of the website is always your business name.com, forward slash ‘WPadmin’. And again, every hacker in the world, that’s trying to get into a WordPress site knows that. You can change WPadmin to whatever you want – you can change it to Barcelona or Leeds United, however, just ensure it’s something different. Three tiny tips there that are easy to do – they might not guarantee keeping everybody out, but they will slow people down and put them off from thinking that you’re an easy target.

What’s a problem that you’ve seen occurring due to an increased number of online shoppers and visitors to sites through the covid lockdown?

A number of clients have been complaining of having the issue that their forms are breaking. So you’re trundling along with your business and everything’s hunky dory, people are filling in forms on your website … but they’re not coming through. So you’re missing out on all those inquiries. If they’re not tested regularly, the issue could go unnoticed for weeks, months, potentially. Reader’s put a note in your diary every couple of weeks to test your website forms. You also need to double check all links on your site every month too to ensure that everything’s working the way that you want it to. Google’s going to be getting hot on that next year and really drilling down into the user experience of websites to boost searchability with it’s ratings so it’s worth being prepared for it now.

Would I be correct in saying that when WordPress releases an update, usually a security update, you need to initiate the update as soon as it’s released and not wait a day or two, or weeks, just go for it straight away.

Yes get it updated as soon as you can. And the reason for that is that all these hackers are doing all day, every day, is trying to break into websites by finding a weak spot. They’re well aware of the security vulnerabilities in older versions of WordPress and older versions of the plugins that you’ve got on your website. What I would add to this point is, that it’s not just quite as simple as clicking ‘update’, because sometimes things can go awry in the update process, firstly, always make sure you’ve got a full backup of your site before you do the update. Then just do a quick check on the front end of the website, your phone, check on your laptop to see that the website is still working as it should, post update. If it isn’t, you can roll back because you’ve got a backup. If it is good to go, then simply backup your current version and get on with your day.

So has covid affected or slowed things down for you?

I actually think it’s probably had the opposite effect due to our reseller model that I mentioned briefly earlier; for marketing agencies, we needed to be chatting and selling into the owners. So when lockdown set in a few months ago, instead of being locked in the busy office environment, they all were at home without the day-to-day distractions. We were then able to set up lots of meetings with them andGlow has grown really nicely. We’ve even been nominated for Tech Innovation of the year at Leeds Digital Festival and we’re amongst some amazing businesses so that’s really quite humbling after only six months of existence.

What are your plans for Glow in the future?

Well, ultimately, I want Glow to be the go-to website maintenance tool for WordPress. Much like you’d sign up for Google Drive or Xero or any SaaS tool that we use in our day-to-day running of businesses. We’re potentially looking to get some investors on board as well so there’s a lot of conversations going on around that at the moment to help us grow at a more rapid rate. It’s challenging times but exciting times.


Cherry Martin

Cherry Martin

Cherry is Associate Editor of Business Matters with responsibility for planning and writing future features, interviews and more in-depth pieces for what is now the UK’s largest print and online source of current business news.
Cherry Martin

Cherry is Associate Editor of Business Matters with responsibility for planning and writing future features, interviews and more in-depth pieces for what is now the UK’s largest print and online source of current business news.