We'll Help You

Get Your Business Online

- Websites
  Create a free website that comes with built-in marketing tools.
- Online Stores
  Launch a store that comes with everything you need to start selling, including marketing tools.
- Appointment Scheduling
  Add online scheduling to your website so people book appointments with you.
- Domains
  Claim a custom domain to make it easy for people to find your brand on the web.
See overview

Market Your Business

- Email
  Engage your audience with beautiful, branded emails.
- Landing Pages
  Design landing pages that grow your audience and help you sell more stuff.
- Digital Ads
  Reach people on Facebook, Instagram, and across the web.
- Social Media
  Build your following with targeted ads and organic posting on Facebook, Instagram, and Twitter.
- Postcards
  Send printed postcards around the world with the help of our address finder.
See overview

Platform Features

Audience Management

- Marketing CRM
  Get to know your audience and find new ways to market to them.
- Signup Forms
  Grow your audience with a pop-up or embedded form.
- Segmentation
  Segment your audience based on shared traits.
- Behavioral Targeting
  Target your messages based on people's purchase behavior, app activity, and more.
- Predicted Demographics
  Get predictive insights about your contacts so you can personalize your marketing.
- Tags & Contact Profiles
  Keep track of what you know about your people with customizable tags.
All audience tools

Creative Tools

- Content Studio
  Sync, store, and edit all your images and files in one place.
- Creative Assistant
  Get beautiful, on-brand designs made for you with the power of AI.
- Dynamic Content
  Personalize individual content blocks within your emails.
- Subject Line Helper
  Get real-time feedback on how to refine your subject lines.
- Campaign Templates
  100+ pre-designed email and landing page templates that fit any message.
All creative tools

Marketing Automation

- Customer Journeys
  Design personalized journeys using conditional logic and branching points.
- Integrations
  Sync your store data and connect other tools to unlock more automation features.
All automation tools

Insights & Analytics

- Reports
  Track sales and campaign performance in easy-to-digest reports.
- Smart Recommendations
  Get personalized recommendations to help you make your next move.
- A/B Testing
  Test different versions of a single email to see how small changes can impact your results.
- Surveys
  Gauge interest and customer satisfaction by gathering feedback.
- Content Optimizer
  Make your email content more engaging with personalized suggestions for improvement.
All insights tools

Not sure where to start?

- E-Commerce and Retail
  Drive traffic and boost sales with a marketing platform that seamlessly integrates with your store.
- Mobile and Web Apps
  Reach new customers, send behavior‑based campaigns, and increase engagement with your app.
- Startups
  Find product‑market fit, learn from user feedback, and launch your first marketing campaigns.
- Agencies & Freelancers
  Get perks and tools for managing clients when you join our free community, Mailchimp & Co.
- Developers
  Integrate marketing data, send transactional emails, and build integrations using our APIs and documentation.

Learn

Mailchimp 101

Help Center

Marketing Library

Explore our collection of resources to help build your business and boost your digital marketing.
- Marketing tools and tactics
- E-commerce Automations: Time-Saving Techniques for E-commerce
  
  See how Mailchimp’s e-commerce automations can save you time and help you convert more first-time buyers into repeat customers.
- Business Stages
  - Prep & Start
    Learn to write a business plan, build a brand, and turn your ambition into a successful business.
  - Manage & Run
    Off and running? Find tips to help you lead, manage, and make your business even better.
  - Grow & Scale
    Whether you want to grow your team, your following, or your sales, we've got ideas.
See overview

Podcasts

A collection of original content that celebrates the entrepreneurial spirit.
Podcasts
- New podcast from Björk
  
  In Sonic Symbolism, hear Björk and her collaborators discuss the making of her last 9 albums.
- New podcast: Listening
  
  Explore the minds of 10 musicians as they use their surroundings to make sense of the world.
Listen

Series

A collection of original content that celebrates the entrepreneurial spirit.
ORIGINAL SERIES
- Switching Off
  
  Family comes first, especially this time of year.
- A Family Business
  
  Kick start the holidays with this Second Act episode chock full of food, family, and tradition.
Watch

Films

A collection of original content that celebrates the entrepreneurial spirit.
Films
- Crown Candy
  
  This 100-year-old candy store in St. Louis is rich in history—and chocolate.
- Welcome to Noodle School
  
  Students come here to learn from the best and get their shot at a billion-dollar industry.
Watch

Expert Insights

Case studies and how-tos to take you from startup to scale-up and beyond.
Workshop
- How to win customers without social media
  
  As social media ads become less effective, how else should you go about acquiring new customers?
- The $10 million T-shirt
  
  How did a ‘Black Founders Matter’ T-shirt design transform into a venture capital firm? According to founder Marceau Michel, it was almost completely by accident.
All articles

Industry Trends

Industry deep dives, macro trends, and profiles of fascinating businesses and founders.
BRIEFINGS
- Stepping away at the right time
  
  For Orange Bus founders Julian Leighton and Mike Parker, leaving the business was always the plan.
- What's in a name?
  
  At first glance, the name of your business might not seem like a crucial factor in your success – but getting it wrong could cause complications. Here are the basic elements to consider.
All articles

Smart Living

Self-improvement, brands to check out and things to see and do – from food to fashion.
LIFE
- Starting your day right: Laurence Leenaert
  
  Laurence Leenaert, founder and designer at LRNCE, a handmade ceramics and lifestyle brand in Marrakesh, on her morning routine.
- How I live: Kerol Izwan
  
  The founder of Malaysian publishing and lifestyle company Musotrees on why he quit the nine to five (and his career as a biologist) to build the thing that makes him happy.
All articles

Website Security 101: How to Secure Your Website

Website security is complicated, but we’re here to help. Here’s what you need to know about securing your website, common threats, and ways to defend against cyber attacks.

Protecting a website from malicious hackers requires protecting every way a bad actor can harm your website. Depending on the size and scope of your website, this might include cloud security, web application security, virtual private network (VPN) protection, locking down your web provider account, or having a disaster recovery plan.

Even companies with dedicated teams of cybersecurity professionals report attacks frequently. For small and medium-sized companies, the threat is just as significant. However, smaller companies also have fewer recovery resources. Diligent protection of a website is essential, but it is just as important to have a plan in place in case a cyber attack is successful. This will limit the damage and allow your business to continue operations.

What is website security?

Website security is the protection in place to protect a website from attacks. Since attacks can come from many places, website security is multidimensional. The US Cybersecurity & Infrastructure Security Agency (CISA) warns that cybersecurity attacks are increasing in number and severity.

Why should you have a secure website?

It is important to keep your website secure to prevent cybersecurity attacks. A secure website is the best protection from someone making unauthorized changes to your website, theft of customer data, or preventing you from completing the business activities you need.

What security website should I monitor?

In the US, watch the Cybersecurity & Infrastructure Security Agency (CISA) website for alerts about new vulnerabilities and threats. It’s also good practice to enable security alerts from every software app you use for your website including the content management system (like WordPress or Salesforce), plugins, browser alerts, and so on. You can only prepare defenses for what vulnerabilities you know are out there.

Common website security threats

Data breach

A data breach happens when someone exposes confidential information. Data breaches can happen by accident, but cyber thieves also target websites and web applications to steal data that they can sell on the black market or use to break deeper into the company’s network. Financial and medical data are common targets, but hackers can also sell student data, private correspondence and photos, and customer contact information.

Data breaches are costly, and not just in terms of lost income. Customers can sue if their private data is stolen and they can show that your company was negligent. National governments are becoming more aggressive in protecting their citizens' data, so large fines and legal sanctions are also a possibility. Data breaches can also destroy a business’s reputation and the public’s perception of its trustworthiness.

Denial of Service (DoS) and loss of website availability

A Denial of Service (DoS) attack is an attempt to crash a website by overloading its servers. A similar attack is a distributed denial of service (DDoS). In a distributed attack, the traffic is coming from multiple resources. This makes it more difficult to stop. You can block one source from flooding your webpage, but it is much more difficult to keep hundreds, especially if the list is constantly changing.

Ransomware

Ransomware is a malicious computer code that blocks access to your website until you pay a ransom. Ransomware is becoming more frequent for small businesses and government municipalities. A criminal encrypts your computer files and user data, then offers to sell you a decryption key in return for cash (often Bitcoin or another cryptocurrency). This is a highly profitable crime because it costs less to pay the ransom than to regain access to business files any other way.

It has become so profitable that CISA and cybersecurity watchdogs warn that dark web users are offering Ransomware as a Service (RaaS). RaaS is a subscription-based business model where a criminal firm develops ransomware tools, then sells the tools to affiliates. When the affiliate uses the ransomware successfully, they pay a percentage of the ransom to the criminal firm. This removes the need for technical skills and opens up ransomware to anyone willing to pay the affiliate fee.

Cross-site scripting (XSS)

Cross-site scripting (XSS) happens when a malicious actor injects executable scripts into a website’s code. When this is successful, the hacker is able to access control of the website and impersonate people who have legitimate access to the website’s code.

SQL and code injections

SQL injections (SQLi) use SQL code to manipulate the databases connected to a website. SQL stands for scripted query language. It is used by database administrators to control the data in a database. An SQL injection bypasses the webpage to access the database directly. Once hackers access the database, they can destroy data or copy it to sell on the dark web.

Stolen passwords

Most websites are secured by passwords. Passwords can be broken by software programs that try different combinations until they find one that works. Or in many cases, web developers use the default passwords that come with their web administrator account. If a hacker has the username and password to a website, they can do any amount of mischief or malicious activity, from defacing the webpage to making the files irrecoverable.

Steps you can take to secure your website

Keep software and security patches up-to-date

Keep all your software up to date. Most website attacks originate through the Content Management System (CMS). Popular examples of CMS are WordPress, Joomla, and Magento.

Turn on the alerts so that you know when Microsoft, WordPress, or any software vendor releases a patch or security enhancement. These are often released in response to a newly discovered weakness, so time is a priority.

Add SSL and HTTPS

The MailChimp Web Builder includes an option to add encryption through SSL certificates that protect monetary transactions. HTTPS is an encryption tool that protects data that needs to be secured, like financial or medical records.

Require complex passwords and require frequent changes

Strong passwords that are changed often are one of the easiest and most effective ways to protect your website. When the option is available, use multi-factor authentication. If it annoys you, it annoys hackers and bots trying to hack into your website even more.

Restrict administrative privileges

The fewer people who have administrative access, the easier it is to keep track of everyone. When someone leaves your company – especially if terminated – disable their account immediately. Not everyone working on your website needs admin privileges. Grant privileges according to what the person needs to do. If someone needs temporary access for a special project, you can add the new rights needed, then.

Change default settings, especially default passwords

Default settings are often the same for everyone who buys a software application or hardware product. This means that anyone else using the same apps you do may know your login credentials. So change them as soon as you install a new product.

Backup your files

Backing up your files gives you a way to quickly recover from any type of cybersecurity attack. The MailChimp Web Builder offers the option to automatically backup your files when you set up your website. This is strongly recommended because it is too easy to forget.

It is important to keep backup files in a secure location separate from your website files. This is because if a hacker gets into your web account, they also have access to your backups. Saving your files offline gives you an alternative to paying a ransom because you can restore the encrypted files yourself instead of paying the criminals.

Prepare a recovery plan before anything happens

Cybersecurity attacks can still happen no matter how diligent or careful you are to maintain security on your websites. Prepare a recovery plan just in case. Drill your team occasionally to make sure the plan is current and everyone knows what needs to be done.

Maintaining security for websites is a constant process. New vulnerabilities appear every day. If a breach happens, get your website back online. Once your business is up and running again, look at what happened and take steps to keep it from happening again.

©2001-2022 All Rights Reserved. Mailchimp® is a registered trademark of The Rocket Science Group. Apple and the Apple logo are trademarks of Apple Inc. Mac App Store is a service mark of Apple Inc. Google Play and the Google Play logo are trademarks of Google Inc. Privacy | Terms | Cookie Preferences

Try searching for

Marketing tools and tactics

Business Stages

Podcasts

ORIGINAL SERIES

Films

Workshop

BRIEFINGS

LIFE

Website Security 101: How to Secure Your Website