website protection

So you’ve launched your site and you’re ready for the rush of traffic, enlisted your team to create blog posts and determined to keep it fresh. But before you worry about content strategy and growing your market share, make sure you ask this question: have you taken the proper steps to protect your website?

Crashing servers, conflicting code, and nefarious hackers wreak havoc on unsuspecting business owners who expect their site to be that always-on resource for potential customers. In 2013, as many as 30,000 websites a day were being hacked1. With that in mind, here are three easy (and inexpensive) things that everyone should be doing to make sure their website stays up and running.

1. Keep it updated.

The best, easiest thing you can do to protect your site from a hack or crash is keep the platform updated. Depending on the CMS (content management system) you use, you should expect new software updates at least every 6 months, but sometimes as often as twice a month. Developers release these updates (or patches) for one of three reasons: security, bug-fixes, or feature releases. Software like WordPress maintains a release log that shows “Security and Maintenance” releases occurring just under once a month, while major feature versions come out in three to five month intervals2. Staying up to date is crucial if you want to protect your investment.

Options:

Automated updates – Some CMSes (especially subscription platforms like HubSpot) offer automated updates, which will automatically install new software as it’s released. These are convenient, but you need to check your site regularly to make sure that the updated code hasn’t broken any of the functionality that you rely on.

Managed services – Some hosting providers operate a managed hosting environment where they will go into your website, update software and plug-ins, then test site functionality to ensure compatibility and security. These are nice because they guarantee a working site that is updated without much of your attention. Some even will send you notifications of when updates have taken place.

Manual option – For the do-it-yourself types, updating a CMS is typically a fairly straightforward process, you just have to know where to look. In WordPress there are notifications in the dashboard that will lead you to update your software when new releases are available.

2. Back it up.

Keeping the site backed up in an off-server location is the absolute safest way to make sure that you can roll back. Adding the wrong plug-in that breaks the site, hackers injecting malicious code, or catastrophic failure of a third party system (like your host) can all lead to very bad days and potentially big losses. While our most risk-averse clients have asked us to build augmented backup systems to make sure there is no chance they’d lose the current or legacy version of their site, some are satisfied knowing there is a daily backup for the last 3 weeks available. Just make sure that if your site relies on a database, back that up too! You’d be sad to find that your backup only contained the style of the site, and none of the content.

Options:

Hosting companies default backups – Many hosts provide daily backups for a short period of time. Most of our sites are launched on WP Engine, which keeps daily backups for 20 days. For some people, that’s plenty, but we’ve seen problems that don’t get caught in those first 20 days, so the oldest backup didn’t go far enough. We recommend going further.

Plug-ins and services – If you’re savvy or have some help, adding a backup plugin to your site is often a great idea. You can schedule backups of the entire site and database, or just parts of the site as necessary. The best options do cost money, but it’s negligible next to the risk of losing your website. Backup Buddy comes highly recommended, with scheduled backups to email or other servers, and many other features. For a free option, try one like BackWPUp.

Manual option – Your host can usually provide a download of the site and any related databases necessary. Many have an interface for that right in your hosting dashboard, or contacting support should point you in the right direction.

3. Check if it’s up.

Sometimes your best efforts aren’t enough, and your site will go down. Even the most reliable servers go out, and the most secure sites get hacked sometimes. Protection also means monitoring. Sign up for a monitoring service so you’ll know immediately when your site goes down – instead of stumbling on to it and wondering how long it’s been out of commission.

Options:

Monitoring services – These services automate the checking process. Multiple servers automatically ping your website to make sure they’re getting the expected response. If the detect an issue, you get an email or SMS notification so you can make sure the right people spring into action. Uptime Robot is a good free option, and we like the paid features of Pingdom as well.

Manual checking – Sadly, this is one area where I can’t recommend a manual option. No one should be refreshing their site every 5 minutes to make sure it’s still online. Ain’t nobody got time for that.

Conclusion

Website protection doesn’t need to worry you if you’ve taken a few precautionary steps and planned ahead. Nothing is 100% secure, but with the few simple safeguards of updates, backups, and monitoring you’re ready if anything happens.


 

If you’re ready to move on from worrying about your website, Skyhook Interactive offers premium WordPress web hosting and maintenance packages to keep your web presence healthy and strong. Contact us for more information.


 

Footnotes:

1 – 30,000 Web Sites Hacked A Day. How Do You Host Yours?
2 – WordPress Release Log

1 reply
  1. Dallin Harris
    Dallin Harris says:

    Another thing to beware of, at least in the WordPress world I’d say, is reliance on plugins that are no longer supported. Some of the more obscure plugins are created/maintained by individuals (not companies), and sometimes those individuals move on, leaving the plugin at first to grow woefully out-of-date but eventually incompatible with current versions of WordPress/other plugins. When that happens, they become a security and a business continuity risk and need to be replaced, so I think it’s a good idea to keep an eye on that as part of the update process.

Comments are closed.