We've been posting articles here about security lately. It's very important. There has been a rise in website hacking (not particularly with us but just in general). So why do these hacks happen and what needs to be done to prevent them?
There are a few kinds of hack / compromises that happen:
These kinds of compromises are not personal and are the majority of what goes on. They just found your website and tried to get in. It's like knocking on every door in the neighborhood. Usually, the people running these scripts are in other countries like China or Russia.
What our clients have to mainly be concerned about is the first one - those Script Kiddies. These kinds of compromises are usually hidden and we find out about them when the mail queue suddenly ramps up with tons of spam email being sent out. We then have to find out the source and then take action.
To prevent your website from being the source of problems, it simply needs to be updated. We just posted a good article on this: "Keep Your Website Software Up to Date" and we suggest you read it.
When you do keep your website software up to date, it should be as simple as just clicking a button or link to run the upgrade process. That's what we're used to doing when software on our computers gets updated, right? Well, with the website industry, upgrades are not quite to that level yet. They are getting much better now and the chances that "one click upgrades" will actually work fine is much, much greater than just a few years ago - but things can happen. Let's explain.
Plugins Not Compatible
This is probably one of the main problems we see. The core software gets updated fine but plugins (extensions, modules, additional software like photo galleries, etc.) don't work after an upgrade. Often, that software also needs to be upgraded - that is if the software developer has bothered to keep things up to date.
Sometimes upgrading one plugin will cause another not to work. What if there's no upgrade for the other one? You're stuck - unless you know how to troubleshoot / diagnose the problem and then go into the code and fix it. You might really need that plugin and you'd have to do this or find someone to do this work for you.
Wrong Versions of PHP or MySQL
If you do an upgrade or patch before your host is ready for it, then maybe they don't have the necessary software installed on their end. You proceed with the upgrade and then nothing works. You then have to go back - what a mess.
The opposite can happen, too. Your host could be upgrading their versions of PHP or MySQL and if your website is not up to date with the latest version, it could break.
Both of these things (the server software and your website software) need to be looked at carefully before doing an upgrade.
You Have to Go Back
We just mentioned this. Sometimes you try to do an upgrade but for some reason, it just won't work and you have to go back a version. That's hard to do if you didn't take a backup right before you got started - meaning, a confirmed backup of all the files (with permissions preserved) and a dump of the database.
Lack of Testing
Did you just do an upgrade and not test everything on your website? Did you just do it and walk away? How do you know if everything still works? Maybe the home page looks fine but everything else if broke. Your contact form may not work, your e-commerce might not work - who knows? You have to dedicate ample time for testing everything after an upgrade. If you don't, you could find out months later that you've been losing out on leads or sales.
Not Being Careful
Probably the toughest part of being in website development is all the mundane things you have to do. If you're not someone that can pay attention to detail and be careful, then website development is definitely not for you. Things like consistency, being thorough and being patient / careful are paramount. It's tough because the work can be really boring but it has to be done. If you're not sure what you're doing and what order to do things in, you could have some big problems - again, it's very detail oriented work.
Upgrade at Night or During Off-Peak Hours
You really want to be careful to do your upgrades during non-peak hours. You don't want your website down for 5-10 minutes of even a half hour during the daytime. Upgrades should be done at night so as to avoid losing potential customers or sales. So get some coffee ready!
Website design and development can be a thankless job sometimes. A lot of work happens in the background and it goes unappreciated. Most people don't realize all that needs to happen to develop a website and to keep it running fine. Most of our clients don't have the time or patience to learn how to do all of this. They need to run their businesses. Even companies with IT Departments simply don't have time to do things like maintain the website. They're too busy. It really makes sense to leave this kind of work in the hands of the experts. They can do it quickly and efficiently and want to do the work. It just makes sense.
-Tony
