Maintaining a website is not just about keeping the content up-to-date. The software also needs looking after. But you may be thinking: "updating the software is dead easy, just follow the screens. Why would I need to pay some expert to do it for me?" Well, let's find out. I'll try and explain things in a simple way.
Site Maintenance, Car Maintenance. Why we need to do it.
Let me suggest a way of saving money on your car maintenance for the next two years. Ready? Just don’t do it. Run your car until it ceases to run, fails an MOT, or both. Simple.
Am I mad? Probably. But I’m only following what some of my customers do with their websites.
Threats and Hackers Never Sleep.
Once your site is created, and has security in place, surely you’re all set? No, unfortunately you aren’t. The cyber-landscape of threats is changing daily and even hourly. This is why Microsoft send out their infamous Windows Updates. It explains why your anti-virus may update sometimes several times a day. Your anti-malware package will do just the same (you do have anti-malware running in real-time, don’t you?).
Just as you need your car servicing and MOT’d, so it is with a website. Regular maintenance and security checks shouldn’t be optional. A website can be reached by anyone, from anywhere and at anytime.
It Gets Worse. What Do These Foreigners Want?
Have you ever wondered why you get plenty of foreign traffic on your site even though you have no customer base in China, nor in Mexico? This is because a large part of website traffic comes from robots.
A report by Incapsula, a company that manages web traffic and security for websites, estimated that humans only accounted for 40 percent of the traffic to any given website in year end 2013. Another report from GlobalDots shows that 21.8% of all website traffic were Bad Bots in 2018, a 9.5% increase over the previous year.
Enter The Robots. “Good ‘bot, Bad ‘bot”
Yes, it’s just like the films. There are “goodies and baddies”...
Good ones such as Google, Bing, Yahoo, regularly index your site to find new content and reference it in their database as possible answers to search queries. You need to keep friendly, and leave the door open for these cyber-friends.
Bad ones will do the same. However they have the intention of discovering specific details about your site such as software version and server platform. This helps them identify vulnerabilities which can be exploited.
But I Thought That Protection Was Built-In?
The truth is, no software development company can produce 100% secure code. It’s just too complex and too versatile to achieve. However there are plenty of ways they can mitigate the risk by running thorough code security reviews and implementing standards. Even then, this is not 100% or even 80% reliable.
Won’t I Be Able To Spot The Damage?
No - sorry. A hacked website doesn’t always show it. In fact the best kind of attacks leave no traces behind and still manage compromise your data or steal your resources.
Running those security updates is critical to maintaining good standards of security. But that’s not all.
Once I’ve Updated My Site, Am I Safe?
Yes and No. Between the time a vulnerability has been identified in a piece of code and the time the developer has released a security patch, a lot could happen on your site. Some developers are quicker to react than others. Also, some vulnerabilities are more complex to fix than others. Even worse, to address a security issue, a developer can face the sad truth that they need to start from scratch again. This could take weeks, if not months.
This Is Not Good News. Do You Have Any Suggestions?
Having a strong firewall is a good start. But an intelligent firewall which learns from previous attacks is even better. Multiple layers of security are harder to break through than a single one. You may need to rethink if you’ve got only one or two measures in place.
If you have neglected your site for a couple of months, there could be a large number of updates to run. However, these could potentially break your site because of the amount of changes they bring. Therefore, it is easier to cope with small updates that are easily identifiable. If too much has changed in one go, where do you start?
A “Staging Site"
A staging site can help to test updates before making changes to a live site. Some hosts now provide a “staging” option. This takes a live copy of your site and lets you play with it somewhere safe. You can run the updates there, test the integrity of the site and if the changes are too much, you can start the process again until you’ve identified the cause of the bug.
If I’ve got a bit too techie for you, don’t worry. Maybe it’s time for us to talk.
And if you've found this article useful, please comment below.
Meanwhile, here’s what we can offer. Call me and I can talk you through it.
Back to our car maintenance illustration earlier. Prevention is better than cure, as the old saying goes. You can pay for maintenance now, or pay for roadside recovery later. I guess you know which one I’d recommend…
Credits: Photo by Tory Bishop on Unsplash