So you got yourself a car. Congratulations! Now you can commute to work a bit more comfortably and not have to rely on transit timetables. But with the car comes new situations that you didn’t have to deal with before – like taking care of a flat tyre. Sure, you can replace it with the spare, but what do you do with the punctured one? Unless you’re in the tyre repair business, you wouldn’t try to fix it yourself, would you? You could try to Google how to do it and buy the tools, but heck, you have more important things to worry about in your life/work/business than fixing a puncture. You take it to a professional – a person who knows the trade and is quite good at it.
It’s not much different when it comes to your website, WordPress or otherwise.
Your website’s importance varies depending on the role it occupies. If it’s just a hobby blog where you write about some of your deepest thoughts and feelings (Facebook pretty much made that kind of site obsolete), then website technical issues really won’t mean much to you. On the other end of the spectrum, if you’re in the retail business and your e-commerce site goes down, that’s akin to locking the doors on a physical store in the middle of the day. You can’t let that happen. But just like in our punctured tyre example, your main focus should be your business, not your website.
It’s a lot of work to put up an effective and pretty website. What many people don’t realise is that once it’s up, it needs to be looked after. What can possibly go wrong, you ask? Keep reading and try not get too scared.
The vast majority of people want to make money. It’s part of our survival instincts. Also, everyone wants to have fun, whatever fun may mean to them. Whether it’s for the money or for fun (or in a perfect world, money-paying-fun), some people will try to take advantage of your website. That’s the internet for you. This can go from stealing your client’s credit card information, down to placing their ads on your pages so that your traffic makes money for them.
Back in the early 1990’s, when I was just dipping my toes in the computer world, I asked my then mentor how to keep computers safe. His answer: turn it off, unplug it from the power grid, and store it in a safe. And even so it won’t be 100% safe. The internet was in its infancy then, with no such thing as broadband and the fastest modems you could get would download at a top speed of 5 bytes per second.
The number of users since then has multiplied enormously and with that, the number of hackers (or crackers, or whatever you want to call them). And the sad reality is that there isn’t a single piece of software that can be truly safe from attack. It’s not necessarily because the software itself has flaws, but because it depends on a whole ecosystem for it to work – other pieces of software, hardware, and even users (many attacks are successful because they manage to scam users out of their passwords).
The best we can do is make it hard for attackers to succeed. Software bugs and vulnerabilities need to be fixed as soon as they’re disclosed, as many attackers rely on outdated software to gain access to servers and other systems.
When it comes to website hosting, we also need to choose our host company well. It’s really no use to have your website nice and up-to-date if the server that your files are in has insecure software that you can’t control. For example, if you’re on a shared server that doesn’t have its file permissions set correctly, you’ll be vulnerable from other people’s insecure software. If they get attacked, then your site is as good as dead, too.
So what’s the solution? Besides keeping your site up to date: remediation.
Back to our flat tyre analogy, you wouldn’t drive without a spare, right? The same can be said for websites, especially those that change frequently, like a blog or ecommerce site.
When things go wrong (and mind you, they will go wrong at some point in time), you’ll be relieved if you have a recent snapshot of your website.
This is what we call a backup and it’s saved many a business’ bacon time and again. When backing up a site, we store a copy of all files and the database on a separate server, so that if the server itself blows up, your backups are safe.
The frequency with which you backup your site can depend on how often your site changes. Daily backups are fine, but some sites can go to extremes like getting immediate file backups and redundant databases (where changes to the database are automatically applied to a secondary database on a different server).
OK, so you managed not only to get backups done frequently, but also to recover your lost files and data. Next thing you know, your site is attacked again. You’d be surprised as to how common this really is.
The problem is that when you backup your site, you’re probably doing the attackers a favour and backing up their means of attacking as well. So when you restore the files, they’ll still have the front door wide open for them.
That’s why it’s important to, as well as keeping your site up to date, scan your site periodically for malware and clean it up. Malware are the files and data that attackers are able to embed into your website to let them do what they want.
There are some handy WordPress plugins that assist in tying up loose ends security-wise – from hiding your admin area behind a custom address, to blocking forced entry attempts, to forcing two-factor authentication, among a plethora of other tactics designed to keep your site safe. The trick is choosing the best one and making sure it won’t conflict with any other functionality of your site.
Pretty daunting, right? Sure, there’s Google to help you take care of all that, but do you really want all that weight on your shoulders when you could be focusing on reaching your quarterly goals? Oh, and speaking of Google, they’re not always your friend! Now you have to also worry about Performance.
Google is hands down the largest and most popular Search Engine in the world. No argument there. The problem is that businesses are so dependent on getting the best positioning in search results that they have to abide by the ever changing rules that Google imposes (always claiming improved User Experience). A while back, thousands of information-based websites were negatively impacted by Google policy changes (Google gave these changes cute fuzzy animal names, perhaps in an attempt to soften the blow) and these people had to scramble to get back on their feet. Some never did.
Not satisfied, Google decided that sites should be mobile friendly, and then needed to be fast, and recently that sites should be encrypted. I’m not complaining – they’re all perfectly valid requirements when you look at it from a visitor’s perspective. But that also means that you, as a business owner, need to give much more attention to a tool (your website) than to your overall business.
Getting a site to be fast is not usually an easy task. There are many moving parts involved and getting all your ducks in a row can be quite frustrating. Remember the flat tyre analogy? Consider achieving and maintaining good performance as not only fixing the puncture but also balancing and aligning the wheels. And recapping the asphalt while you’re at it!
Taking care of a website shouldn’t be taken lightly. You’re better off hiring a professional who has that as their business so you can focus on your own.
We at UseStrict Consulting take pride in caring for our clients’ websites. With almost 20 years of experience developing websites, and over 5 years customizing and developing WordPress plugins, we know how to secure and optimize your site, and recover it when disaster strikes. It’s a scary world once you know all the dangers, but we’re there to help you through it.
This post was originally written for TourismTribe.com by UseStrict Consulting.