It is vitally important that your website is kept up to date with the latest security patches to protect it from vulnerabilities which seem to be being published on a weekly basis in the last year.
In previous years, we would design a website and go through all the approval process with our clients and get the website live, and you could just leave the site as is until the client wanted to make an update to the content or design of the site. Those days are long gone I’m afraid. You now have to take pre-emptive steps to protect your brand, your website is the first place potential customers, employees, journalists and other interested parties will visit.
It doesn’t matter whether your website is built with WordPress, Joomla, Drupal, Magento or any other platform as most of these are written in PHP and the underlying technologies in all of them are similar. The vulnerabilities that are being found range from this core level, all the way to the plugins/extensions that are used on your site.
What’s the worst that could happen?
We get asked this question a lot! For clients with eCommerce or membership sites, user data getting compromised is the most obvious one. What are the other common ways that your website can be exploited? Here are a few:
- Adverts get injected into your site for items that will give the complete wrong impression about your brand. These range from adverts for betting and dating sites to much worse and vulgar sites and services that you would not want your brand associated with. Even though it is obvious to your users that your site must have been hacked, it still does not reflect well on your brand.
- Redirects are added so that when people visit your site, they are automatically redirected to other malicious sites when your site loads.
- Links are injected into your text and image content, and when users click on these, they lead to other malicious sites.
- Spammers can use your site to send out spam emails which can lead to your IP address and domain getting blacklisted.
Is prevention better than the cure?
Most definitely. The problem is that once your site is hacked, it becomes a much bigger job to clean it up than it would be to keep everything up to date in the first place.
Perhaps the bigger problem here is that Google will probably have crawled your site and updated their indexes, so the search results for your domain start showing dodgy titles, text and links which all harm your brand image and SEO. You then have to manually disavow these links and that takes time. Google may also detect the infection and show users the dreaded Red Screen warning them that the site they are trying to visit is malicious, and there is nothing worse to deter potential clients/customers from visiting your site again.
If you have customer data on your site, then it may be that you need to send out that embarrassing email telling them about the breach and asking them to change their password on your site and other sites where they may have used the same password.
It always comes down to the same thing, yes we can clean up your site, but the damage to the brand lasts longer and is more difficult to repair.
Can you guarantee 100% that my site won’t be hacked?
The simple answer is no. Nobody can give that guarantee, and if they are, then they are being less than forthright! You hear about massive companies like Sony getting hacked and they have full-time top-end cyber security teams in place!
The key here is that a lot of sites get hacked using bots. Your site is more than likely not targeted specifically. The bots crawl around the web and can tell which platform your site built on and they also know about known vulnerabilities in the platform and plugins on that platform, so they probe for these and once they identify the vulnerability (out of date platform/plugins), it gets logged. The secondary process then exploits this vulnerability as described above by injecting ads, adding redirects etc.
Hardening your site is about putting the best practices and recommendations in place so that you reduce the chances of getting compromised as much as possible.
You may have heard about the recent Mossack Fonseca breach. One part of their website was running an old version of Revolution Slider that had several vulnerabilities disclosed and the security firm WordFence are saying that this may have been the attackers route in to the network. So it is imperative that you keep your platforms and plugins up to date.
So how does a maintenance contract help?
If you are not working with these technologies on a daily basis and keeping abreast of all the news in this space, then it is almost impossible to stay on top of it.
This is where we come in. Our monitoring systems alert us when core updates or plugin updates are released, and our team keeps updated on vulnerabilities as they are exposed and we take the relevant steps to patch your sites before they get compromised.
When you have a maintenance contract with us, you get the following benefits:
- Security hardening so that all the recommended precautions are taken to ensure that your site is protected. We review these on a regular basis and apply new recommendations to all our supported sites.
- Automated uptime monitoring so that we get alerted if your site goes down for any reason at all within 5 minutes of the event. We then look into the cause and liaise with the hosting provider and get your site back up and running ASAP.
- Regular updates to the core platform (WordPress, Magento etc.) and plugins. Any security updates are applied with top priority as soon as we know about them and other updates are applied in a timely manner. This also gives you access to new features within the platform and plugins.
- Browser compatibility is also taken care of with our support contract. All the modern web browsers such as Chrome, Firefox, Safari & Microsoft Edge all update automatically in the background. Sometimes, these updates break how your site is displayed. We check for this periodically when updating your websites.
How to get a maintenance contract
Simply get in touch with us (details on our contact page) and we would be happy to discuss putting a contract in place with you. We also take on websites that have been developed by other agencies, so even if we haven’t built your site, we can harden the security and make difficult for your site to get hacked.