Most business initiatives are considered complete at launch. But your web site is not one of them. Why is this? A web site is a business’ online hub of operations, both internal and external. It’s the single point of owned-platform resonance for the customer and the organization. It should be an ongoing and evolving business operations unit. And it’s also one of your business’ biggest points of vulnerability.
From the moment a web site is installed, it’s vulnerable, regardless of platform. Content management systems, in particular, offer vulnerabilities because of the very reason they’re so popular. Any system with a wide install base has a lot of hacker eyes devoted to it. It’s a simple fact of being an easy target.WordPress sites, with it’s huge install base, get peppered with hacking attempts every minute, all around the globe, looking for someone to find a way in, a path to exploit. Server logs tell a story of attempts denied – and, fortunately rarely, allowed – on every site that we manage.
What is done during regular maintenance on a modern content management system?
Regular backups of both home directory and the SQL database that houses your site’s content.
Updates to “core” systems – from the developers of the CMS themselves. Usually a patch arrives monthly, sometimes more frequently. Some are more critical than others.
Updates to any added-on extensions, modules, plugins or components. Each CMS has it’s own lingo. Joomla uses modules and components as well as plugins. WordPress uses plugins. Drupal uses modules. All of these terms refer to external third-party software that has been developed to extend functionality for content management systems. These are huge sources of vulnerabilities because development on these typically lags development on core updates (for obvious reasons, core code updates may break or adversely impact module code.) They are sometimes paid for products with extensive support and extensions of their own.
Testing of components and major site functions following core and module updates and are critical to ensure something hasn’t broken with a core update. If so, the site can be rolled back to it’s last backup, ensuring you haven’t lost any content.
These processes are performed monthly (and depending upon the number of extensions – typically 25-85 per site) can take from an hour to several hours each.
What happens if you don’t maintain your web site?
Developers wish they saved screenshots of every hacked site they’ve ever experienced. And yes, every developer has had a site hacked. When you can show a client precisely what can happen to their site if they don’t maintain it or have it maintained, it’s a sobering realization that even a few minutes with a hacked site can ruin a business reputation or lose a sale to a prospective customer. Not to mention the unraveling of torched Google rankings because of spam, or weeks of content re-creation because files were corrupted.
Why hackers hack sites varies by the target. Big retailers’ data is hacked because of the simple fact that hackers can sell the data, in huge blocks, to organizations that will seek to exploit it. Smaller businesses get hacked all the time, too, for handling protected information like social security numbers, or health information. And if you think your busines is too small to be hacked, smart teenagers around the world hack sites to simply ‘leave their mark’. Because hackers – and the technology they exploit – continually evolve, it’s a never-ending process!
Maintenance isn’t the sexy side of web development. It doesn’t produce a gorgeous, wow experience. It shouldn’t even be visible at all, in fact. But it’s the one thing that helps ensure that your site won’t be compromised, and your business along with it.
Would you like to understand where your site may be vulnerable…and where you have big opportunities to engage with your customers? The web site benchmarking review is thorough and illuminating: