Recently a client asked me what was the best single thing could a website owner to do to their site. I responded very quickly with “keep it up to date”. No matter what type of website you have – WordPress, Joomla or some other platform, you need to keep it up to date. The consequences of not keeping up your website will cost you more in the long run, than the cost to maintain your site regularly.
What can happen to your website when you don’t update it? Having extensions or plug-ins (primarily referring to CMS systems – but any system will benefit) that are not up to date, leave an opening in your site to be hacked and injected with malware of one kind or another. Which means your site can go down at anytime. In the past year I have seen an increase in my own client sites’ being hacked, after years of no activity. I can’t force a client to update their site, and some have learned the hard way that spending a few bucks once every other month is far cheaper than having to clean an infected website.
I have heard, and even think that asking my clients to update their website sounds like I am just trying to drum up some new business. But alas, it’s not for my business, but my client’s sites welfare. Just because I know what to do when a site gets infected, does not mean I enjoy dealing with malware or coding on such a level your brain can pop! Finding a hack is searching for a needle in a haystack and every hack is different.
Over the years I have luckily only had to clean a few sites. The clean up process varies and can depend on the site itself. Now, I have found a great company that will handle the clean up process at a lesser cost than my time to do it, I can relax a bit.
The best maintenance tasks you can do for your site is to;
- Back up and download the back to you own computer / cloud storage.
- Update your extensions / plug ins at least every other month – Best is monthly.
- Scan your site monthly for malware.
Backing up is extremely important for obvious reasons, but I think I need to remind you. I have had clients who thought the additional services they were paying their hosting company would cover a back up and well guess what? It didn’t work. There are so many ways to back up, and provide “restoration” or “back up” services but you need to know what they mean exactly. And even if you “think” you are covered, I still create a back up of my clients’ sites and download it to my computer. Murphy’s Law is always ever present in technology. You never quite know which back up method you will need, or which one will work the fastest. Variables include the size of your site and/ or database, your hosting company services, the back up system itself and the website platform. I always suggest a back up method where you can back up the database and the actual website files seperately.
Second, update your extensions and plug ins on your WordPress or Joomla websites as often as you can. You can install an extension like Wordfence which will email you when you need to update and check the importance level of each update. Updating is not for the faint of heart either. If you are going to try to update your own website, you always need to be prepared for a site to “break”. Hence why you always need a back up before you do updates. Extensions and plug ins are written by 3rd party developers and while the best are written very well, some can break your site, and you will see the dreaded “White Page of Death”. Selecting the best extension is a whole other article. For now, if you attempt to handle your own updates, you need to know and physically have your own copy of your website and database.
Finally, scan your website monthly for malware. You can do this for free on the web using Sucuri Website Malware and Security Checker for example. It can help to identify a hack as soon as possible. Also, and I think more importantly, if you scan regularly, you will be identify the accurate time frame of when your site was actually hacks. Knowing when your site was hacked within a week, will enable you to work with your hosting company to do a proper restoration with a back up file that was not likely infected. That means you can have malware on your site while your back ups are created. You don’t want to use an infected website back up to restore your site – you will just have to clean it up again. Scans are free and should be done monthly. Set a schedule on your calendar or task list – it won’t take that long.
A final note, if you are using some other type of website platform like Weebly, or Square or something similar, please contact your customer service department and ask how they handle updates,Add New Faq back ups and hacked sites. They should tell you, with confidence, what they can do for you. If they can’t, move your site to another platform fast. While the website owner is responsible for maintaining their own website, the hosting company has a responsibility to make sure they have secure servers and customer support for hacked sites.
So back it up regularly, scan it monthly and update often. You will save money and frustration in the long run. I hope your site never gets hacked, but the truth is that the frequency of hacking is increasingly exponentially every month.
“An ounce of prevention is worth a pound of cure” – Benjamin Franklin