Website hosting security, updates, and more…
Many people think they are OK having a WordPress, Joomla, Drupal or other open source CMS based website and simply “hosting a website for under $10/month”. However, if you don’t take care to host your site the right way your website will be at risk for getting hacked and really “messed up” (to put it in technical terms).
We sent this to all of our clients in an email, and felt it was important enough to share with everyone:
We’re writing you today in response to an increasing trend we’ve seen over the last 6 months with client WordPress sites. WordPress is a great platform, but the nature of open-source coding leaves it susceptible to hacking or other security concerns – we have seen a marked increase in this activity throughout 2015.
Your site is not currently hacked or ‘in trouble’, but it is at risk for this activity. There are a few steps that you can take in order to mitigate this risk, which we highly recommend:
SSL Certificate and changing to HTTPS
This is the quickest, easiest update to your web security. This SSL certificate can be ordered through your hosting provider, and typically costs $60-70 for a year. There are setup steps involved (usually confirming an email from an address that ends in @yourdomain.com) but this is usually a quick process. Feel free to ask your C1 Account Manager to make sure this is working properly – we’ll help make sure this is done. Google has recently announced SEO benefits to sites that are HTTPS, so this should be done regardless of security concerns.
Updating WordPress themes, plugins, & version
This is the most commonly hacked area in a WordPress account – most “backdoors” are found through old plugins which are no longer updated or supported as new security measures are created. Without consistent updating, these security updates get left behind, and opens up the site to a possible security compromise.
Updating WordPress themes and plugins is easy – simply log in to your dashboard, click the “Updates” button on the top left, and follow the prompts to update your plugins and themes. We’ve prepared a brief FAQ below:
Can this be done automatically?
At this time, no. Updates are done on a different schedule for each plugin & theme, as they’re all independently owned and operated. We recommend updating these as they come up, but a rate of 1 “update check” per week should be plenty sufficient
Are there any risks to doing this myself?
There are risks for doing these updates yourself that web developers also face. Updates in plugins, themes, or WordPress version can cause changes to the way they behave within your site. There is not, currently, a reliable test environment available for checking updates. That being said, for every 100 updates, 1 might cause a small change, and for every 100 small changes, 1 might cause a noticeable visual or performance issue.
Updating the WordPress version presents a greater risk than plugin or theme updates. We recommend scanning your site and testing contact forms after updating to ensure everything’s working as intended. If anything breaks, call your Account Manager – we are happy to help guide you on solving this issue.
Does C1 do this for us?
At this time, no. C1 does not handle month to month web maintenance for clients, as we simply do not have the infrastructure in place to do so cost-effectively. C1 is not responsible for security breaches, lack of updates, or other issues caused on-site for which we have no control. We are, however, always glad to help guide you through the process of fixing issues that may occur.
Is there anyone that can do this for us?
Yes – C1 has a couple of partner hosting vendors that offer WordPress support for updating, and are able to revert or isolate problems that occur. If you’re interested in this, please contact your account manager and we will refer you to a provider.
Why am I just hearing about this now?
There are countless variables in online marketing, security being no exception. Our goal is to advise you on what we feel is the most urgent so that you can focus your attention on the biggest risks and potential rewards for your website. There is constant movement in our space in many different arenas – we only want to recommend that you spend your time addressing these issues as they become prevalent or urgent.
Thank you for your continued business and trust, and please contact your account manager if you have any questions.