Is this the message (OK they are usually a lot less polite) that you would like to see when you open your website?
Website software developers constantly have to improve their software to keep hackers at bay and to provide our unending thirst for new bells and whistles.
To add functionality and security to your website eg, mailing lists, community forums, picture galleries, backups, security features etc extensions called Modules and Plugins or Widgets are built into your website. Anyone, anywhere in the world can create one of these and offer it either for free or for a fee. The Wordpress, Joomla, Drupal communities do their best to ensure the software is properly coded, works as it should do and isn’t going to crash your site. However, these communities are run by volunteers and there are many 1000’s of various extensions/addons that are available. So you might have extensions that have been created in Poland, England, Mexico, Australia, Russia, India etc all working together (or in conflict with each other) on your site. As you can now imagine each person thinks a little (or a lot) differently, has different levels of software coding skills so what you can end up with is a United Nations Code jumble which can be hacker heaven.
Some of these extensions are paid for and some are free. As with everything in life you get what you pay for.
Unless the person who has designed and/or maintains your site keeps track of all the updates of each extension, your site becomes increasingly vulnerable to hackers.
The Core software of Wordpress and Joomla and similar website software go through cyclical major updates and regular security updates. Extension developers need to regularly update their extensions to keep up.
What happens on many websites is that the designer/developer creates your site using the latest stable version of the software and either because the end-user doesn’t want to pay for maintenance and updates, or the developer doesn’t know or care enough, the software becomes outdated within 6 – 12 months (sometimes sooner). Because the site seems to be working well – if it ain’t broke don’t fix it – no-one (except the hackers) pays too much attention to it.
Both Wordpress and Joomla have been through major upgrades in the past couple of years. Yet many sites are still running on old versions which are no longer supported and have critical security issues which are frequently behind the increase in website hacking.
Using weak passwords and not changing them regularly also make your website very vulnerable.
Your website is a big financial investment and hopefully a key marketing tool for your company. With a few malicious clicks of a mouse and keystrokes it can be lost.
Here are some questions to ask the person/company looking after your website. Ideally you would have a written contract that would cover the following but many websites are delivered without proper scoping or contracts.
- · What does my monthly, quarterly, annual fee that I pay you cover?
- · What platform is my site developed on? (a useful question if you need to pass the management of your site onto someone else)
- · Is my website running the latest version of the core software? If not why?
- · What will it cost (yes it does cost money to maintain and update a website) to bring it up to the latest version?
- · Do I have any additional free or paid for extensions on my site? Are they up to date? Do you have a system for keeping them up to date?
- · Does the website hosting company have sufficient security features which will protect your site in the event of an attack on the hosting company servers?
- · How frequently does your hosting company do backups of your site? Do they backup only the database or do they back up all the content?
- · Does the person who maintains your website also have a backup routine? How frequently is this run? Do they download the backups from your hosting server to another secure storage area?
- · Does your website have a firewall to protect your website?
- · What will happen if your website developer goes bust or you have a falling out? How will you be able to access the data on your site without having to start from scratch.
- · Do you need to change the passwords? Who has access to them?
Website security is a major issue yet so often it is neglected. It is like us putting up security fencing after we have been robbed.