Owners of small to medium sized websites must maintain their sites on a regular basis, or pay to have them maintained. A few thoughts on why you must do so or ignore at your peril.
One of the main reasons is the reality of incessant hacking - used here as a catchphrase for all malware and other security problems. Most people are aware of website hacks from the news, but is doesn't connect home with why or how that applies to their website. Unfortunately the constant and evolving threat of hacks requires your hosting provider to do regular security maintenance - but you must do so too.
Security starts with seemingly simple tasks such as backups, but includes many other activities as well. What was simple and safe yesterday could very well be a giant risk today. That applies if your site is hosted at your desk, on a dedicated or shared server, or in the cloud. But the software your hosting provider updates is only the foundation upon which your website sits. Your site was built with additional software, customized to fit your needs. You must update those layers too because your hosting provider, won't, and shouldn't touch it.
Example: Two years ago you released a new site. When it went live, it most likely contained new/updated content as well as a new look and feel to better target your market/users interests. That was a good thing. Then you did nothing more to it. You might have occasionally updated content, but since the site went live, you refused to spend any money on keeping the site technology up to date with security patches and system upgrades. That was a bad thing and just what hackers are looking for.
My initial response is bitter but true – these days, anything, anywhere, can get hacked anytime. However, a well designed site with a constantly upgraded platform, framework, components, and security is your best defense. There is no such thing as a 100% secure website, but you can make yours less likely to get hit. This blog does not look deeply into the highly technical aspects of site hacks, and it does not discuss anything more than the steps a small business website owner/blogger can take to mitigate intrusions. It examines some of the fundamental reasons behind hacking and what you can do about it.
On average, as many as one million pieces of new malware are released per day. Yes, you read that correctly. But that malware has to jump through some hoops to find its way to your site, starting with the hosting company servers and ending at your site access. So, there are things you can do to prevent hacks.
As website builders and application developers, we must think about a website in its entirety when selecting a software platform on which to develop. We must consider the type of software framework, client business requirements including the need for a Content Management System (CMS), and the “most important” part from a client perspective – the front and back end usability. CMSs are the most usable for client updates. Some CMS software and site components may be more easily hacked than others, but all are vulnerable to some degree. On top of that mix, we are also constrained by the project budget.
Security practices, reputation, quality, platforms, content and site management tools should all be part of your selection criteria. But where the site is hosted and what additional security tools you purchase are also important decisions.
When asking "Why did my site get hacked?," it's helpful to consider two different views on the question:
- Why did the attacker pick my site? - An issue of attacker intent or motivation.
- How did it happen to my site? - An issue of attacker means and opportunity.