Setting up a website and publishing on it is one thing — and an arduous task it is — but ensuring its security and thus continuity is a very important other part of the game.
There are many reasons why a website can go “down” or is threatened to get lost, but whatever the reason it’s a nightmare scenario if you depend on a site for your livelihood. So, there are several things we do to avoid it.
Actually, security of a website consists of two basic things: the first one is prevention and the second one is having options to always being able to recover a site.
As for prevention, the most obvious thing is to have a strong login-name and password to the administrator part of your website. In addition, we deploy a firewall (a tool that monitors traffic to or from your website) to block known “malicious agents” or suspicious attempts to access the site.
A firewall can do much more things, such as denying access to people who repeatedly try to login with a wrong username and/or password, blocking certain ranges of IP-addresses, or block those who bother the website through DOS-attacks (DOS means Denial of Service), and so on.
Another important thing with regard to preventive measures is to keep the website software up-to-date. We run WordPress software (by the way, about 43% of all global websites run on WordPress) and WordPress.org regularly brings out security updates/fixes, which we apply as soon as we think that their release is stable. Typically, that will be after about a week of their rollout.
In addition, we use a few plugins and a theme, which are extra pieces of software with special functionality we want/need. These are compatible with WordPress, and the developers of those (there are many, many different developers) likewise launch updates, either of new functionality, or bug-fixes, or updates related to security issues. Naturally, we also implement those as soon as possible (meaning, when we think that the release is stable and trustworthy).
The thing is that software updates may introduce new bugs and new security issues, and that’s why we always wait and check if there are complaints in the community before we update our website’s core software. Believe me, it’s not uncommon that websites become non-functional after a presumable “fix.” With respect to that we also have a policy of using as little plugins as possible, which reduces the risks on website outages (and malicious attacks of hackers).
We also use a professional website hosting provider (the place where our website is installed) who has high standards of security (not only having their own firewall but also anti-virus and anti-malware software, etc.) and uses the latest technology (both in hardware and software) — including distributed cloud storage — to prevent or circumvent hacks, attacks, and/or downtime. I can’t stress enough how important this aspect is.
Nonetheless, whatever you do to prevent outages or loss of your website, it can still happen. That’s why you always need to have a backup of your website so that you can restore your website if things have gone wrong despite of all precautions. We create backups once a day (of which we keep a series of one week), which are stored at the server of our hosting provider (the one our website is running on).
However, if the server of the hosting provider would crash you would have lost your backups. Hence, in addition we’ve opted for a plan with our hosting provider that also includes automatic backups of our website environment (stored in the cloud), which ensures that we have extra daily, weekly, and monthly taken backups. Therefore, we can go back to any point in time we deem necessary in case of loss.
All by all, quite some things to think about (and do) to keep the continuity of our website as certain as possible. It’s all in the game, and an absolute necessity if you want to make sure keeping the means of your livelihood safe and secure.
