For every website we build, we do security updates to keep it as up-to-date as possible. Every software needs updates, and the Content Management System (CMS) software used for your website is no different.
Security updates are like insurance. By the time you need it, it’s too late.
If your website design company isn’t doing regular security updates to your website, there’s the chance your site could be compromised. It’s best practice for any website that security updates are done as soon as they come out.
Of course, even with security updates, it’s always possible a website can get hacked.
That’s because new threats are being developed every day.
While hackers are specifically targeting major websites, they’re not necessarily targeting your, or our, website. They write code that cruises the internet looking for holes in websites so they can worm their way in and screw with things. And worst case, they demand ransom.
Updates are developed as WordPress teams learn of new “points of entry” hackers find into their Content Management Systems. But if your website is up-to-date with its security updates, the chances of your website being compromised goes way down.
If your site is hacked…
… and doesn’t have the latest updates, fixing it is much more complex. Without the most recent updates to the Content Management System, the reverse-engineering required to find where the hacker’s code wormed its way into your website is time-consuming. Which also means it’d be expensive.
However, by doing security updates regularly, we can move more quickly to find and fix something. This makes trouble-shooting much easier. And if it’s really quick, we don’t charge for our time fixing it, because that’s what you’re paying for when you pay for when you get regular security updates.
Security updates and patches might come out every week, or every month. We never know. From our experience, we plan for an hour a month to keep up on this, and we try to do those updates within 24 hours of when they come out.
You get priority attention.
Being on our security update plan/schedule, we’d give priority attention to your website should something happen. And if it’s a quick fix, we do our best to get things fixed within 24 hours.
What type of “site security” are you paying for?
Hackers are getting more “creative,” and more aggressive, in their attempts to screw with websites.
What you’re paying for is security updates to both the average of 15 – 20 modules traditionally used in a website, plus the core software your website is built with.
The importance of backups.
We use a company called CiviHosting to host websites. They back up every site, every day, and keeps those backups for 1 week.
That’s important, because if your site is hacked on a Friday and no one notices it till Wednesday, we can go back to Thursday’s backup and re-install that version of the site. If that were the case, the only thing you’d lose on your site would be any updates you added over the weekend before we realized your site was hacked.
Site monitoring in the event of a hacking attempt.
There’s no “notification system” on a website that tells us (or you) if your site has been hacked. CiviHosting does have an Abuse Department which contacts the account owners (that’d be you) in case of a security incident (e.g. once a website is already hacked). They monitor their servers 24/7, and have automated monitoring tools and staff on shift at all times.
However, software can only monitor for certain types of hacks: once the hosting companies know about them. And all too often, they only know about dthe ifferent types of hacks when it’s too late, meaning after the site has been infiltrated.
Why we charge quarterly.
Essentially, you’re covering the time we invest on your behalf making sure your site is secure, which is our time to do security update to the plugins, and the CMS core.
The amount you’d pay for a quarterly security update depends on the complexity of your website. And how many modules would be on your website. You’d essentially be paying for an hour a month for us to secure your website.
Security updates don’t relate to the hosting of a website.
That’s a separate function, and one that’s covered by the hosting company. Civihosting’s server have never had a hack. None of our clients’ websites hosted on Civihosting have ever been down in the 20 years we’ve used them.
In summary.
Basically, every piece of software ever created needs updates, and the software used to build websites is no exception. Of course, it’s true any website could get hacked at some point. And as rare as it might be, as we said, security updates are like having insurance on one of your most important marketing tools.
Fortunately, we’ve never had a client refuse to have security updates done to their website. After we tell them the reasons for having us do the updates, they understand.
If you have any other questions about this subject, please feel free to contact us.