It doesn’t matter how awesome your design is or flashy your new technology is, if your site is not reliable and secure you are sunk.
Using a house as an analogy, the foundation isn’t sexy. The addition with an in-ground pool is. But if you don’t have the basics, you don’t get the benefits. If you don’t have the foundation, you can’t have the loft.
Each step of my redesign begged the question: How can I simplify this?
Simplicity is naturally more elegant and it can be counted on.
This means I deleted hundreds if not thousands of old files. I didn’t leave random scripts or files hanging out there on my hosting server to create vulnerabilities. I only chose plugins and features that are road-tested and I keep them (and the WordPress core platform) up to date. I backup and backup some more.
Security is a funny term. Everyone wants their site to be secure. So do I. That said, if you handle the basics, you then need to decide – just how secure do I need this? Front door with a lock and deadbolt secure? Or Department of Defense certified secure?
Both can be had but at very different spectrums of effort and cost.
I spent almost a decade working in Internal Audit. When I was in the information technology group, that equated to security and disaster recovery. It was back in the day when firewalls were a new thing. Security is a constantly moving target. It was in the 1990’s, it is today. Think about it. Companies that spend hundreds of thousands if not millions of dollars on security get breaches and leak sensitive information. What makes you think you could be 100% immune?
You need to understand the sensitivity of data you are storing and transactions you are making. These will drive some of your security decisions. Then you need to ask yourself: To what length and costs do you want to go to be “secure”? Are you going to lose thousands of dollars a minute if your site goes down or is it going to be a royal pain in the butt and unpleasant speed bump in the road?
For me personally, I am a solid basics kind of gal: good solid locks with a few deadbolts for extra measure. I do my best to keep my site unappealing for hackers and other malfeasance. Hackers truly want to go to the easiest targets, the highly visible ones, or a really cool challenge. I try to stay out of those categories. I also have a recent backup of everything so I could rebuild my site from scratch in short order if the worst were to happen.
Early in my business’ history (in the old HTML days with random free-for-all scripts to create web forms), I came home from vacation to find my site hacked and redirected to a pornographic site. They had many creative uses for the color hot pink to say the least. This was NOT fun. However, I was able to recover and restore within a few hours of discovering the issue (an out of date script with a known security hole).
Did it upset me?
Did the world end?
So the best offense is a good defense. Build in reliability and security to your ongoing maintenance, but don’t let the search for a 100% guarantee paralyze or make a pauper out of you. There is not such “perfect” solution.
Need help keeping your site up to date with the latest security releases, upgrades, and backups? Contact me. I have a robust and affordable maintenance package that will do it for you and minimize your “to-worry” list.