Is your website protected?

All organisations should consider the importance of their websites within their overall ICT environment—what it would cost to replace a web-site which has failed, and who is responsible for ensuring its continued availability.

This can be especially important for websites that include online shops, blogs, membership systems or other dynamic features that change regularly and contain key operational data.

UPGRADING AND MIGRATING WEBSITES - THINGS YOU SHOULD CONSIDER There are a number of things you should consider when you look to upgrade, migrate, trouble-shoot or host a modern web-site.

Things to consider include:

  • Many websites are now based on Content Management Systems (CMS) such as Wordpress and Drupal.systems use scripting, plugins, themes and other code based elements to provide features that old, static websites could not.

  • The widespread use of coded elements in today’s websites provides numerous attack points as new system vulnerabilities are discovered with the creators of the CMS, plugins, themes, and other components regularly releasing updates to protect against vulnerabilities.

  • CMS systems often utilise SQL databases to maintain website elements.

  • Many update and migration processes can have unintended consequences and require significant troubleshooting. For example:

  • New hosts may have firewall applications that cause problems.

  • Updates to the CMS can break other plugins and themes and vice versa.

  • Upgrades to the underlying hosting system may change PHP, SQL or other system versions (and you may not even be aware this is going to happen in advance!)

  • The combination of underlying Operating System, PHP, SQL, CMS, theme and plugin versions, all created by different organisations, can make troubleshooting very difficult.

  • In an ideal world, the organisation that creates your website should do your maintenance as they will best understand the way the different components interact.

  • Effective website documentation will make the handover of support responsibilities easier. Ultimately, you need to decide who you want to do your website maintenance and ensure they are familiar with the site BEFORE things break.For example—If you login to your Wordpress Administration page and click the “Upgrade Now” button only to find that various components of your website have failed, it is too late to expect a speedy resolution from a new website support person.

Hosting providers often maintain backups of websites, but only for a limited time and generally only for their disaster recovery purposes.You should not assume that you can call your hosting company and ask them to restore your website from backup, especially if you need to restore an older version.


MAINTENANCE TASKS ENSURING YOU CAN RECOVER IN THE EVENT OF A FAILURE There are a number of maintenance tasks which should be regularly performed to ensure your website remains as secure as possible, and also provides recovery options in the event that your website or its host are compromised:

  • The creation of maintenance procedures and website documentation. This documentation should outline all the software components that make up the website, and their relationship to each other.

  • The regular backup of all files from the website, either using FTP or inbuilt host or website backup tools (make sure you don’t leave the backup on your web host—store it somewhere else!).

  • The regular backup of any SQL database(s) that support the website.

  • The installation of any required updates for the CMS, plugins, themes, and other components that support the website.

  • The installation of any required updates for the underlying hosting platform (this would normally be done by the website hosting provider).

All organisations should consider the importance of their websites within their overall ICT environment — what it would cost to replace a web-site which has failed, recover any data and who is responsible for ensuring its continued availability.



2 views0 comments

Recent Posts

See All

Big companies and large government agencies have large, dedicated IT support and cyber security teams working to protect their systems and data. IT responsibilities are often divided into separate tea

On the face of it “Bring Your Own Device” (BYOD) is great. Organisations don’t have to buy and manage devices, Staff get to use their device of choice, and Staff don’t need to carry two or more device