All websites need ongoing maintenance, monitoring, and security. The first two, maintenance and monitoring, are also part of security. Unmaintained sites, with out of date code, old plugins, servers, and other out of date technologies, are potential security risks.
At a minimum Content Management Systems (CMS), such as WordPress and Drupal should be kept up to date with current versions of core files, as well as any installed plugins. Furthermor, old, unused plugins and themes should be removed.
Websites, particularly any with logins, administrative functionality, or databases, need to be monitored. Not all websites are hacked, but the only one that matters is yours. Regular maintenance and monitoring, are less expensive, and much less stressful than website recovery.
At Studio 4130, we provide website maintenance, monitoring, security, site backups, and website recovery. We offer plans tailored to your needs and budget, but we can also jump in an help in an emergency. Often, that’s how a client becomes a client. We’d prefer you come to us first, but we can help either way.
Here’s how we can help:
We’ll set up a code repository if you don’t have one already. Generally we use Git, which is a free and open source distributed version control system. Using a version controlled repository keeps versions of your code base safe, at a third party location. If your site or application goes down, we’ll have a recent version ready to go quickly. If an update breaks your site or application, we’ll be able to go back until we get to a version that works.
Multiple Site Environments
Your website or application should have multiple environments. In addition to production (the live site), you should have at least one more environment. You can call it dev, test, staging, or whatever you like. The point of multiple environments is to allow you to make changes and updates in a non-production environment, greatly reducing risk to you live site. Sometimes updates and upgrades don’t go as planned. We can set up any number of environments for you.
Core and Plugin Updates
We’ll run updates on non-production environments first, make sure nothing broke, and then move the updates through the various environments. Generally, we start with running updates on a local (on our laptops) environments first, followed by a dev, test, or staging environment next. Finally, when successful updates are confirmed, we move the updates to production. We also make sure to have the code repository up to date, as well as a database backup before changes are made in production.
Beyond keeping your website up to date, we can implement measures that will help protect your site from intruders. We can run automated checks comparing your site’s WordPress files with the current files in the official repositories, implement Two-factor Authentication, IP lockouts for repeated login attempts, and suggest and implement security updates and fixes to both your site, and/or your infrastructure.
As mentioned previously, we make backups before changing anything on production. We also run, and store offsite, backups at regular intervals. We can run backups monthly, weekly, daily, or even more frequently, if needed. Backups include all files, images, and the database. A full backup provides good piece of mind, and is great to have in the event of a server, or hosting outage, or the need to quickly move to new hosting infrastructure.
Daily File Scans
Any website is at risk, and in particular any website that allows for user login for site administration. While WordPress and Drupal are great in allowing users to administer their own site, they do generally suffer from greater vulnerabilities than static websites. Not only can someone login in, but the wide variety of plugins and themes can also introduce vulnerabilities. Keeping core files and plugins up to date is a good start, but scanning files is a must.