Keep Your Site Updated, Or Bad Things Can Happen
We don't like to be fatalistic, but bad things can happen to your site if you aren’t committed to keeping it updated. What kinds of bad things? There are several common types of hacks that could take control of your site, compromise private data or shut it down altogether.
- Malware - infects your site with intent to cause harm
- Adware - a type of malware that loads and displays ads on your site
- Phishing - steals user logins to gain access to password protected information
- Content injection - malicious commands or links injected into your site
- Defacement - editing or replacing the content of your site
Beyond the damage to your site, infected sites may be blacklisted from Google. And Google may also slap a scary red warning on your site for good measure.
Really, any of these outcomes would mean a really bad day for your organization. And all sites, big and small, are potential targets of attack.
Who Wants To Hack My Site?
Many site owners believe their sites are too small to be the target of an attack. That’s not true, because most hacking these days is accomplished by bots. Automated bots troll the internet looking for easy targets. They are indiscriminate about the type of site they attack: large, small, old, new, nonprofit, educational, personal or corporate. If your website has a weakness they can exploit, they will.
How Do Updates Protect My Site?
Your website is built from code. Most sites depend on a software framework known as a Content Management System (CMS) like Drupal or Wordpress, plus modules or plugins. Code is complex, and weaknesses are exploited by hackers to attack sites. However, as exploits come to light, code ‘patches’ are developed to close them. Those patches are made available as updates to your CMS, modules and plugins. Installing updates closes these known loopholes and improves the security of your site.
What Effort Is Required?
Depending on the size and complexity of your site, it usually takes a couple to a few hours each month to keep your site updated. The approach we take for our clients’ sites is to apply all core and module updates, unless they are feature-breaking. In our experience, making security updates alone is not enough. Eventually the site becomes woefully out of date and at that point even applying security patches can break it.
Always. Apply. Updates.
Once hacked, it can take a week or more for a skilled developer to clean and fix your site and get it live again. Read more about the process in Tess Flynn’s post. Granted, it’s not possible to completely hack-proof your site. It is another example where an ounce of prevention is worth a pound of cure. (Benjamin Franklin said that eons before the age of internet!) To this end, we heartily recommend taking a proactive approach to support and maintenance from the moment your shiny new site is launched. If you remember nothing else from this post, make it this: whether you do it in-house or hire a firm to help you, always keep your site updated!