So, lets look at some of the issues to look out for, along with the risks. Just open up your website, and head to the dashboard once you’re logged in. There are a few things to look for, and they are often accompanied by little red icons with white numbers or symbols within. Click on an arrow!
Comments full of Spam links
Allowing people to leave comments on your website may not immediately risk it’s integrity. However, many websites are set up to allow comments, perhaps frompeople who have had a comment published before.
Turn off comments unless you really need them, and delete old comments. I bet if you look through, you’ll find they are allfull of dodgy links. Also, if you must allow, check the approval settings, and add automated filters or a Captcha to flush out the rubbish.
Core software out of date
The most basic of protections is to keep your operating system up to date. It not only protects against many new threats, but will often add new features to the site to make it simpler or more versatile to operate.
Too many plugins, and left out of date
This site has 38 plugins, of which 8 are deactivated, and another 15 are not needed.
The danger with lots of plugins is many faceted.
1. Out of date plugins will add to hack risks
2. Too many plugins may well slow the site down
3. You may have critical site functions which require the lastest version. Beware of plugins which are no longer supported, have few downloads, or poor reviews.
4. Plugins of this quantity are rarely all updatable in a timely manner, which can affect any of their operation.
5. You may be paying for licences which are not necessary, or using software which cannot be updated because it’s licence has lapsed.
So, here’s a list of the jobs required to safeguard the website in question.
- Gain access to the existing site, and review critical risks
- Prepare a quote for the work, with contingencies – not all mass update processes work first time, and the order in which you do things may be different each time.
- Gain access to the client’s host account to take a full backup copy of the existing website
- Review the current hosting, and recommend an alternative host which has suitable daily backups, malware scans, and is fast and large enough with good support for the business
- Review emails, and any other functions connected with the domain to ensure any changes take into account any impact on these. Eg emails, Adwords, Payment Gateways
- Work out and agree a critical timeline of actions for me, and the client to make sure the process is completed safely, and in good time.
- Purchase a domain name to use temporarily to conduct the repairs, and point this to the new hosting. Set up the host environment.
- Load up the copy of the website, and adapt the database to reflect the temp domain. This may be hundreds of records within the site. Remove any plugins which are hardwired to the original domain, such as shopping gateways, security software.
- Check the temp domain’s functionality, along with the client, and any of the team who regularly administer the website.
- Take a backup of the temp site
- Prepare a plan to disable software not required, and delete. To update software remaining, and core system software. Do this in stages, with client checking at various stages, and backups taken at major steps (a host with one-click restore is a must in this situation)
- Record steps each time. If any part fails, restore the backup, and try again. Try disabling some plugins temporarily if they are causing problems.
- Once happy, ask the client to review again, before arranging a mutual time for the live domain to be switched to the temp domain. Change the settings to revert the temp site data to the live site.
- Test, backup, and hopefully relax.
- Review after 2-3 days, 1 week, 1 month.
- Cancel old hosting.
Oh yes, and send an invoice!