Upgrades to Website Software Like Joomla, WordPress, Magento, Drupal and DotNet Nuke
We've been posting articles here about security lately. It's very important. There has been a rise in website hacking (not particularly with us but just in general). So why do these hacks happen and what needs to be done to prevent them?
What Kinds of Compromises Happen?
There are a few kinds of hack / compromises that happen:
- The Script Kiddie Hack - This is your amateur hacker. They use scripts made by others to hack websites or software. They set it up and run it and let the software do the work. It's effective but not considered creative in the hacking world. These scripts just find as many websites as they can (usually by following links from website to website) and then run the script on each website they find - looking to see if any known holes are exposed. If there are holes, they will run the appropriate commands to get in and then install whatever they want. Usually, it's just a script to send spam email or phishing software.
These kinds of compromises are not personal and are the majority of what goes on. They just found your website and tried to get in. It's like knocking on every door in the neighborhood. Usually, the people running these scripts are in other countries like China or Russia.
- The Direct Attack - This kind of hack is directed at your website / business and it's on purpose. We don't see this a lot but they happen.
- The DoS (Denial or Service) Attack - These are usually automated and planned but they could be random, too. This is usually directed at a server and there are rapid, repeated attacks to try to login.
What our clients have to mainly be concerned about is the first one - those Script Kiddies. These kinds of compromises are usually hidden and we find out about them when the mail queue suddenly ramps up with tons of spam email being sent out. We then have to find out the source and then take action.
To prevent your website from being the source of problems, it simply needs to be updated. We just posted a good article on this: "Keep Your Website Software Up to Date" and we suggest you read it.
What Can Go Wrong With an Upgrade?
When you do keep your website software up to date, it should be as simple as just clicking a button or link to run the upgrade process. That's what we're used to doing when software on our computers gets updated, right? Well, with the website industry, upgrades are not quite to that level yet. They are getting much better now and the chances that "one click upgrades" will actually work fine is much, much greater than just a few years ago - but things can happen. Let's explain.
Plugins Not Compatible
This is probably one of the main problems we see. The core software gets updated fine but plugins (extensions, modules, additional software like photo galleries, etc.) don't work after an upgrade. Often, that software also needs to be upgraded - that is if the software developer has bothered to keep things up to date.
Sometimes upgrading one plugin will cause another not to work. What if there's no upgrade for the other one? You're stuck - unless you know how to troubleshoot / diagnose the problem and then go into the code and fix it. You might really need that plugin and you'd have to do this or find someone to do this work for you.
Wrong Versions of PHP or MySQL
If you do an upgrade or patch before your host is ready for it, then maybe they don't have the necessary software installed on their end. You proceed with the upgrade and then nothing works. You then have to go back - what a mess.
The opposite can happen, too. Your host could be upgrading their versions of PHP or MySQL and if your website is not up to date with the latest version, it could break.
Both of these things (the server software and your website software) need to be looked at carefully before doing an upgrade.
You Have to Go Back
We just mentioned this. Sometimes you try to do an upgrade but for some reason, it just won't work and you have to go back a version. That's hard to do if you didn't take a backup right before you got started - meaning, a confirmed backup of all the files (with permissions preserved) and a dump of the database.
Lack of Testing
Did you just do an upgrade and not test everything on your website? Did you just do it and walk away? How do you know if everything still works? Maybe the home page looks fine but everything else if broke. Your contact form may not work, your e-commerce might not work - who knows? You have to dedicate ample time for testing everything after an upgrade. If you don't, you could find out months later that you've been losing out on leads or sales.
Not Being Careful
Probably the toughest part of being in website development is all the mundane things you have to do. If you're not someone that can pay attention to detail and be careful, then website development is definitely not for you. Things like consistency, being thorough and being patient / careful are paramount. It's tough because the work can be really boring but it has to be done. If you're not sure what you're doing and what order to do things in, you could have some big problems - again, it's very detail oriented work.
Upgrade at Night or During Off-Peak Hours
You really want to be careful to do your upgrades during non-peak hours. You don't want your website down for 5-10 minutes of even a half hour during the daytime. Upgrades should be done at night so as to avoid losing potential customers or sales. So get some coffee ready!
Website design and development can be a thankless job sometimes. A lot of work happens in the background and it goes unappreciated. Most people don't realize all that needs to happen to develop a website and to keep it running fine. Most of our clients don't have the time or patience to learn how to do all of this. They need to run their businesses. Even companies with IT Departments simply don't have time to do things like maintain the website. They're too busy. It really makes sense to leave this kind of work in the hands of the experts. They can do it quickly and efficiently and want to do the work. It just makes sense.