Your website is actually running software if you are using a Content Management System or any kind of script (versus just having static, HTML pages) - even if there's just a tiny script that just sends you an email from a form. This includes websites running WordPress, Joomla, Magento, Dot Net Nuke and Drupal. With the way websites are made today, this is virtually all websites out there. And not only is just the core software but also any and all plugins/extensions that are installed as well. They all make up your website.
Think of your website as a program running on your computer. That software needs to be updated, right? Now think about your computer being set up at a busy shopping mall or someplace where there are a lot of people. Most people are just going to do what you want them to do on it (see the pages of your website) but some of them are going to try to mess around with it and install things they want on that computer. That's what hackers do. Your website has to sit on a computer that's public accessible - you want people to see your website. That means that your website security is even more important than your own computer.
It is. You've put a lot of time and money into your website. You need to protect it. Your source of leads and sales is your website. People have mobile devices and are searching the web from everywhere. Your website is their first impression of your business. Protect it. Protect your brand.
It is... well, as much as it can be. No piece of software is hack-proof. We do keep the core software up to date on the server and apply all patches that come out. These are things like the operating system, the mail system, the database, the web server and lots of other programs that run. The only problem with this is that even if all of this software is secure, we're letting our clients install software that runs on top of that. If that software isn't secure, then that weakens the whole server.
One pretty decent analogy is to think of the web server as a building that you rent. You get to use that space and put about whatever you want in it. If you don't take care of the place and start leaving the door open or unlocked, then it's just a matter of time before someone breaks in and makes a mess of the place. You may not even intend to do this... the locks just get weak over time.
Websites that have back end administration tools are great but with that convenience, you have a cost of ownership and maintenance and upgrades need to be done.
If someone gets in, then we really don't know what they will do. They have free reign. Often, they don't want to be detected, so they will install something in the background so that it's not found and can keep running. This means your website could already be hacked and you don't even know it.
Depending on the severity of the hack, we may either need to just clean it up or we might even need to take it completely down. That's right, we might need to completely take down your website if it's a bad hack. The reason for that is that your website could be stealing resources from other websites running on the server or it could be affecting others' websites in other ways.
Also, if we have to clean up your website, then we will need to charge you for our time. It's ultimately your responsibility to keep your website updated. Most people, however, don't know how to do this themselves and have their website developer (us) do that, too. When we do that, we will have to install the necessary patches and upgrades as well. It's just much better to keep up with upgrades and patches. You will save money and protect your investment.
Of course, our goal is to work with you so that your website keeps running and is healthy. When you succeed, we succeed. Things happen, we know that. If a client of ours works hard to keep things up to date and there are problems, we might let some things slide. If a client never does any upgrades or keeps up with things, then we really have to charge for our time since we do want to make sure that other websites are not affected.
Not really. It's a different thing. Main software on our servers is always up to date. We're not in a situation where we receive PCI scans reports and then we upgrade our software - not at all. We're upgrading our software on our server (the core software) ALL the time. What we have to do with PCI scans is prove to those companies that it is indeeed upgraded since they can't see what we can see. Read more about PCI Compliance.
If you have any questions or concerns at all about website software, hacks and cleanup, please do let us know. We'd be happy to explain things more so that your questions are answered and that you understand. We know this "computer" and "web" world may be new to many of you and we don't expect you to know all the ins and outs. That's why you hired us to work for you in the first place.