As soon as I picked up the phone, the voice on the other end blurted out:
“I’m so glad you answered the phone. I was updating some content. And the website broke. Is there any way to get it back?”
I checked the website in question while still talking to my very flustered caller. Sure enough, the home page looked nothing like it should. It was a mess.
I promised I’d get right on it and that, yes, there are backups, so we’d be able to restore the website if all else failed.
Less than 20 minutes later, I reported back that the website was again its normal self.
Turned out a very minor accidental edit caused the website problem. Quickly fixed in this case.
There have been other times when the issue wasn’t fixed so quickly and the website was down for a much longer time. Even some cases where the website had to be rebuilt from ground up.
None of us want that.
So what can you do to protect your website?
#7: Never rebuild or redesign on a live site
Because something will inevitably break. That’s the nature of building or designing websites. So even if it’s “just” adding one new page with a new design, the safe way to do so is on a staging site.
A staging site is a copy of your live, public website that is in a location where people (and search engines) won’t find it. Often that’s a subdomain on the same server.
If something blows up spectacularly here, there’s no real harm done and you can take your time figuring out what went wrong and fix it.
We don’t do rebuilds or redesigns every day, but when it’s time, a staging site is a very simple and effective way to protect your website.
#6: Regular backups of your website, stored off-server
You host may do backups of your hosting account. That’s great, but not that helpful for you, unless the whole hosting account goes down. And then you may learn that your hosting provider is fine with getting your account restored in a matter of days. When you really need it up in hours.
Instead, I’m talking about backups of your website installation itself, to protect your website.
A self-contained backup of your website lets you port it to another server if needed. Or use it to create a staging site when making changes on the site.
Backups should be regular. I recommend at least weekly. More often if you take orders online or content on the website changes very frequently. Some websites may even need real-time backups.
To be truly useful, the backups need to be where you can access them anytime. That’s definitely not on the same server as the live website. Because if that server goes down, then both live website and backup are inaccessible. Instead, use another, secure online location that you can get to, no matter where you are in the world.
Finally, be sure to test that the backup process really works by regularly restoring a random backup. Because a corrupted backup is of no value at all.
#5: All SSL, all the time
Every page on every website should display with a padlock. That means the connection from browser to server is secure, keeping prying eyes out.
This is about basic trust — letting your visitors know that you care about them. And it does protect your website and reputation
Note that it’s not enough to just install a SSL certificate. The website must deliver all pages using a secure connection regardless of how the URL was entered. So clearly HTTPS://claesjonasson.design is going to get a secure connection. Because the URL specifically requested a secure connection via HTTPS.
But all other ways to get to your website must also be forced to use a secure connection. Even if it wasn’t specifically requested.
For instance, HTTP://claesjonasson.design is not a secure URL. Neither is HTTP://www.claesjonasson.design If not handled correctly, the server might in these cases just display the page content over a ‘not secure’ connection.
Poorly implemented SSL may present a secure connection when one is asked for and a non-secure connection in other cases. That’s a definite path to confusion and loss of customer trust.
The correct approach is for your website to force the use of a secure connection, regardless of the URL used to get to the page.
#4 Keep the website updated
There never really was a time when we could build a website, launch it and let it be.
But today, when there are scripts, databases and lots more code involved, it’s even more important to keep all the technology updated, so that vulnerabilities are quickly patched and proper functionality maintained. Because you want your website to be there for visitors 24/7.
It’s all about protecting your website.
#3 Security software
Hackers never sleep. And neither should your security. It doesn’t matter how small or seemingly insignificant a website is. Hackers are interested. Mostly in getting access to a server they can use to send out spam or to stage attacks on other websites.
They don’t really care about your content or cause. They want processing power. And that makes every last website a potential target for hackers. Nobody can hide in obscurity anymore. It’s not a matter of “if” but “when”.
Good security software will protect your website by hardening it, effectively keeping many types of hackers out.
It can also alert you to other issues that might spell trouble for your website.
#2 Know where your domain is registered and the website is hosted
This may sound silly, but a surprising number of website owners don’t know where their website is hosted. Or the domain is registered. After all, these are not things we deal with daily. May even have been set up a long time ago.
So when a letter arrives in the mail that looks like a bill for their domain or hosting, they pay it. Except it was from some company that’s made a business model out of fooling website owners into buying their services, thereby turning over website hosting or domain registration to them.
Especially domain registration is relatively easy to ‘hijack’ like this. But ever so much harder to get undone. You might even end up losing your domain in the process.
The “best” outcome of this scam is if you “just” end up paying for a totally unneeded service that promised to get your domain into “domain registries” to give you lots and lots of publicity. Because in that case, the scammers are literally not going to do anything, except collect your money.
Fortunately it’s easy to protect your website against these scams: Just make sure you and anyone paying bills know where your domain is registered and hosted.
#1: Own your domain(s)
That seems obvious. Yet it was just a few years ago that a large transportation company had to suddenly change their URL. And website.
Turns out, they relied on the agency that created their website to also own their domain. When the company and the agency parted ways, the agency simply hung on to the domain. After all, they were the legal owner. Even if the domain was the company’s name.
In order to get back online, the company now had to change their URL. Plus spend a lot of money and resources to let new and existing customers know where to find them online.
All at the same time as they were super-quickly building a new website, including an online ticketing system.
If that can happen to a large company, it can happen to a small business. So protect your website by always owning your domain. You can allow your designer/developer to manage the domain for you, but you must be the owner. Period.
Because if there ever is an issue, any legal process for sorting out ownership will take a long time, assuming you even win in the end. And you will have expended effort and money to start using a new URL. With lost business during the transition as a result.
You may also want to consider purchasing similar domains or spelling variations. And have them point to your main URL. Just in case. You don’t need to own every variation known to man and certainly not in every foreign country. But it might make sense to own some.
It’s all about protecting your website
That’s 7 must-take-care-of items for every website. They’re not flashy or terribly exciting, but if skipped, the consequences can be devastating. Don’t learn the hard way.
If you don’t know how to take care of these items or don’t reliably have resources to take care of ALL of them, do yourself a favor and work with a trusted professional who will make it happen, on schedule.
Also remember that none of these items are “set it and forget it” type items. They all require ongoing attention.