WebSolutionZ are making some changes to our hosting plans for 2017.
Since 2005, WebSolutionZ has been delivering website solutions via a project-based business model, using the Joomla! Content Management System (CMS). Once delivered, the site was handed over to the client for ongoing management and maintenance. This strategy worked fairly well for 10 years, but this year has seen a large increase in the number of website security issues across the world, and a number of existing clients have recently been impacted. This is obviously bad for the client, but also something we're not particularly happy about!
We recently attended the Joomla! World Conference in Vancouver and several speakers talked website security, including a keynote (which you can view here if interested). The talk included the following key points:
1. Websites are attacked for a variety of reasons, most commonly:
- To distribute malware or spam;
- Search engine poisoning (where search engine rankings are deliberately contaminated to cause a drop);
- To set up phishing (fake) websites within your hosting account;
- To connect your website to a larger "botnet" which can then be used to attack larger sites.
2. The methods employed to attack websites include:
- External attacks such as brute force attempts (where a program runs through every password combination to try to gain access to your site);
- Exploitation of software vulnerabilities and server misconfigurations;
- Distributed denial of service (DDoS) attacks;
- Cross-site contamination, where all websites sitting on a shared server are exposed.
Many of these attacks are automated, and the security advice given at this conference was that every website owner should now accept "when" their website will be attacked, not "if".
3. A business may be impacted in a variety of ways after a website exploitation:
- Business impacts, such as impact to the brand, economic impact, emotional distress and potentially, liability.
- Technical impacts - a website may be blacklisted by Google, or suffer a drop in SEO ranking, resulting in a potential loss of visitors.
All sounds rather daunting, right?
According to this report from September 2016, 86% of Joomla! websites are out-of date. This is understandable - so far in 2016, there have been 8 Joomla! core version releases, and a constant (almost weekly) array of 3rd party component, module and plugin updates. It's really difficult to stay on top of things. Security updates may seem annoying and time-consuming, but they are important because once an issue is identified, scripts are written fairly soon after which will attempt to exploit that issue. And this isn’t just a Joomla! issue – all the major CMS’s are out-of-date. We’re lucky that Joomla! is faster at patching than most, but the patches need to be applied, every time.
At the security keynote, we were encouraged as developers to take responsibility in helping clients keep their websites secured. As such, WebSolutionZ have made the following changes for 2017:
- All WebSolutionZ hosting plans will include website maintenance. This means your website security updates will be managed by us, on an at-least weekly basis. This is to ensure that all WebSolutionZ-hosted websites are up to date, and not putting other client websites at risk.
- All managed sites will be regularly backed up - in case a hack still occurs, we will have a recent backup to roll back to.
- WebSolutionZ will be implementing commercial management software to assist in handling this additional work.
There will also be two new options introduced:
- Maintenance + Content - WebSolutionZ can also manage your website content updates and social media posts, for those clients who just don’t have time for any of it.
- Minus hosting - options for clients who want the peace of mind, but currently host elsewhere.
Hosting options will be available on monthly or quarterly payment plans, with a discount for annual up-front payment.
Please contact us for more information, or to organise your new Maintenance Plan.