5 Questions To Ask Your Web Partner About Security

Sheila Burkett // Security
Talk to Your Web Partner About Security

Has your website ever been hacked? If it has, you know how difficult it can be to get it back up and working. As a business owner, you pay thousands of dollars to have your website built, but how do you make sure the website and server are being maintained to prevent it from getting compromised?

Here are five questions you should ask your web partner about the security of your website.

What content management system (CMS) will my website be built on?

CMS’ such as WordPress and Drupal, are open source platforms that interactive agencies use to build websites. There are programmers around the world dedicating their time and effort to the maintenance, enhancement, and expansion of each CMS. This results in the frequent release of new updates that fix problems within the code base, plugins or modules that provide website functionality. What does that mean to you? Each month, the company or individual who maintains your website should review the code that was released, apply the updates to your website platform and test to make sure everything is still working.

What development and testing processes will be taken to ensure my website is secure?

Your website isn’t just pretty pictures and content. Most websites today allow users to log in, make purchases, submit applications for jobs, or monitor service requests. The website code that makes this possible should be written with security in mind and tested to make sure the “bad guys” can’t get through easily. Hire a company who understands these issues and can talk to you about the procedures they take to develop secure websites.

What hosting service will my website be using?

Websites run on a computer called a server and the websites are “hosted” or run on these servers. It is important to understand the following about the environment:

How Web Hosting Works

  • Where are these servers are located?
  • Which security measures does the company take?
  • What monitoring procedures are in place to identify a threat?

Websites are often hosted by specialized companies that utilize different forms & levels of security. Some hosting companies limit web teams’ access to server level software, which may limit their ability to keep the web server and website secure.

Who will manage the security and software on the hosting server?

When you purchase hosting services from companies such as WIX or GoDaddy, they typically are maintaining the servers and monitoring for security issues at the server level. Some hosting services do not maintain the server security or software, however. It is important to understand what level of security support the hosting company actually provides at the web server level and/or with your website content management system.

Will you make sure my CMS is updated and secure?

A monthly review of the CMS and any plugin updates that are regularly released is highly recommended, as well as implementing a monitoring process that includes alerts when security patches are made available. Security patches should be applied within 24 hours of the announcement.

An area where we frequently see security issues arise is with plugins and modules that have been installed on the CMS that are no longer supported or maintained by the original developer.. When code isn’t maintained, it creates a security hole that makes your website vulnerable to being compromised. Here at Spry Digital, when the technical team identifies plugins or modules that are no longer maintained, we immediately look for a replacement of that code to minimize the security risk. Once your website is built, you should expect additional support costs for your website team to address these issues.

Your website is the digital front door to your company. Not only do you make sure that all of the doors to your building have a lock, but most of us have security alarms, cameras and security codes to ensure our buildings are safe from intruders. It is important to make sure your web partner is employing the same level of security and maintenance for your website.