Securing your site

It can be difficult to keep up with the maintenance of a site when there is no budget or will to have someone tend to it, even part-time. Joe Bloggs in IT gets assigned to it or the de facto IT head that "knows computers" is given the responsibility on top of their existing duties.

Almost invariably, no matter how well you prepare a client's site, when their new baby is handed over to them, issues are going to occur at some point in the future.

What happens next often hinges on how reliant the company is on the site to directly generate their revenue .

Despite the fact that agencies are brought in for their expertise in web development, it is an ongoing struggle to impress upon clients that maintenance and robust security measures are a necessity.

It can be difficult to both convince a client contact why this is necessary AND have them communicate this effectively up the line.

It's not necessarily an expensive venture either. Not buying smoke alarms for a building because you feel you have spent enough already is not conventional wisdom. Being able to look at website security in a similar manner goes a long way towards mitigating and even eliminating problems down the line. At the risk of hackneying the metaphor, you can avoid a large amount of firefighting with some preventative measures.

Companies offering security services, such as Sucuri, CloudFlare and SiteLock... still depend on being built on common-sense security practices you should already have in place.

Many employ such companies after the horse has bolted, but isn't preventing the problem in the first place infinitely preferable?

Security issues might go completely undetected until a customer or potential customer of the client informs them that Google is warning them of a possible hack. Regardless of the severity of the hack, this is unlikely to be good for the reputation of the company.

Unfortunately, no matter what you do, your site can still end up being vulnerable. If your site requires many people to have backend access, it is difficult to prevent colleagues from changing their password to something than can easily be compromised. Even after successfully following best practice, serious issues can still arise.

Educating the people that are ultimately responsible for a company website of the benefits investing in security and following good policy may be the single most important that you can do for your web security.