Lessons in backups and site security

When you have created and worked on as many websites as I have you know the value of site security and regular backups. No one wants to see all of their hard work go to waste. Worse than that, no one wants an angry client calling them because their site has been compromised.

Here are a few lessons I have learned.

Backup sites often

During development. Immediately after each milestone. Prior to making any changes. These are great times to make a backup. Also backups on a routine basis are an excellent practice.

The method used for backing up a website is up to you. Sometimes hosting providers will offer solutions for data backups. Making local copies of all your files is very practical, although (if you ask me) a tad old fashioned.

Better WP Security is a fantastic WordPress plugin that can generate regular database backups and send them right to your e-mail. I also use this plugin heavily for security which I will cover next.

Probably my favorite backup tool would be a plugin called Snapshot. This plugin is great because it can backup more than just the database. It saves all the files from your site. But my favorite part is that it can send the backups wherever you want. In my case, I am having it send site backups directly to a specific directory on ANOTHER server of mine. Can’t get much better than that.

I recently learned a valuable lesson in backing up a site. I was brought into a website project after it had already started and was asked to finish things up. I did so and got the site running fine. It was a complicated project with lots of custom styling but I made it happen.

Just a few months later the client discovered some critical elements of the site were broken and phoned me up. I assessed the damage and almost wanted to cry. Things were beyond repair and what could have been a 5 minute task if I had backed up the site properly turned into a 5 day rebuild that I couldn’t charge for.

Security is not a joke

Two serious instances of security breaches on a website come instantly to mind. The first instance was on a blog I was managing for a client. I did not design the blog and was simply managing the addition of new content to it and some other minor tasks. This was also early in my webmastering career and it was a new experience for me to hop online one day and notice there were spam links in the footer of the blog.

I wasted no time diving into the code and simply removing the javascript code that had been placed in the footer. But lo and behold, when I went to preview the site after this, I discovered no blog but only a white screen with a message stating that I should not remove the links and that they were not hurting anyone.

In the end I found the entire theme had been infected and we had to trash a lot of work that the previous designers had done. That plus a lot of wasted time on my part helped teach me that security is a very big deal (as well as choosing the right themes).

My second lesson came more recently. Again, another site I did not create. This time the client was asking us for a quote to redesign the site and potentially offer some SEO services. Well, as we were analyzing the site we discovered that it had been cleverly infected with links for discount prescription drugs. Numerous pharmaceuticals were being promoted across the site but were very well disguised within the site’s copy.

Obviously this looks very bad for them just with the link problem. But what was even worse was their search engine ranking reports! Among the top keywords they were ranking in searches for were many of the discount drugs that were plastered across the website. Bad news all around.

Today we enforce very strict security measures on our sites and are constantly improving in this area. We have never had any of our websites breached to date, despite numerous recorded efforts by hackers.

Please feel welcome to share any of your own lessons related to backing up sites and securing them properly. We would love to hear them.

Tags: ,

No comments yet.

Leave a Reply