In late 2011 I had a real scare regarding one of my clients that revolves around the idea of “how to protect a website” (don’t worry the story has a nice resolution). It all started when I got an automated message from WordPress saying like:
“Someone has requested a new password. If you did not make this request please ignore this email”
Of course this is not they type of email you quietly disregard. I immediately called my client as despite the suggestion by WordPress to simply ignore the email I was very concerned. My cleint assured me they did not make this request and I then went back in to the dashboard to do some more digging. Everything looked fine. I called them back to say so far it looks okay but I will continue to monitor the situation
A few minutes later I get a new email from this site’s WordPress saying something like:
Password Lost and Changed for user: XXXXXXX
Yes, it was now panic time. I could no longer get into the WordPress dashboard as the password was in fact changed and I was starting to have palpitations – imagining all kinds of obscene images on my client’s home page etc. (A scenario that sadly played out on Sesame Street’s website.) It was not good. Not a nice follow up call to my client either after having just told them things look good.
This was a situation that nobody ever wants to be in. If you have ever been there than you know.
Turns out that firm that handles the hosting for this particular client neglected to let either myself or our shared client know that they were moving this site from one hosting company to another. Oops… but at least I was only out some major flop sweat and my client’s site was not being hacked.
Of course this really got me motivated as I knew I needed to address this issues and to have some good contingencies in place just in case in terms of how to protect a website. As a result of this event I’ve gone in put in some extra protocols that I have been rolling out to all my retainer clients to help us be better prepared for this kind of “what if” scenario – of course just because I use these services on my clients does not mean you need to be a client of mine to use these services – in fact having thought through how much value people place in their websites, I’d say these service could easily fit into the “must have” category depending on what you use your website for.
The two major upgrades that I have introduced are the following:
While you can never say “never”, the idea that in some way I can do “more” is certainly appealing particularly when it comes to protecting both my site and my client’s sites. So what do these things do and why should you consider each of these products for your own website?
Backup Buddy backs up your entire WordPress install. All of it. I also like that this service can automate the entire process and also send additional backups offsite (I’ve utilized their integration with the cloud based file sharing service Dropbox which so far has worked out really well. Don’t get me wrong – I know there are a number of other plugins that also can back up your WordPress site… but for me after seeing enough people that I personally trust rave about this product I was forced to look a little closer. In light of the above near scare, when it came to my clients I just felt that I need to go all in.
Sucuri really takes things to the next level. This service provides a constant scan of your website monitoring for malware.
The Sucuri Web Integrity Monitor detects unauthorized changes to your websites, DNS, Whois and SSL Certificates.
Unlike Backup Buddy, Sucuri is not limited to just WordPress sites. What I love about this service is not only will they monitor your site, but in the event that your website is compromised the experts as Sucuri will also clean up your site. That’s right, if your site gets infected this crack team of experts will go in there and make it all roses again. I can say for sure that if a site of mine were hacked, or for that matter one of my clients, we’d be in big trouble. Not only that, but with the constant monitoring, should anything come back looking bad Suciri will notify me.
Just a note – the Surucri monitoring is also baked into Backup Buddy but if you want more you’ll have to manually run a scan unlike with the paid service which is automatically run. Also the free service does not provide for malware removal. If you are on the fence regarding this service, and you are a WordPress user I would highly recommend you check out the free Sucuri WordPress plugin.
So there you have – two new additions to help protect a website that I have introduced into my life to provide both some additional heft and also some much needed peace of mind. For what it’s worth the client in question now feels much better when it comes to thinking about those “what if” scenarios – just one less thing for them to have to be concerned about.
Photo Credit: Caro Wallis via Flickr
Please note – this posts includes some affiliate links. That said I feel very confident endorsing both of these products and I actively utilize both of them in my daily business.