Most businesses now have a website and in order for that website to be live it must be hosted on a server. The IP address of the server combined with your business URL is what delivers the stuff you’ve been looking for. It might sound complex, but it is simple fit the people who set it up, configure or maintain it!
What could go wrong?
The server where your website files sit, whether that be ‘in the cloud’ or in a freelancers spare bedroom, is a physical piece of hardware, and that makes it vulnerable to failure. This failure could be down to a number of things:
Everyone that has heard the word ‘website’ has also heard the word ‘hacked’. Hacking is a major issue that you have to face. There are many ‘types’ of hack, from a brute force attack – which is an automated ‘bot’ guessing thousands of passwords a minute – to more sophisticated breaches. For example those that get into the root files through something like a plugin, and install malware on the website itself. Whatever the hack is, they cost a lot of time and money, not to mention the loss of credibility with customers. Doing all you can to minimise the chances of a hack occurring, or reducing the impact when it does, is only a good thing.
To clarify, the site files and the database sit on the server and power the whole website. You won’t (or shouldn’t) ever need to concern yourself with these, only your web developer or hosting company will ever touch them. It is possible, because humans are involved that there may possibly human error and someone deletes your site off the server. Think about that – someone just simply deletes your whole, entire, website with a couple of errant clicks. A reputable company hosting your site with really good infrastructure, will take a copy of the entire server every night and transfer that to another completely separate server. However if it is a small company or a friend hosting your site, it is highly likely you now have no site at all and no way of retrieving it.
One thing that is less common, but something to consider is malicious deletion. You may have a disgruntle employee with access to the content management system (CMS), the facility that allows you to make all the content updates. They may not even work for you anymore, but if their access credentials haven’t been changed, they can log in and cause all kinds of damage. While they might not be able to delete the core site files (the actual site architecture), they would be able to delete all the content that is on the site, or perhaps worse, write all manner of ‘inappropriate things’. With content deletion you would notice, with new content slipped in, you may not. If they have access to the server and the site files, you may have an even bigger problem on your hands.
A server is a piece of physical hardware, and therefore it can break, no different from your laptop or your phone. If the site isn’t backed up, then the inability to get the server working will mean that your website cannot be restored.
How can I avoid these things happening?
Ensure you have a good policy in place that allows you to monitor who has access to what, and as soon as an employee ceases to work with you, or there are employee relationship issues you can restrict, or remove access to avoid any issues.
There is a step that you can take however which means that you’re covered for every eventuality, and that is having a robust backup schedule in place. So how do you get this?
01 – Find out who hosts your site and their backup regime. What is the disaster recovery plan? Just in case the worst happens
02 – Ask if you can get a physical copy of your website site files and database sent over to you as a zip file, so if the absolute worst happens, and your site is completely deleted, you have a copy of your site on your hard drive
03 – If a backup schedule is available, ask what it is and establish whether it is enough. For instance if the site is backed up every three months but you add and amend content three times a week, you stand to lose a fair bit of content. Ideally you want it backed up every night
04 – Make sure that you check your site regularly for any issues and that backups from longer periods are saved. If your site is backed up every night and you have been hacked, each new backup will overwrite the old one – effectively a bad copy replacing your existing good copy. Unless you establish you’ve been hacked immediately, your restore copy (from the night before) may not be the clean version. This is why you need a series of backups taken so you can go back to various points in time with a ‘clean copy‘.
05 – When you write content for your website, make sure it is saved elsewhere as opposed to just being added to the website directly. That way if the worst happens and your content is wiped, you still have a copy of it to paste back in the CMS – for example as I write this blog, I’m writing it and saving it as a Word document so I can retrieve it if needed in the future.
06 – Make sure you keep your website and plugins up to date, and ensure you have as few people as possible with access to the server and the CMS, and those that do have really solid passwords so there is less chance of a security breach.