Is Your Site a Security Risk?

Shawna O'Neal, Web Engineer
Posted on Oct 17, 2019

Regardless of what type of site you have, one thing remains certain: it needs maintenance.

Modern websites need maintenance. This is just as true among industry giants as it is for your neighbor’s gardening blog or your favorite restaurant’s online menu. The difference between maintaining these sites is the amount and complexity of work necessary to keep everything running smoothly and securely.

What’s involved in updating a website?

The time and knowledge needed to perform site updates depend on how the site was built and what platforms it uses.

For developers, this means staying up-to-date on the frameworks that were used when building the site and making updates as needed. Using package managers (such as NPM) makes it easy to implement code updates to an entire codebase in just a few steps.

For site owners, reaching out to your developer is your best option if you weren’t left with any specific update or maintenance instructions. For out-of-the-box CMS sites built on Squarespace, WordPress, Wix, etc., this could be as simple as running updates from within the CMS’ control panel. Plugins and other features add complexity that will require more effort (and developer knowledge) to update.

For self-hosted websites, where the site is hosted on a server that you manage yourself, updates will require server maintenance in addition to site maintenance. Your site’s security depends on you keeping the server operating system, and any system software, up-to-date and patched for any of the latest security vulnerabilities.

Common questions about website updates:

I never change my content. Do I still need to update my website?

Unfortunately, it’s not content or daily usage that opens a site to security vulnerabilities, but rather the systems and framework of the website. In fact, zero-day exploits are estimated to cause one new exploit per day by 2021. These exploits are made against entire systems and frameworks at an alarming rate, and typically focus on weak points in outdated code.

My site is 100% static code, there’s nothing for me to update!

A static site isn’t exempt from needing updates to remain secure. In fact, these sites rely 100% on developer testing and review to identify vulnerabilities before implementing any patches to fix them. One of the beloved advantages of using modern frameworks and libraries is being able to distribute patches and updates across the code base more easily.

Doesn’t my content management system already auto-update?

Some basic CMS platforms might offer automatic updates, but modern websites are typically too complex to rely on this. The usage of plugins and the ever-increasing power of frameworks is making one-step updates near obsolete. To properly update an entire site, not just the content manager or dashboard services, it’s recommended to work with a web developer.

Nobody would want to hack my site, there’s no user data on it!

There’s certainly less to worry about when a site doesn’t store user data, but it doesn’t eliminate a potential threat. Vulnerabilities in tracking data (Marketo, HubSpot, Pardot, etc.) can be targets of malicious activity, as can the hosting platform or the site itself. Malicious software is often distributed, and executed by, websites whose owners have no idea they’ve been hacked. This can be particularly disastrous for your site’s SEO value and could result in a domain becoming blacklisted for malicious activity.

Will updating break my website?

Changing code and updating services always carries a risk for unintended side-effects. As one part of a system updates, it can become out of sync with other portions of the codebase that depend on it. Typically these side-effects are found and resolved during a QA process before pushing any changes live. Depending on how complex or how far behind on updates the site is, several rounds of QA could be necessary to get your website in tip-top shape.

I want to update my site, what should I do?

Imarc’s experts will work with you to perform a code audit and evaluate where your website currently stands. Additionally, our Client Services team specializes in working with existing clients to keep their sites maintained and secure. Interested in learning more? Let’s talk!

October is Cybersecurity Awareness Month. For more security tips and knowledge, check out the rest of our security blogs.