Spring cleaning? Include your website to make it fast and secure!

27 Sep 2021, by Slade Baylis

With spring arriving, it’s that time of year for new beginnings and fresh starts. At the very least it’s a good excuse to finally do that big house clean you’ve been putting off.  However, why just limit it to your personal affairs? Your business is just as important, and so now is a great time to make sure your website gets the love and attention that it deserves too!

As reported by the Ponemon Institute1, 60% of victims of hacking attempts reported that they were breached due to known vulnerabilities that weren’t patched. Not only does it leave them vulnerable, but using low quality or out-of-date software can even slow applications down. With your website, this can lead to user frustration and lost sales. This is why it’s extremely important for all website owners to make sure that their websites are well maintained and updated quickly as possible. 

To help our clients through the journey of maintaining their websites we’ve included some information below to help lighten the load. We’ll cover how to automate or offload website updates and how to improve security by reviewing your plugin usage. We’ll even tell you how to improve your website speed and thus your bottom-line, and all it takes is just a few minor changes to your hosting account!

Making sure you’re secure - Updating and patching your software

With any sort of software, it’s almost a law of nature that over time vulnerabilities will be introduced as features are added or updates released. Even well developed and supported applications aren’t immune to this unfortunate fact. What separates quality applications from the rest though is that when vulnerabilities are discovered they are quickly patched. This is why it’s important to make sure that any software that you use is updated regularly. Ideally they should be updated as soon as possible after updates are released.

In the past, this was a very manual process with website owners having to manually download and install new versions of software. Nowadays though, with the widespread use of Content Management Systems (CMS), this process is usually a lot more straight forward and updating the software on your website is as simple as pressing a few buttons! This process still has one flaw though, in that it relies on someone logging into your website and then manually going through the process. This means that if you don’t log into your website regularly, your website can be vulnerable for long stretches of time until you do.

This is why it’s becoming more and more common for businesses to have Managed Hosting through their hosting provider. Managed Hosting is a service where the hosting provider actually manages and applies updates for you. This is a great service, however as you can expect, there is a higher cost associated with this managed service than regular hosting plans. So what do people do who can’t afford those extra costs? The good news is, there is an alternative, which is the option of setting up automatic updates.

With automatic updates, users can make sure that their websites are secure as soon as patches and updates are released. This means that their website can remain secure, all without needing to interrupt day-to-day operations. With WordPress specifically, any minor updates that become available for the Core, Themes, or Plugins are automatically applied by default. Major updates won’t automatically go through, but can be enabled through use of plugins like Advanced Automatic Updates (https://wordpress.org/plugins/automatic-updater/).

It should be mentioned that there are potential risks with this sort of setup. Any change to software on a website has the potential to cause issues with how it functions or even take it offline entirely. When manually updating a website, you can check the website immediately afterwards to make sure it’s working. When automatically updating a website though, issues that are introduced can and will persist until either you or your client notices the issue. This is why the decision between managed hosting, automatic updates, or managing your own updates is a decision that each business needs to make for themselves.

Review your software - How to determine the quality of plugins and secure your website

Website CMS platforms are extremely powerful due to the flexibility they give website owners to add functionality through plugins. It can be used to make simple blogs, eCommerce websites for a small business, or even online forums. Almost anything is possible with the plethora of different software that are available to use. 

With so many different plugins available from developers all around the world, not all of them are going to be of the same quality. This is why it’s important to review the quality of the plugins that are in use on your website. The information below will help you choose the better quality plugins, making your website more secure and potentially faster!

Here are the things to look at when evaluating a plugin for use on your website:

  • How many times has the plugin been downloaded/installed?
  • What rating has it been given by the people who have used it?
  • When was the last time it was updated?
  • Who was the plugin built by? Is it a single person or an entire company?

For example, here is a screenshot of a plugin called “Classic Editor”:

As you can see from the plugin shown above, it has:

  • Been downloaded / installed on 5+ Million websites in total.
  • Has a rating of 5 stars (based on 1,009 reviews).
  • Was recently updated (2 months ago). 
  • Built by official WordPress Contributors, rather than a single developer.

All of these measures point to the plugin being of high quality and trustworthy. When evaluating plugins, a failure in any single one of these measures doesn’t automatically mean that the plugin is of low quality or insecure. What it does mean though is that you should consider whether it is the right plugin for your website, or if there are better options available.

Another important factor to consider when reviewing plugins is the overall amount of plugins that are in use/installed. Whilst the main strength of WordPress comes from its flexibility, installing too many plugins can increase the potential attack surface of your website. In simpler terms, with having more software installed, there is an increased probability that a vulnerability could be introduced. Not only that, but having a high number of plugins could also be slowing down the front-end and back-end of your website. 

One thing you can do to combat this, is to look for plugins that offer multiple different features that you need. Rather than installing separate plugins for each individual feature, look for ones that offer multiple features that you require. Doing this reduces the complexity of your website, making updates less likely to cause issues due to plugin conflicts. As a side benefit, it could even speed up your website!

Speed up your website – Upgrade your version of PHP & Check your resource usage

PHP is a scripting language that is used primarily for web development. In fact, it’s used by common CMS platforms like WordPress, Drupal and Joomla. With that being the case, it should be of little surprise that it’s used by millions of websites around the world. For those websites, making sure they are running newer versions of PHP improves security, website speed, and how it performs with large bursts of traffic.

A standard WordPress website running on the latest version of PHP 8.0 has been shown to handle over double the amount of traffic compared to running on PHP 5.6. Similarly, the response times of websites running on PHP 8.0 has been shown to be over three times faster than the same websites running on PHP 5.6. Even when compared to relatively recent versions such as PHP 7.2, it’s been shown to have 25% faster response times. This is why it’s important to make sure the version of PHP that you are running within your hosting environment, is the latest version compatible with your application. Changing which version of PHP is in use is usually very easy to do, only requiring you to change a few settings within your hosting management administrator area.

For website speed, generally though, it’s recommended that you check your resource usage regularly. By doing this, you can make sure that your current hosting environment has enough horsepower for your application’s needs. You should check to make sure you have: (1) enough CPU to handle all the incoming visitors/traffic; (2) enough RAM to handle looking up information from your database; and (3) enough disk I/O to quickly retrieve the files and information that your website needs. All these three checks will let you know whether extra resources could help your website fly. 

What if your website does need some extra “oomph”? No problem! 

For our Shared Web Hosting accounts, we’ve got the option of “Speed Boosting” your account. This not only gives you access to even faster CPU architecture, but also places your account on servers that run NVMe SSD drives. Most providers only offer basic entry-level SSD drives in their servers, whereas our servers come with NVMe SSDs, which are some of the fastest available on the market. In addition to that, it can up to double the amount of CPU cores and RAM that’s available to your site. 

On our KVM Virtual Private Server (VPS) platform, we’ve got a similar offering. With our “Speed Boosted” KVM VPS platform you get access to Skylake CPU architecture and that same NVMe SSD disk technology. The NVMe drives can dramatically help with I/O intensive operations. Combined with the CPU improvement, these can speed up resource hungry applications and database queries. As an added benefit, the price difference of the upgrade is minuscule when compared to the increased performance you get access to.

Website Maintenance – An ongoing process rather than a once-off

When looking into maintaining your website, it’s important to not just consider what needs to be done right now, but treat it as an ongoing process. It doesn’t have to be an arduous task, as there are options to either have others do that work for you, or automate those processes. These can help you remain secure and let you focus on other important areas, such as growing your business. 

The best choice between managed hosting, automatic updates, or self-management is different for each business, but we can provide guidance with that decision. With any of those choices though, incorporating some of these website maintenance tricks into your routine can help make sure that your applications continue to be secure. Not only that, but they have the added benefit of improving your website performance, helping your bottom line. 

Have questions about getting more performance out of your website?

If you have any questions about the above article, we would like to hear from you! Whether it’s about getting Micron21 to manage your website updates, or moving you over to one of our “Speed Boost” servers, either way we can help out!  Feel free to email us at sales@micron21.com or give us a call on 1300 769 972 (Option #1 for Sales).

Sources:

1 Ponemon Institute, Costs and Consequences of Gaps in Vulnerability Response, < https://www.servicenow.com/lpayr/ponemon-vulnerability-survey.html>

See it for yourself.

Australia’s first Tier IV Data Centre
in Melbourne!

Speak to our Australian based team.

24 hours a day, 7 days a week
1300 769 972

Sign up for the Micron21 Newsletter