If you aren't technical, hearing that we do "Pro-Active Website Security" and "Protect Your Website From Hackers" may leave you scratching your head on what this actually is and if it's valuable.
This explains in more detail what we are doing on your sites we proactively protect, as well as cover some of the common questions people ask about it.
Here's What's Happening Behind The Scenes
1. Your Website Is Being Backed Up Every Day to An Offsite Secure Server:
storefrontIn today's day and age your website is no different to having a store front on a busy street. Just like you would have insurance on your storefront, backups for your website are the insurance that if something goes wrong you can rebuild quickly and easily.
That's why every single day your websites are being backed up offsite to our secure servers.
Is Automation Agency backups just a backup plugin like BackupBuddy?
No, even if you already have an existing backup plugin on your site we won't use that as there are a number of risks with this type of backup.
Firstly a plugin based backup like this usually stores the backup on your hosting, so if your site gets hacked one of the first things the hackers will go for is to delete the backups, it can also mean you run out of space on your hosting pretty quick if you aren't deleting these backups or storing them offsite.
Secondly, a plugin-based backup like Backup Buddy, adds significant performance load to your website and slows it down which impacts conversions and user experience.
Our backup platform backs up only the last changes, rather than a full backup every time. This minimises the time it takes to create a backup which reduces performance load on the website and makes for smaller backup files to be transferred offsite.
I already have a backup through my hosting company, why is yours better?
It's true some hosting companies do backup your website and they are good to use as extra redundancy but are not something worth relying on them for all situations as they work in a fundamentally different way to how our backups work.
Hosting backups are "state" based backups
This means to restore the site it rolls back the server to the point in time at the backup point entirely losing all files & data that changed after that backup point. For example, you would lose, new users, new order entries, form submission records, blog posts etc...
Automation Agency backups are "change" based backups
This means our backups allow us to restore individual database tables or individual files that have changed making our restores more precise and able to avoid data loss.
If we need to restore a specific plugin, a specific version of a file, or a specific page etc... we easily can.
This means we can fix rather than restore in many cases
The change-based backups allow us to see what has changed between each backup so if you know a problem started 7 days ago, we can backtrack what database tables and files changed to find the issue and fix that issue avoiding the need to restore the site at all in many cases.
2. Your WordPress & Plugins Updates Are Being Researched, Tested & Updated:
Wordpress is a great platform due to its flexibility of installing new plugins to add features.
The problem with this is just like software on your phones and computers, if you don't keep them up to date they can have vulnerabilities and compatibility issues.
If left not updated these vulnerabilities can allow hackers to gain access to your site and bring it down or install viruses on your visitor's computers. (That's not good for business!)
My host says it updates WordPress for me, isn't that enough?
Some hosts can automatically update your WordPress version for you. However, we recommend people turn that feature OFF.
detectWordpress updates performed by your host are fully automated updates that simply detects a new version of Wordpress is out and update the site at their predetermined time giving you no control over when it's done this can and often does result in breakages (especially if plugins haven't been kept up to date).
Our approach to updates is different...
Our security team before we roll out any new WordPress update first research for conflicts with your installed plugins to minimise the chance of a breakage occurring after the update.
Once research is conducted, if an update is approved, the update is manually done and monitored the whole way allowing for troubleshooting and quick restores when necessary.
We also do something that hosting companies don't do...
Hosting companies auto updates only update Wordpress (what's known as Wordpress Core) they don't however update any of your themes or plugins.
This is why often the auto update creates breakages as the plugins need to be updated for compatibility.
Our security team regularly scan your site for plugins with updates needed, then we research the updates to see if any of them patch known security vulnerabilities, and if they do, we then roll out the update within 48 hours of detection.
This means your site is never left vulnerable to a known security hole from an outdated plugin.
Then for other plugin updates that are more feature-based rather than security or compatibility, these get scheduled for review each month for research and testing before being updated to avoid site breakages.
Not all updates are created equal, you shouldn't just click Update All...
Our focus is on ensuring the Security of your website, over functionality enhancements, which is why you may see some updates left waiting for a few months.
As mentioned before any plugin update that contains a fix for a known security vulnerability is updated within 48 hours of it's release, we do this to ensure your site is kept protected.
However any other plugin update that doesn't contain a security fix, is left for review each month. We do research, and testing and only once our Head of Security has signed off on an update is it allowed to be updated.
This is because many updates can in fact introduce new security vulnerabilities, or break existing functionality due to compatibility issues or poor coding in themes etc..
If you see a plugin not updated for a few months it likely means the plugin has a compatibility issue, or our research has us wanting to hold off on the update.
You of course can at any time override our standard pro-active process, by sending in a task to request to update all plugins.
Can't I just go in and click "Update All" on my plugins myself?
Technically yes you can. And maybe 80% of the time you might be ok and nothing happens. It's the other 20% of the time though you should expect that doing this breaks something, or even introduces a new security vulnerability that gets your site hacked.
We've also found that most businesses who say they will do this themselves, don't do it on enough of a regular basis to actually mitigate the business risks, and then lack the skills to troubleshoot when something goes wrong.
What's Covered Under the Protect Plan:
- Threats/Vulnerabilities: We patch vulnerabilities in your WordPress core, themes, and plugins as soon as they are detected to ensure your site remains protected.
- Basic Updates: Simple plugin and theme updates that don’t require significant changes.
- Basic Troubleshooting: Any basic troubleshooting for issues within the scope of security updates and protection.
What’s Not Covered Under the Protect Plan:
- Major Plugin/Theme Replacements: If outdated plugins/themes require significant replacements, these are not covered under the Protect Plan and would need a project plan.
- Full Site Rebuilds: This requires a separate, larger project and is outside the scope of the Protect Plan.
3. If your site does get hacked, we'll fix it for FREE (Often Without You Having To Ask):
Our job is to proactively protect your site to ensure it doesn't get hacked and we do a really good job.
Unfortunately, sometimes hackers are better. If this happens 95% of the time we'll detect it before you do and we'll fix the issue without you even knowing there was an issue until you get the email from us letting you that we fixed the problem.
If you do notice it first or your site is already hacked before you joined our service you can simply send in a security task to have us get the site cleaned up as part of your Concierge membership, instead of paying the usual hundreds of dollars to a company to get clean up who leave the site clean but often missing data.
4. Your Site is Regularly Evaluated & Optimized for Performance Improvements:
The Internet is getting faster, and we're using more and more advanced elements on our websites that use more and more data. Yet research shows that if your website is slow then conversion rates go down.
For your business to remain profitable you want your website to be fast.
Our Security Team are regularly evaluating your websites for ways to improve performance. That may be changing a setting on your hosting, it may be recommending a different plugin, it may even mean recommending switching to a new host (like the Automation Agency Speed Optimized servers).
You're busy and so we regularly just do this behind the scenes without bothering you, unless it's something we need permission on like changing a plugin or changing hosting.
5. Your Websites Can Be Hosted On Our Speed & Security Optimized Servers (100% Optional):
By now it should be clear that the speed and security of your wordpress site is critical to your business in todays age. Often the biggest factor in the security & performance of a site is in fact the hosting provider.
That's why we include hosting of your websites on our Speed & Security Optimized servers as a complimentary bonus for all our Concierge members whose websites meet the requirements.
It's completely optional, but highly recommended if you're on a low-cost hosting like Bluehost or similar.
If you're currently a member and want to have us host your sites, send in a Security Task requesting migration to Automation Agency servers.
6. Your Sites Are Monitored 24/7 for Downtime & Escalated To Your Hosting Company:
Most downtime events on a website are related to a hosting issue. We are monitoring your websites online/offline status 24 hours 7 days a week and receiving alerts when an issue occurs.
If we see an issue recurring with constant downtimes and then uptimes again shortly after, we start a dialog with your hosting company on your behalf to investigate the issues before making a recommendation.
If downtime occurs and your site is still down, you should definitely report it to us, but there's a good chance we are already aware and working behind the scenes on a fix.
The Big Question... Can I Do This Myself?
It's the big question that often comes up when evaluating our proactive security services, could I just do this myself, or have one of my staff members do it.
Yes, you could. Just like you could do your taxes yourself, or your electrical wiring yourself.
Like your accounting and electrical wiring work though it's easier and safer to just leave it to the experts who do this all day every day.
In this case, that's us :)
You and your team can stay focused on high value activities you are experts in, and sleep soundly knowing your online storefront and ultimately your business is protected.