A General guide to Safe Website Updating

Regular website update is recommended for security and improved website performance and will also keep your site from penalties such as suspension and deactivation by your web host. Definitely, before a new version of software is released, there are some bugs and improvements that are fixed on the older version. The new version is expected to be better and more user friendly than the old. So running a website update is not suppose to be optional but a highly recommended practice.

You will also want to read:

Common Causes of Website Suspension and Deactivation
Frequently Asked Questions About Phishing Websites
Glossary of Web Hosting Terms
How can i check the speed of my website?
How to Address Excessive Resource Usage on a Web Hosting Account

On one of the client websites hosted on Todhost, we have found that the website had been updated to the latest software version without a corresponding update on the modules, plugins and components. This created a functionality issue for the database as some of the plugins are not compatible with the newer versions of the software.

The client runs on Joomla and you will remember that Joomla had made public some bugs which has forced nearly over 90 percent of users to upgrade to a perceived safe version. At Todhost, we have been designing with Joomla for over 6 years and we have also been compelled to run upgrades given the alarm raised about the security of running an outdated version.

How Does This Problem Affect You

  1. This kind of problem could occur if you have setup your website using custom setup or installations or you have installed some third party extensions for some reasons. So there are four considerations you need to make before deciding on running an update for your software Do you have some custom extensions that would require update following your new and planned upgrade.
  2. Is your website dashboard showing that there is need to update extensions - plugins, modules or components?
  3. Will there be need to change some settings, say php settings, to get your new installation to function properly and will these changes affect the functionality of installed extensions.
  4. Will your upgrade be compatible with your website templates?


Also read:

How to Avoid a Website Suspension
How to prevent your website from a hack
On-Page and Off-Page Search Engine Optimization - Keys to SEO Success
Web Hosting Options to start your online business



What's The Safe Approach


You will simply need to check up updates for your extensions - plugins modules or components and be sure there is no extension requiring an update. If you find any, simply hang on and do not continue with an upgrade of the core installation. Ensure that you have access to the latest version of every extension on your database before you proceed.

Updating a Content Management System

If you run a content management system (CMS) like WordPress or Joomla, there is need to keep up with latest updates. Most CMS will notify you on the dashboard about available updates. But there are some plugins and extensions that will not reflect compatible updates. For instance, you could have a developer who has become busy and not having enough time to improve on a plugin or extension. The effect is that overtime, the core software undergoes updates and the plugin or extension will eventually become incompatible with the current version of your software. This is the most common cause of WordPress and Joomla vulnerabilities exploited by attackers. It also apply to other software and applications. The bottom line is that updates are extremely important.

What If Updates are Not Available?

It is important that if you run plugins and extensions, you should have time to visit the developer's website to see if there is a new version. If there is none, find out if development on the software has been discontinued. If your website software has not been undated for u to one or two years at most, we recommend you look for an alternative. This can be real problem if the software or application dorms the bedrock of your business and underscores te need to check developer history before choosing a software that can be difficult to substitute.

What About Old and Outdated Extensions?

Yes! There are extensions that have not been updated by the developers and they have become outdated. You will simply need to uninstall all such extensions and install an up to date extension. Outdated extensions can create complex problems including a white screen of death error, spam email sending, high load issues and even a hack can be possible with a bad extension. Be careful in choosing extensions from the outset and it is recommended that you look up user reviews before you decide on any extension.

Monitor Updates on Your CMS

Joomla

The latest version of Joomla will display updates on the backend dashboard. This will alert you on any latest updates regarding new version releases and extensions that need to be updated.

WordPress

Sometimes you may know that a theme or plugin has an update available, but you don’t see it in your dashboard. This tends to happen more with commercial themes/plugins that rely on their own update systems.

If this is happening to you, there's a simple way you can force the update to show. To force an update check, install and activate the Force Plugin Updates Check plugin. This plugin works for both plugins and themes. Once activated, hover over the updates icon in the toolbar, and click on the new Check for Plugin Updates link. The page will refresh and any available updates will be found. It's as simple as that.

Other CMS

There are procedures to update all other Content Management Systems and you need to follow the recommended path to perform relevant updates.

How to Identify a Bad Plugin or Extension

Here are some simple guides to identifying a bad extension.

  1. Test it on a trial site. May be you can use localhost to test it and see how it performs.
  2. Be weary of requests to do a favorable review before you can download and install. In fact any request for a review for a review before you can download or use or have access to certain functionality should be suspicious and we will recommend you drop such extensions.
  3. Check up user reviews for any extension you intend to use. This is the most reliable way to know how safe it is to use an extension. Be mindful of functionality complaints and separate it from complaints about not getting the expected support. Most free extensions do not come with regular support and so poor support for any free extension will be sufficient basis to discredit the extension.


Know How to Un-Install a Bad Extension

It is pretty good to arm yourself with this knowledge. Sometimes, you need to unstall a bad or malfunctioning plugin and you find that you just can't do it. You will need to know how to do it manually. Generally, all un-installation of extensions should be possible within the backend dashboard area. It does not matter the script involved, WordPress, Joomla, Magento and a lot of others. You can uninstall them from their backend.

But there are actually times when you find that unistalling them from the admin area is just not possible. This happens with bad extensions and your solution will be to do the un-installation manually. Follow these steps to uninstall an extension manually. Please note that the suggested steps do not always apply to all website development scripts. They will apply to WordPress and Joomla and a whole lot of others but definitely not to all of them. Now, follow these steps to un-install an extension manually:

  1. Locate the folder into which the extension had been installed. It could be in the plugin, module or plugin folder.
  2. Open the folder and locate the name of the extension. You will have to be very sure of the folder name so you do not do damage to another useful extension.
  3. Rename the relevant folder name once you are able to confirm it is the folder you actually desire to disable.

Website Security Issues

Now, we have recommended that you be mindful of updating when you are not sure of having everything updated. We have also noted the risks associated with running outdated plugins, modules and components. It has also been said that running updates can affect the functionality of templates and other aspects of your website.

So, essentially, when running custom plugins, modules and components, the safe path appear to see how one can stay safe with current versions. A classic example will be a situation where you have bought a WordPress template which includes the full installs and custom plugins. After a period, your subscription runs out and do not see the need to renew or simply does not have the means to do so. How do you now manage the newer updates on WordPress?

Website Security Suggestions

There is one approach we have used to strengthen the security of websites which has helped to keep all the websites safe from external intrusion or compromise. We have used a small file called the .htaccess file.

With the .htaccess file, we have been able to use the rule for access restriction to protect every folder to which we do not want to allow public access or we feel that allowing access to them could a security breach. In some cases, we have restricted access to all folders apart from the image folder.

Below is a sample code you could place in the .htaccess to secure it from unpermitted access:
order deny,allow
allow from 28.206.
allow from 20.74.121.102
allow from 308.74.121.106
allow from 108.74.120.227
allow from 180.229.24.78
allow from 19.211.
deny from all

When you create a.htaccess file in each folder and place these codes in it, you actually deny access to the IP addresses not listed in the code. That way, unpermitted access is not allowed.

General Security Guide for Every Website

1. Be password-savvy: This is an issue that has been re-emphasized over and over again. If your password is still “Password@123, it's time to get serious. Create unique codes for each of your accounts, and make sure they're at least 8 characters long (with a few special ones thrown in). I suggest you use the cpanel password generator if you have access to your website control panel.

2. The security of your email is as important as that of your website. This is because every website is always linked to an email address. Ths is one key area that has been neglected but it's as important as the other items. However, it should also be mentioned that most website hacks have not been linked to weak email passwords. I will still recommend you take your email security important to be protected all round from those who will go all out.

3. Encrypt emails and valuable information. If a hacker does breach your system, encryption makes it that much harder to get away with critical data. Voltage, DataMotion, and Proofpoint are industry leaders worth checking out.

4. Back up your data: Copying your key company data onto a cloud-based system, such as Dropbox or OneDrive, or a USB hard drive takes minutes, and will save you time and anxiety if your system is ever compromised.

5. Maintain updates: This is an aspect that had been neglected by many. It is important that you check for updates daily on your most critical websites to be able to take action as quickly as possible once there be need for an update. Always ensure that your keep your website up-to-date especially if you run a content management system. Keeping your system updated with the most recent software updates will help you overcome exploitation associated with discovered vulnerabilities.

6. Finally, you will need to check up specific security suggestions associated with your website design tools so that you can implement relevant security advises. The popular website design tools are WordPress, Drupal, Joomla, Magento, OsCommerce, (not in order of popularity). Check specific security guides for these applications to stay safe.

Hope this post was helpful. Please share with others using the Facebook, Twitter and other social sharing links on the page. Remember to share views and suggestions in the comment box below.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Glossary of Web Hosting Terms

Here is a compilation of the glossary of someof the common terms used in the web hosting...

How can i check the speed of my website?

Site speed has become a very imperative variable in light of the fact that it improves client...

Frequently Asked Questions About Phishing Websites

Phishing is a very common cybercrime in which a cybercriminal contacts his targets by email,...

Re-Emphasizing the Todhost Web Hosting Advantage

Web hosting like every product has some downsides which leads to dissonance issues after purchase...

On-Page and Off-Page Search Engine Optimization - Keys to SEO Success

This week, we will dwell on Search Engine Optimization (SEO) and we will be talking about why...

Powered by WHMCompleteSolution