Your website may be in danger
Since the inception of the internet, web hosting has been the backbone of the free-to-publish web. Conceptually, web hosting is simple.
A web host is simply a server that allows the public to access files; it is not so different from your office’s local network.
Over the decades, server requirements have expanded and now store more than just plain text and html files. Today, those files are content management systems (CMS), applications and a slew of programs that the modern business community can’t function without. Websites and online environments have become more powerful than ever, but the old hosting model hasn’t kept up.
If you are only paying for hosting and running a content management system, your website is not safe.
The normal model of grouping a lot of websites together on a server (shared hosting) and paying a company $10 to $20/month to make sure the lights stay on has no place in any business, especially a law firm. Even as cloud computing becomes the standard, there are still millions of non-tech savvy business owners trusting their uptime and security to ill-equipped companies.
Why CMS Hosting is Different
Any law firm succeeding online needs to be expanding and improving its website regularly. The best way to simplify this process is by using a CMS, like WordPress. With WordPress, content is stored in a central database that is accessible by users who have various sets of privileges. A law firm can hire a blogger and only give him or her access to blog post and page management while protecting the code and administrative tools. In this sense, WordPress offers more security.
WordPress is also expandable, with thousands of plugins, many of which are free. Chances are, if your site needs a feature, you can find a plugin to make it happen. But here is where your hosting company will let you down.
Hosting companies look at services running on the server. If your http (most web connections), POP/SMTP (mail), FTP (manual file transfers) or mySQL/Postgre (databases) function incorrectly, the host will detect the problem and fix it. If a WordPress plugin needs to be updated, the host is clueless. Even worse, if your WordPress theme or a plugin has a vulnerability and malicious code is injected into your site, your web host is unlikely to discover it.
If your hosting company does discover malicious code, the standard practice is to disable the infected script: your website. Now your website is infected and offline, and your hosting provider will tell you, “we don’t support third party software.”
Monitors and Mechanics
Popular CMS options like WordPress, Drupal and Joomla have all experienced security vulnerabilities. As open source applications, most of these vulnerabilities are discovered by volunteer coders and fixed (requiring an upgrade). Since version 3.7, WordPress does automatic updates for major releases, which has helped prevent widespread vulnerabilities from being exploited. But plugins are different, and a WordPress core upgrade can cause conflicts between the three components that make up your website: WordPress Core, Third Party Plugins and your Theme.
Scary as this may sound, you are still better off with a CMS than static html pages. You just need proactive monitoring and someone who can step in if something goes wrong.
The free WordFence plugin will help monitor your code, offer protection from brute force attacks and password guessers, and notify you if it detects changes in code (which could be an indicator that a hacker has injected malicious code into your site). IThemes Security is another alternative that offers similar protections. Premium versions of WordFence and iThemes Security are also available.
Even if all the right tools are running, the best solution is to trade in your hosting company for full site management. These services are $100 to $500/month and include server monitoring, WordPress monitoring, enhanced security, WordPress updates, Plugin updates and theme updates. Also, developers are available who can fix problems as soon as they’re discovered. Most providers also include a set number of hours for basic content updates and cloud backups and may also offer a CDN (content delivery network) to serve heavy media assets from a cloud platform to improve performance.
Website security and performance are too important to trust a standard hosting company. Full site management is a must for every law firm.