Web application maintenance is vital to the health and security of not only your website, but your entire hosting account. Not only does this directly impact your security but also your reputation on the Internet. Failure to maintain web applications is one of the leading causes of hacked sites. A hacked site sees a negative impact on their Search Engine Optimization (SEO).
Generally, a web application is a type of application that is accessible over a network and usually uses a browser as the primary interface. A more in-depth explanation can be found on Wikipedia, but that is beyond the intended scope of this post. Web applications can come in many flavors and purposes. Some are designed to help you manage and display content to your visitors. Some are used as shopping carts to help you display and sell your products. Others are designed to display content in a gallery format. In the next section, I include a list of many of the popular web applications.
One reason new versions of applications are released is because new features are added. That’s usually the first thought that comes to mine when you hear about a new version: What was added? Sometimes a new version is released and nothing obvious appears to have changed. Chances are, that version was released to patch one or more security vulnerabilities. Most applications include a change log file; reading it will explain what has changed from one version to the next. To help illustrate the importance of these upgrades, I have compiled a list of some of the more common web applications and their corresponding advisory listings at the popular security site, Secunia:
- Coppermine Photo Gallery – Gallery
- Drupal – CMS
- Joomla – CMS
- OpenCart – Shopping Cart
- osCommerce – Shopping Cart
- phpBB – Forum
- SMF – Forum
- vBulletin – forum
- WordPress – CMS
- Zen Cart – Shopping Cart
You will notice that many of the advisories listed have been resolved by installing the current version. While hosting account security hinges on many aspects of your account access, up-to-date software goes a long way towards keeping your account secure. There are also several tutorials available to suggest configuration changes to make your applications more secure, here are two to get you started:
- Joomla
- WordPress
The very first thing to do is to backup your site. It is imperative you back up your own site before every major change. Do not depend on the hosting company’s regularly scheduled backups! What would happen if the hosting company’s regularly scheduled backup occurs after you have made changes that did not have the desired effect – you would have nothing with which to revert.
Also, do not depend on plugins to handle your critical backups. Consider for a moment: All of my backups use a plugin inside my application. After applying an update, access to my dashboard is broken. I cannot restore from my backup without dashboard access. This makes about as much sense as keeping the spare keys to your locker inside the locker. Sure the spare keys are safe, but you’ll never open the locker to get your spares if you lose your main key.
To properly backup the site, you will want to download a copy of your web files using an FTP application and also export a SQL dump of the active database. Both of these actions are outside the scope of this article, but check back in the coming weeks for more info. Until then, Google is your friend!
Once you have a solid backup, log into the application’s dashboard and update each plugin individually before attempting the core application update. This order is important as some plugins will need to be updated to be compatible with your application’s newest version. This can be time consuming, but it is worth the effort of updating one module at a time. If you succumb to the temptation to update them all at once and your testing shows some aspect of your site is broken, you will not know which plugin was the cause of the error.
When your testing is complete and all plugins are updated, then it is advisable to review your active plugins to ensure their compatibility with the core application’s update. Personally, I would make a backup of this configuration now. While not absolutely necessary, it will save you time if the core update breaks your site. Now follow the update steps recommended by your core application. Some have buttons to update within the dashboard, some require more intricate steps.
I like to take another full backup of the known good configuration after you have completed your updates of plugins and the core application.
Many web applications offer the ability to sign up for their newsletter. This is a great way to keep yourself appraised of updates and will help you to continue maintaining your site. Keep your web hosting account (as well as your visitors) safe!