Once you’ve selected a reliable and secure web host, you need to decide how you’re going to build your website. For many small business owners, it’s easiest to outsource the building of their website, since most people don’t have the expertise to build high-quality websites themselves. That means many small business owners don’t give much thought to how the site is built as much as how it looks and functions after it’s done.
This is sort of like hiring a construction company to build your house and not asking about the quality of materials or requiring them to get the necessary permits to ensure it’s built properly.
When outsourcing the construction of your website, make sure the security of the platform it is built on is taken into consideration.
While no website platform (such as WordPress, Joomla, or Drupal) is perfectly secure, some are easier to secure than others. Ease of use is a huge factor when securing a website. If it’s hard to install vulnerability patches on your website, then chances are good that you’re not going to patch it very often (if ever).
For instance, with Drupal, patches need to be applied through FTP unless you install a module like Drush. However, Drush is a command line program, which means you have to get to the command line of your web server and then you need to enter the right commands to install the patch.
Whereas, with WordPress, you’ll be told that a patch is required when you login, and you apply it by clicking on a button.
It’s pretty clear to me which of these platforms is easier to keep secure, but the choice is up to you.
I’ll talk more about patching a bit later in another post, but I wanted to bring up platform security now so you can think about it when your website is being built. If you’re outsourcing the construction of your site and you don’t clearly require which platform the contractor should use, you might end up with whatever their favorite website platform is, whether it’s particularly secure or not. If they have a preference for how to build your website, have a conversation with them about the security of the platform. Ask how secure it is and if it’s easy to maintain the security (especially patching).
Because unless you have someone other than yourself who will be keeping the site secure, then the responsibility will fall on you once the site is finally built. If that’s the case, you’ll want the security work to be as easy as possible.
Photo credit: sirmildredpierce
