It would be great if a website could be left alone to do its thing, once a good host is chosen and the site has been deployed. Unfortunately, that’s rarely the case, with hackers and the possibility of service affecting issues never far away; for any valuable website, whether it is making money or simply a labor of love, there are some realities that you ignore at your peril.
Read on for an overview of three essential things that every website owner should be concerned with, and how a system we developed at ionCube called ionCube24 can help.
Essential #1 – Service Monitoring
A professional website and support services need to be working 24×7 but things can easily go wrong; human error, software bugs, hardware failures and running out of resources such as disk or memory are just some of the causes of intermittent or permanent website failures. Cloud providers always boast impressive reliability guarantees but even using a big brand is no guarantee against problems as these events from 2016/7 showed:
The reality is that most visitors won’t report problems, and constant manual testing 24×7 is infeasible, so automated Service Monitoring is essential. The quicker you’re aware of a problem the sooner you can get it resolved, or minimize the impact if it is out of your control and chase those who need to fix it.
Unlike a simple ping test, ionCube24 uses protocol-based monitoring that can be from different regions around the world, and multi-region fault confirmation to avoid false alarms. Using protocol testing ensures that a service is doing what it should be doing and not just that the machine it is on is alive.
Adding a new monitor
Monitor summary charts appear on a default overview page, and you can drill down for a more detailed view, turn individual monitors on and off and adjust their settings as necessary.
Detailed monitors view
Essential #2 – Error Detection and Reporting
Your website may be alive, and thanks to service monitoring you’ll know if it isn’t but is it working correctly? Did the last site update break it? Are there problems with a plugin? Is something going wrong behind the scenes?
Errors are inevitable from time to time, and knowing when they occur is essential as they can impact performance, cause a bad visitor experience, damage business reputation, and trust, and ultimately hurt revenue. Sudden website errors may also happen when hackers send unexpected or malformed data, which happened with the latest WP Security Audit Log plugin giving PHP errors on one of our blog sites recently, highlighting both an attack attempt and deficiencies in the plugin.
Error monitoring is therefore essential but getting PHP error handling correctly can be confusing. PHP errors should be recorded in a file but a site may be configured not to do so, logging can be masked in PHP code, and it is not unheard of to be looking at the wrong log file and thinking that all is fine.
Section from Error Overview
Essential #3 – Security & Malware Protection
Maintaining a secure website is one of the hardest challenges and our 3rd essential. Risks to a site from attack include site defacement, data destruction and planting undiscovered malware to steal sensitive data. Security should be a top priority yet sites get hacked all the time, so either site owners are doing nothing about it or the tools they use aren’t working or effective.
Website scanning tools that warn of using outdated plugins with known vulnerabilities are popular and it makes sense to use them, but many do nothing to actively improve security. All too easily the extra work for a site owner can get ignored or forgotten. Currently, unknown vulnerabilities are also unlikely to be detected and reported, and a scanner may not detect evidence of a past attack either.
ionCube24 takes a different approach by utilizing a low-level plugin for PHP to actively prevent PHP files with unexpected changes from running and causing harm. Arbitrary File Upload (AFU) vulnerabilities are a common source of attack but no matter how a hacker manages to plant PHP malware, it can be blocked by ionCube24 when they try to run it. A web control panel makes it easy to briefly disable protection while making a site update, and this can also be done via an API call for automated deployment.
Simple on/off control for security
Detected issues are reported in real time via the web interface and an alerting mechanism and files can be unblocked if required.
The impact on the success of attackers is significant, and an essential weapon to have in the fight against the bad guys.
Getting Started with ionCube24
The 3 essentials in this article are all important areas to take care of when maintaining a website. ionCube24 can take the role of your systems admin, monitoring, tracking errors and blocking malware, and whether you’re at your desk or not, it is always doing its job.
Sign up at ioncube24 and just enter your website address to get started.
ionCube24 will start monitoring the web server plus DNS and Mail servers associated with your domain right away, and other monitors and tools such as security and error reporting can be enabled as required.
Choosing an integrated system is cost-effective, avoids the inconvenience of multiple logins to different systems with different interfaces, API’s and so on.
The issues highlighted in this article can come at any time of day whether you are ready or not. If your website is valuable to you, ionCube24 has tools to assist in keeping informed.
Disclaimer: This is a guest post by ionCube Ltd. The opinions and ideas expressed herein are author’s own, and in no way reflect Cloudways position.