If you’re someone who builds websites for clients, you’ve probably learned that offering (or requiring) monthly maintenance contracts is smart business. This ensures a steady income stream you can rely on and helps with financial forecasting. It’s likely you’re including core software, plugin and theme updates as part of your maintenance plan, but are you including website security as part of your project proposal and scope?
In the scope of the project, the security of your clients’ websites is often not a priority or at best, it’s left as an optional add-on for the client to consider after going live. You know that a strong website security plan is important but the value of security can be difficult to explain to the average end user.
In this new blog series, I’ll cover simple website security best practices that you can implement immediately for your own site, and those of your clients. In addition, I’ll also offer advice and examples on how to best present the importance of website security during the proposal, scope, and maintenance package stages to your clients. Not only does this ensure your maintenance plans offer the services every website needs but also presents an additional revenue stream opportunity for your business.
As indicated by the title of this series, I’ll focus on how to communicate the importance of security to your clients, how to build security into your projects from day one, and some simple security best practices. My goal is to make your job as a web development provider easier while also showing you opportunities for more revenue from your projects.
I’ll be doing deeper dives into the following subjects in the coming weeks.
To kick off this series, I’d like to talk about why securing your own site is a good first step. It may be obvious why protecting your own website is something we should all be doing. But when put in the context of the business of building websites for clients, there are a few more reasons which may not be as apparent.
This applies to any website, not just web development providers. Website hack attempts happen all day, every day. Security becomes especially important when YOU are the one providing the website building service.
A successful attack on your site could directly impact your revenue, tarnish your reputation, and degrade customer loyalty. What if I were searching for “website development in Tampa” and came across a provider site that showed a search engine or browser warning of “this website may be unsafe” or something similar? What am I going to do? The answer is obvious, I’m going to leave that site immediately. What are the consequences? I won’t try to contact you, you won’t have the opportunity to give me a proposal and even worse, I’m probably going to associate your brand with a negative thought. “They build websites but their own website is hacked?” Hmmmm.
If you’re not doing so already, I urge you to implement website security and the best practices that come with it.
Reflecting on my own past experiences, I’ve made the mistake of recommending services to clients that I hadn’t tried for myself, and the service didn’t do what it promised. This naturally caused concern with the client and I ended up spending more time finding another solution.
This is why I suggest we all “eat our own dog food” and actually use the services we’re suggesting to others. It’s also a great way to continue building that reputation I just mentioned above.
Another reason to secure your own site first is directly related to protecting your reputation. As a web development service provider you have many goals, but first and foremost should be protecting your own business.
I’d like to take a moment to tell you a short story of how I ruined my first online businesses. At the time I didn’t know much about website security at all. I didn’t realize the importance of it and I didn’t do anything to protect my business.
In 2007, shortly after discovering WordPress Multisite (a separate code base at the time), I created a free blogging platform for independent artists. Within a year I was fortunate enough to have thousands of active users and was successfully monetizing the service by offering upgrades for additional features.
And then it happened. My website got hacked. I immediately started learning all I could about malware and how to clean a hacked website. If you’ve ever tried to clean malware from your own website, then you might know just how overwhelming and difficult it can be. This is especially true for someone who previously knew nothing of website hacks and malware, let alone the specific steps on how to clean it up.
After spending weeks trying to clean the site, and continually getting reinfected, my customers become angry and impatient, and rightly so. The refund requests and cancellations came in fast and furious, and I eventually closed the business.
This is an extreme example of the need to protect your own site, first, but it was also the reason I dove deeply into the subject of website security. Building sustainable internet businesses is my passion, and so is sharing my experience and knowledge to those doing the same.
Website security should be front and center for every business, starting with your own.