Saturday, March 23rd, 2019

W WebWorks by Terry Young
Open Source Web Site Woes



OPEN SOURCE WEB SITE WOES

Knowing where your site came from can limit unpleasant surprises



For any business owner with a web site, knowing exactly where your website came from and its potential flaws is imperative if you want to avoid sudden shocks. One of the biggest issues I try to draw clients' attention to is the overwhelming number of web designers who simply resell free 'open source' website software, such as WordPress, Joomla, Drupal, Magento, and many others.

What is open source? Open source software is usually free software for which the programming is available for anyone to examine and change.




Because it is free and has easy setup instructions, open source is used by the majority of web designers, even larger web companies. It requires less work and limited knowledge, but provides a fast profit.

Also, unlike most products, there is no actual company directing the software; it is primarily maintained and added to by a community of volunteers.

In an ideal world, the helpful community approach philosophy is great, but in the real world not everyone is so noble. As such, the very nature of open source adds considerations that a business owner needs to be aware of.

1. Slower support and more costs. Because the software is made by so many people, each with different skill levels and programming styles, issues obviously arise.

At the time of writing this, WordPress has 3,309 open bugs, Joomla has 7,857, and Drupal has around 13,350.

Furthermore, any features or plug-ins you want to add, such as a cool image gallery or event calendar, will come with their own set of issues.

Since a web designer only has to download and follow some instructions, they don't have to understand what any of the code actually does, this creates a large knowledge gap should something happen.

If your site just plain crashes or is hacked, there is no quick-fix professional web development team to call for help. The site will have to be shut down while your designer goes back to where they downloaded it to see if the issue has been reported and has instructions to fix it.

If a particular bug has been solved, the designer needs to follow instructions on how to fix it. Of course they will expect you to pay them for their time.

If it hasn't been reported yet, the designer will have to submit a bug report and wait several days or weeks for someone to look into it.  If your site generates income, being offline for repairs can be costly.

2. Security Issues. I often ask prospective clients this:

How comfortable would you feel if you knew that the diagrams for your
property's security system and details of every flaw in
that system were posted online for local burglars to study?

Because open source users need somewhere to research and report issues, any bugs and security flaws are posted online for everyone to see, including hackers.

This is why open source has become an easy target for hackers. They have all the time in the world to go through the bug lists and see if there's a way a bug could be used to gain access to a site.

The irony here is that while the web designers who sell open source don't need to know exactly how the site functions, they just follow instructions and collect the money.   The hackers on the other side will spend the time going over the source code line by line to find any possible weaknesses.

There are websites and forums online solely dedicated to hacking open source sites. If a site is hacked, the hacker will share the site URL and how they gained access so that other hackers can try also. This means that even if your site is hacked and then fixed, you will be on the hacking community radar and have other hackers prying at the door.

3. Reputation effects. If you are unlucky enough to have a site that is hacked, there are more long-term consequences besides inconvenience or loss of money. Your business reputation can be affected also, depending on what a hacker does.

If your site is hacked and used to send out mass spam emails, chances are your email addresses will be added to a global spammer blacklist, and you will have difficulty sending out legitimate emails for a while.

If your site is used to distribute viruses, you will be blocked by the searches as a malware site and, if not banned completely, have to fight to regain any search results.

What can be done? The obvious safest solution is to avoid the products I have mentioned. If you already have an open source site, you need your designer to check at least weekly for fixed bugs and to apply any fixes and security measures to your site. While this will cost you more money, it is the best thing you can do to avoid possible issues.

If you are interviewing a web designer, ask which product they will be selling you and see if it's a product I have mentioned.

Being Proactive. Even though we do not sell open source sites, we still keep up with their security issues just to be aware of the techniques hackers are using.

With this knowledge, we have coded our sites to detect if someone is trying to hack them in the hope that we may have used WordPress, Joomla, etc., when creating the site.

If a hacker does try to gain entry to one of our clients' sites, the site lets us know what they were trying to access and blocks them immediately from the server, thus protecting our clients.

If you have concerns with your web presence, now is the perfect time to look into our WebUpdate system sites, which take advantage of advanced marketing, SEO and promotion features to give your business the best competitive edge online.





Terry Young is the founder and CEO of Internet Marketing and Design,
the award winning web and multimedia design agency in Chesapeake.