3 Things to Extend the Life of Your Website

There are lots of things that you can do to extend the life of your website from the very beginning; allowing it to run fast and reliably while also being safe from malicious attacks. However, there are three forgotten areas that you should be concerned about when developing a new site; security, stability, and performance.

Let’s discuss some aspects of each area and how they can increase the safety, reliability, and performance of your website.

Security

When most people think about web security, they think about someone hacking into the site and stealing customer data. However, this is not always the case. Sometimes hackers want to use your web server for other types of illegal or unethical practices such as setting up an email server to forward spam, using it to host illegal files or even illegal Bitcoin mining–just to name a few.

There’s nothing worse than having your website infecting your customer’s computers. Not only will Google mark your website as malicious but other filtering and antivirus services will blacklist your website and block their users from visiting it. From being blacklisted as a spammer to having your hosting provider completely shut you down – there’s no good outcome.

The cost of clean up can vary depending on how complicated your website is, the type of infection, and the quality of your backups.

If you are storing customer information, you may need to contact your insurance company and potentially report the breach. It’s a mess no matter how you look at it.

Below are some of the methods you can employ to reduce the risk of your web server being hacked as well as some overall best practices to prevent your server from being misused.

1. Prevent SQL Injection Attacks

If you use a data store that takes advantage of SQL and you use SQL directly in your code, then you could open yourself up to the possibility that a hacker will send malicious code that can cripple your site and/or corrupt your data. The best way to prevent this is to use structured parameters in your Transact SQL code. If you are using Microsoft SQL Server, you can also choose not to use open SQL in your code at all. Instead, you can use stored procedures that use formatted parameters. This will prevent random statements from being executed, and it will also be much faster since your SQL will be precompiled on the server.

2. Avoid Detailed Error Messages

If an error occurs, resist the temptation to use them as debugging tools. Handle the errors gracefully by giving the user a vague error statement and provide them navigation back to the homepage or the page they were on previously. Giving away too much information can give hackers what they need to exploit your site.

3. Prevent Cross-Site Scripting Attacks

Limit and evaluate comments and other forms of input submitted by users to guard against JavaScript injection attacks. You can set attributes through parameterized functions similar to the way you prevent SQL injection attacks. You can also employ the use of Content Security Policy to limit what types of JavaScript that can run in your pages.

4. Use Client and Server-Side Validation

Validate user input on both the client and server levels to make sure that malicious JavaScript wasn’t inserted between when the request was sent from the client to the time it arrives at the server.

5. Use HTTPS

Encrypting the traffic between the user’s browser and the server using SSL is always a good idea when the potential of transmitting sensitive data exists. This will prevent hackers from grabbing and deciphering the data as it is transmitted.

6. Use Two-factor Authentication to Log In

Using two-factor authentication to log into the management area of your website. Two-factor authentication essentially not only a username and password but potentially a continuously changing token/PIN or some sort of additional validation (i.e. a prompt on your cell phone) to verify it is you. Even if someone has your username and password, they can’t get in without the extra piece of information.

7. Keep Your Software Up to Date

In this day and age, you should be using a content management system (CMS). If you have an admin area you log into to manage content, then you are using a CMS. The CMS provider regularly provides updates to their core system, and various vendors provide updates to their plugins. Some updates add functionality, but many of the updates in between are primarily to fix security holes. If you don’t keep your system up to date, you are leaving yourself open to known vulnerabilities.

8. File Change Detection

You can run scripts on your server that notifies you of any changed files. There are some files that shouldn’t change often or at all unless you install an update. If you see that file change, you should be on high alert to find out what changed and who changed it. This is essentially a canary in a coal mine – it’s an early detection system.

9. Limit the Number of Login Attempts

Most systems these days can block an IP address if it has failed multiple authentication requests within a given period. Hackers have scripts that try different combinations to get in. If your website allows someone to continue trying, they may eventually get in. If you limit their ability to try new combinations, you may be able to keep them out. An example ruleset may look like five failed authentication attempts within a three minute period makes the user wait 15 minutes before allowing them to try again. You could even block their IP completely after a certain number of attempts.

10. Think in Layers

Consider someone picking a lock only to be met with another door with another lock. You can protect your website directly, but you should also protect your web server. You can use hardware or software firewalls, DDOS prevention systems, IP filtering, standard port changes, and malware scans to add an extra layer of protection.

Stability

Stability is a hard thing to define. There are lots of things that you should be aware of during development to make your site perform reliably and be more stable, such as cleaning up user sessions, guarding against memory leaks and managing garbage collection. There are also things that you can monitor for stability after the site has been deployed, like:

1. Clean Code

There is no replacement for clean code. Not only will it be more efficient, but it will be easier to track down bugs as well as easier for a new developer to understand. Code with no architecture or “spaghetti code” as we call doesn’t define code in a way that is separate and understandable. Instead, it is all mixed together and potentially duplicated in different areas of the site. There’s not much you can do with a site like this.

2. Load Testing

You should be utilizing cloud-based load testing tools if your website is expected to function under heavy load or heavy load spikes. You can create load simulations to see how your website performs under different scenarios. Make sure your testing environment matches your production environment.

3. Customize Memory Limits

If you have your own server make sure that your site’s memory limit is set to match your sites requirements as well as the resources of your server. You don’t want to make the website run on too little memory, but you also don’t want to allow one connection to use up all of your memory.

4. Cross Browser Testing

Stability is in the eye of the beholder. Make sure you test on the most popular version of Internet Explorer, Edge, Firefox, Chrome, and Safari. There are automated cloud tools to help you but adding manually testing never hurts.

5. Your Web Server

Are you using a dedicated server or a shared server? With a shared server, you are sharing the server’s resources with other websites. Although there should be limits on how many resources one website can use, we have seen servers at bulk hosting providers that may have hundreds of websites on one web server.

Performance

Not only do you want to make sure that your site is reliable and stable, but you also want it to be fast and easy to use. Below are a few of the things that you should monitor to make sure your site performs at its peak potential.

1. Full Page Loading Times

Measure the time it takes to fully load different pages. Especially measure the ones that contain linked content or things such as embedded content, large images or pages that query a database to pull in content. There are many tools out there to measure page speed. There are various factors to review such as first-byte time, DOM load, the overall file size of the website, compression, image optimization, caching, etc.

2. Geography

Try to test your site’s performance from different locations to make sure it isn’t slowing down in specific areas. This may have to do with the number of switches, networks, and servers someone goes through to get to your site. One solution is to use a Content Delivery Network (CDN). A CDN essentially caches copies of your website and places them on POP locations around the world, which then reduces the number of switches and servers your user has to go through to view your content. The network is set to come back to your main website and look for updated content.

3. Dedicated Resources

The cost of dedicated cloud servers has been going down. For the extra amount paid, you are essentially asking your provider to dedicate a certain amount of resources for your web server regardless of whether you are using it or not at that particular time. You are giving your website some breathing room instead of having it compete for resources.

4. Network Latency

Make sure to choose a reputable hosting provider. You can have a beast of a web server, but if their network has high latency or packet loss, your server won’t be the bottleneck.

5. DNS

When a visitor types in your website address or clicks a link on Google, their web browser has to do a DNS lookup. It’s essentially asking what IP address to go to in order to request the website files. Think of it as looking up a phone number. You want to make sure that lookup is as fast as possible. Make sure your DNS servers respond quickly.

6. Caching

In simple terms, caching is storing website data for future use. There are many places along the chain you can utilize caching and various types of caching systems. From server side caching to browser caching, you are essentially telling the server or browser to store pieces of information it will need to access often or information that will not change often. It’s one less lookup or transmission, and they add up.

7. Image optimization

Not all images are created equal. If you are taking a photo that you will print in a brochure and also use on your website, you actually have different requirements. For the brochure, you need high pixel density (DPI), but your screen needs fewer pixels. Additionally, there are file formats that work best for different images. You can choose between vector images or raster images.  You have format options such as .jpg, .gif, .svg, and .png. You have compression options such as lossless compression or lossy compression. In short, you have a lot of options and what you use should be determined by the image itself and the display requirements.

8. Javascript Minification and CSS Aggregation

Have you ever received where the box was much larger than the contents? Minification is the same thing; it’s the process of taking out unused characters without changing how it functions. You are making it smaller so that it transmits faster. CSS Aggregation is a bit different, it’s like order five things and having them all come in the same box vs. five different boxes. It just reduces the number of files a browser has to download in order to render your website.

9. Query Optimization

This one is a bit more difficult because it requires experience and finesse. When building a website that relies on a database to function, you can pull that data from the database in many ways. Additionally, you may be pulling from multiple tables in one database to display the content.

For example, in an eCommerce website, you may store the user information in one table and order information in another table. When a user goes to their profile page to see past orders, you would pull data from the user table first and then use information in that query to pull data from another table. Sometimes, you are pulling data from many database tables. Query optimization is essentially finding the most efficient route to get the information you need. If the query is not designed well, your user may have to wait several seconds for the server to pull up all the information and while that is happening, your server is using up more resources than it should which means it can serve fewer people at once.  

Paying special attention to these three areas will help to ensure that your website is always safe, reliable and running at its peak. Designing, developing and deploying a website is only the beginning. If you compromise sensitive user data, your site is always down, or your site is consistently slow then users won’t want to return to your site, and you’ve done all of that hard work for nothing.

Managing and improving your website is an ongoing process. It is a living entity, and it needs to be given every opportunity to flourish. Contact us today if you want to extend the life of your website by ensuring that it is secure, stable, and performs.

 

Filled under: Web Design

Comments

  1. dashlane download says

    One more issue is that video games are generally serious as the name indicated with the principal focus on knowing things rather than enjoyment. Although, it comes with an entertainment facet to keep your children engaged, each and every game is usually designed to improve a specific expertise or programs, such as numbers or scientific disciplines. Thanks for your article.

  2. crackingpatching.com safe says

    I have observed that in the world the present moment, video games are the latest fad with kids of all ages. There are occassions when it may be extremely hard to drag young kids away from the activities. If you want the best of both worlds, there are numerous educational games for kids. Thanks for your post.

  3. resetter epson l1110 says

    Generally I do not read post on blogs, but I would like to say that this write-up very forced me to try and do so! Your writing style has been amazed me. Thanks, quite nice article.

  4. vmix 20 serial key says

    Attractive portion of content. I just stumbled upon your web site and in accession capital to claim that I acquire in fact enjoyed account your blog posts. Anyway I’ll be subscribing for your augment and even I achievement you get entry to constantly rapidly.

  5. iberdrola consumo de electro domesticos says

    Te diré que mi respuesta anterior se debía a la larga experiencia de atender a través de mi empresa, la asistencia técnica en toda España de HAIER, por lo que las pasé de todos los colores hasta llegar a una calidad interesante en el momento de dejar esa posventa. En el Aire Acondicionado tengo unos dos años de experiencia atendiendo también, a nivel naciona,.

  6. Molly Harris says

    I’m still learning from you, as I’m trying to reach my goals. I certainly enjoy reading all that is posted on your website.Keep the posts coming. I liked it!

  7. Justin White says

    Wow! this cartoon type YouTube video I have viewed when I was in primary level and at the moment I am in academy and seeing that again at this place.

  8. Gisela Hect says

    Wow! This could be one particular of the most beneficial blogs We’ve ever arrive across on this subject. Basically Wonderful. I am also a specialist in this topic therefore I can understand your hard work.

  9. Brendon Swenor says

    Attractive part of content. I simply stumbled upon your blog and in accession capital to assert that I acquire in fact enjoyed account your blog posts. Any way I will be subscribing in your feeds and even I achievement you get right of entry to persistently quickly.|

  10. Zane Montana says

    whoah this blog is fantastic i like reading your posts. Stay up the good work! You already know, many people are looking round for this information, you could aid them greatly. |

  11. Jerrell Bellish says

    I’m extremely impressed with your writing skills and also with the layout on your weblog. Is this a paid theme or did you modify it yourself? Anyway keep up the nice quality writing, it’s rare to see a nice blog like this one nowadays.|

  12. Bebe Somvang says

    Great article! This is the kind of information that are meant to be shared across the internet. Shame on the seek engines for not positioning this put up higher! Come on over and talk over with my site . Thank you =)|

  13. Jeffery Sundholm says

    I have been surfing on-line more than 3 hours nowadays, yet I never discovered any interesting article like yours. It’s lovely value sufficient for me. In my opinion, if all site owners and bloggers made just right content material as you probably did, the internet will likely be much more helpful than ever before.|

  14. Brandee Prioleau says

    What’s Taking place i’m new to this, I stumbled upon this I have found It absolutely useful and it has helped me out loads. I hope to give a contribution & aid different customers like its aided me. Great job.|

  15. Chester Kamer says

    I love your blog.. very nice colors & theme. Did you make this website yourself or did you hire someone to do it for you? Plz answer back as I’m looking to design my own blog and would like to know where u got this from. cheers|

  16. Camila Gobel says

    certainly like your website however you have to test the spelling on quite a few of your posts. Several of them are rife with spelling problems and I find it very troublesome to inform the reality nevertheless I will surely come again again.

  17. Devin Redrick says

    Just wish to say your article is as astonishing. The clarity in your post is just spectacular and i can assume you are an expert on this subject. Fine with your permission let me to grab your RSS feed to keep updated with forthcoming post. Thanks a million and please continue the enjoyable work.

  18. componentes en madrid de nilfisk vacuums says

    Informamos que no atendemos averías de aparatos en periodo de garantía, no somos servicio técnico oficial Siemens en Benicasim, sino que ofrecemos nuestros servicios para su reparación. En el Servicio Técnico Siemens en Menorca recomendamos que ante una vería de su aparato actúe con cautela, ya que puede empeorar el estado de este y encarecer la reparación.

  19. historia de energia segun electro domesticos dibujos says

    El servicio técnico de Fagor está centralizado bajo el número 105010 y me atendió una señorita muy amablemente, comentándome que el calentador estaba aún en garantía, tomándome los datos e indicándome que al día siguiente (por hoy) por la tarde se pasaría un técnico. Aunque mi experiencia puntual ha sido satisfactoria, los comentarios suelen ser totalmente negativos en lo que respecta al servicio ofrecido por Fagor, por lo que sugiero que le echen un vistazo a los mismos. Hola, yo soy de Alicante y estoy intentando que me reparen una cafetera express (FAGOR) que me compré y pierde más agua que el Titanic.

  20. Elfreda Ibbotson says

    It’s truly very difficult in this busy life to listen news on Television, so I just use the web for that reason, and obtain the hottest news.|

  21. perfil u de aluminio says

    El número duns de MECANIZADOS DE PRECISION ONTIGOLA SL es 468406942. Toda la información sobre la empresa Mecanizado De Precision Y Diseño Industrial Sl que necesita está en Guía Empresas. Engranajes de miniatura y otros componentes pequeños de control de equipos, dispositivos implantes generalmente se producen usan máquinas de hilo eléctrico de descarga (EDM) y fresadoras multieje.

  22. Merle Olubunmi says

    I blog quite often and I really appreciate your content. The article has truly peaked my interest. I’m going to book mark your site and keep checking for new details about once a week. I opted in for your Feed as well.|

  23. Sparkle Beish says

    Excellent post. I used to be checking constantly this weblog and I’m impressed! Very helpful information specially the last phase 🙂 I handle such info a lot. I used to be looking for this certain info for a long time. Thank you and good luck. |

  24. Tawnya Cron says

    I’m not that much of a internet reader to be honest but your sites really nice, keep it up! I’ll go ahead and bookmark your site to come back in the future. Many thanks|

  25. Tamar Luedeman says

    Hello There. I found your blog using msn. This is a very well written article. I’ll make sure to bookmark it and come back to read more of your useful information. Thanks for the post. I will certainly comeback.|

  26. Librada Sosbe says

    After looking into a number of the blog posts on your website, I really like your way of blogging. I book marked it to my bookmark site list and will be checking back in the near future. Take a look at my website as well and tell me how you feel.|

  27. Stevtaum says

    Prix Propecia Nancy Levitra Chez La Femme Buy Azithromycin Tablets Usp Comment Avoir Du Viagra Priligy Dapoxetine En Inde

  28. eficiencia energetica de aparatos electro domesticos says

    Compruébelo, le cobrarán el desplazamiento, la visita, el presupuesto y además es muy posible que le engorden el presupuesto con altos costes de mano de obra y cambiando piezas que pueden no estar en mal estado pueden no ser necesario cambiarlas en sus frigoríficos. El servicio técnico de reparación Bosch Garantiza todas sus reparaciones por un periodo de 3 meses por escrito la reparación ejecutada. Debajo puede consultar los servicios técnicos Siemens ofertados por nuestra empresa.

  29. Hank Neizer says

    I used to be recommended this blog by way of my cousin. I’m now not sure whether or not this publish is written by him as nobody else know such certain about my problem. You are amazing! Thanks!|

Leave a Reply

Your email address will not be published.