Are website security services worth the money?
All Content Management Systems, whether WordPress, Joomla, Drupal, or other, are susceptible to the occasional hack/intrusion. These systems are complex and hackers are relentless and forever searching for a way into your site, and sometimes they succeed.
There are best practices to keep this from happening, and to easily recover if it does, but that is not what this blog entry is about. This is about website security services companies.
What is a website security services company? They come in many different forms, some legitimate, some not. So you have to be careful, and perform some due diligence before handing over the keys to your site and your hard-earned money.
A legitimate company, in my opinion, will offer a a set of services like the ones listed below, for a reasonable monthly fee:
- Initial site security setup
- update website CMS to latest version
- update all components to latest version
- scan website for possible hacks
- ensure site backup process is in place
- Monthly CMS & component updates
- Support & additional services for up to "x" hours
What should something like this cost? You should break it up into two separate parts, the initial site setup, and the ongoing service.
Initial Site Security Setup
The process will be somewhat variable, depending on your specific situation. If your site has already been hacked, you will have to take that into consideration. Or, if you are an an expired version of your CMS, you may need more than an update... you may need an upgrade. These costs are impossible to estimate without knowing your individual situation and the particulars of your website.
But, if your site is reasonably up to date, and you have not already been hacked, this service will be straightforward, and should take no more than 5 hours. In most cases, buttoning up your site should cost no more than $500.
Monthly Updates & Additional Support
I have this exact arrangements with a number of clients, and it is relatively straightforward. I will maintain the CMS to the latest available update, and will keep all components up-to-date on a monthly basis. I will also offer to provide additional support and/or site updates up to 5 hours and no additional cost. This service generally costs only $300 / month.
Unfortunately, there are a lot of companies out there offering magical security solutions which are completely worthless. There is no magic bullet. There is no universal solution to keep hackers away. There are simply best-practices. Companies that are offering 100% guaranteed security solutions, are not being honest. You need to know you can trust you website developer and not get handed a bunch of lies.
So, when talking to a website security company, keep it simple. If they break out the magic beans, you know you are dealing with a con artist and you should walk away.