Over the years I've continually stressed the importance of web security to our clients. To the point that some of you think that I'm paranoid.
But in this instance it's a case where the perceived paranoia should be interpreted as actually being in possession of the full facts. And of course, I have the relevant data to support those facts.
Remember that you don't see what I see on a daily basis. You're disconnected from it because I handle the process completely - so you don't need to think about it. But just because none of our clients have ever been hacked doesn't mean people aren't trying. They are! And it's my job to stop them!
But what am I up against? This image below is a screenshot of the security firewall in one of our client's sites. Those statistics represent the hacking attempts made on that particular site within specific timeframes. And every one of those hacking attempts was blocked and the IP blacklisted.
So let's be absolutely clear that these threats are very real, and they need to be taken seriously. I take them very seriously indeed.........do you?
Because throughout recent years the security threats to web sites and personal information have increased in sophistication, magnitude, intensity, volume, and velocity. In fact, 87 percent of IT security specialists worldwide believe that we're now in the middle of a global Cyber War!
This elite level of expertise, which was previously directed mainly at governmental and international corporate entities, is now spreading across into the mainstream of security threats that we have to face every minute of every day. The script kiddies and amateur hackers of yesteryear have now been been usurped by a much more sophisticated and knowledgeable network of potential intruders. And they're packing a lot more firepower in their arsenal.
Faced with this additional level of threat we had two choices: Stick with the current system that has served us well for so many years and hope for the best. Or raise the bar to reflect the change in the status quo. As you would expect from us, we've raised the bar. A lot! So in addition to our normal (and very extensive) security processes, we've now deployed an industry-leading commercial security system.
Obviously I can't go into any detail on this openly, but it does introduce advanced intrusion prevention and Bruteforce protection to mitigate against the new threat levels that we face.
From now on, all the individual security elements which were previously working independently are contained within a controlled and integrated server security environment and the processes interact together should the threat change or evolve. Plus, it brings a lot of additional elements of protection to our servers, one of which is it has the ability to automatically send any infected files to a cloud based analysis engine. The file is then automatically cleaned and sent back down to the server when the threat has been removed.
Obviously we hope we never have to use this aspect as our mission is to stop any threats before they reach that point. But it's still good to have processes in reserve......just in case.
So we have now created an environment where detection, protection, and reporting of security threats happen simultaneously and collaboratively. The system protects your web applications and personal data effectively against malwares, botnets and hacker attacks at all times. And after speaking to the developers, it appears that we are the first provider in Spain to implement this system.
But we can only go so far, because you have a responsibility as well. Do not run outdated software and deprecated PHP versions on your accounts......you're just asking for trouble. And if you are running vulnerable software then all the security systems in the world are not going to help you because the application will just let the attacker in without triggering security. Essentially you've given them the key to the door.
We've always notified clients of this situation before their sites reach this stage. And if they choose not to update their software then that's their choice. However, we are then unable to provide hosting services for them any longer - as they're a risk to themselves and everybody else. We would of course find them an alternative host. Be assured that there's plenty of "Web Hosts" out there who don't care what their clients put on their web space......as long as the money comes in.
It comes down to this: Would you prefer your data to be within a secure gated compound......or a crack house? It's a no-brainer as far as I'm concerned!
Every new client that comes onboard with WebSpain gets their first year of fully managed web services free of charge. They are then able to evaluate whether they want to stay as a longterm client, or perhaps take their site elsewhere.
But besides the allocation of server resources that you receive, there's the permanent ongoing attention that comes with it:
Site security updates applied on day of release.
Uptime monitor checking connectivity to your site every 5 minutes 24/7/365.
Site Security Firewall monitoring your site 24/7/365.
Monitoring of site and server security notifications.
Daily site backups to a remote server on the network using R1 Soft technology.
Twice a day database backups.
Site errors rectified subject to site software being current.
PHP version upgrades subject to site software being current.
High CPU and memory allocation on a 32 CPU Intel server, 32GB RAM and 6 x 480GB SSD drives in a RAID 6 Array.
Immediate site and mailbox restoration.
Mail delivery monitoring.
GDPR compliancy implementation.
SSL/Dedicated IP address site implementation.
Instant response with personal support.
What we don't provide:
Promotional and Marketing Services, E-Mail Marketing Campaigns, Google Adwords, Bulk data input services, Social Media Promotions, Graphic Design, PPC, Bespoke Programming and Coding, and SEO campaigns.
There are third party agencies who can provide these additional services, but any work that you contract them to do must be undertaken by them. We cannot assist them in any way other than providing login details to the site.
As an example, the managed package detailed above for a client using 20GB diskspace in a UK datacenter would be approximately €395 a year. But of course there are alternatives to our services! Who knows......the grass may be greener elsewhere? So I've listed a few options, all of whom deliver professional services that I anticipate would be on a par with ours.
Web Hosting €280 a year (Clook) plus a Site Firewall €175 (Sucuri). Total €455.....but this does not contain site management, only hosting and security facilities.
Site Management €850 a year (Joomlashack). This contains site management, but no hosting facilities. So add the two options together to match the full WebSpain package and it would cost you €1305 a year.
Site Management and Hosting combined from €1050 up to €3200 a year (JoomDev). This is the closest match to what we provide, but there is no indication on their site of diskspace allocation or the number of sites covered. And there are limitations in the number of support tickets that you can submit per month..
So if you're comparing like for like that's how the figures stack up. Of course, if you don't want support or security of any kind for your site, and your only requirement is cheap hosting......then you're spoilt for choice. There's virtually no end to the numbers of "providers" who can supply you with diskspace on oversold servers and you can just wing it from thereon. It's what I call the "Occupational Suicide" option.
It's not a course of action that I would recommend if you have a viable business. But if your website isn't important to you, or you don't care about running obsolete software and having dubious neighbours with adult sites etc in close proximity to you.....then it's certainly worth considering. You may well be able to find somebody for less than €50 a year......but the amount you pay will have a direct bearing on the level of service you receive. Because at those unsustainable levels of pricing there is no margin for the provision of professional support personnel. Just bear in mind in that scenario you're on your own as regards your site, and depending where you go, you may well be on your own in the matter of having a reliable hosting service and e-mail facility as well.
One point I do want to emphasise is that if you do not have a current WebSpain account, you are not a WebSpain client. Therefore we will be unable to assist you with any problems that you may encounter. Our service is only for current WebSpain clients, as they are our sole focus of attention.
If you want to maintain similar levels of service then you're looking at over €1000 a year minimum......compared to our example price point of €395. Of course you can get cheaper if you're willing to lower your expectations. But when you go to the very bottom of the barrel then it's not how much money you can save, it's how much grief you can withstand!