Choosing a Website Developer (Part 2) - Website Security is VERY important.

When choosing a website developer, there are a lot more things one should take into account these days, besides price. The good-old-days are unfortunately gone, so having mom or pops develop your website, or your best friend's cousin's brother just isn't going to cut it. Having it developed offshore, in for example India or the Philippines, or by a newbie developer just out of school, probably isn't a good idea either.

In the following scenario, one that we see way too often, I'll explain why.

Client: I had the development of our website contracted out to X - it is incredibly slow and keeps on popping up errors. The developers are in country X and I really don't want to deal with them anymore.
 

The Problem
There are most likely 2 problems with this website:

  1. Hosting: so you're paying $5 a month hosting and are wondering why the website is slow. Sadly, you get what you pay for. $5 hosts end up piling thousands of websites onto any giving server and all of those websites have to share the resources. The only solution in this case is to move to a more reliable server. Another concern one should have with a shared host is that if the server hasn't been configured properly, and a LOT of them haven't, one user can sometimes access another users files and database. Another reason it could be slow is....
     
  2. You've been hacked - Now what!: it's pretty scary how many hackers are out there these days. Granted, most of them are script kiddies who have just downloaded some hacking kits, but none the less, both can harm you. The script kiddies generally just deface your website - which seems bad, but really isn't if that's all they do - whereas the real hackers have more sinister agendas and you generally won't even know that you've been hacked. The real hackers want to steal data and personal information. Both the script kiddies and real hackers get into the server by exploiting some vulnerability, be it a security patch that wasn't applied, bad coding (sql database injection), password sniffing, trojan on a user's pc, hacked email account etc. On a shared server that isn't configured properly, this ends up being disastrous as hacking into one site could potentially give the hacker access to the ENTIRE SERVER.

 

The Solution
When selecting a developer, you shouldn't think of the developer as a once off builder and move on kinda deal. It's a better idea to partner with a developer who has a track record, and will provide ongoing support, security and maintenance. If your website will gather/host sensitive data, then you really need to have a developer/security specialist that knows what he's doing. Having a website built and trying to host it yourself these days is a really bad idea: free platforms (such as wordpress, joomla & drupal) & free modules change so quickly, so unless you are going to be downloading and applying updates to the platform and modules yourself, chances are your website will be hacked in the near future. Solid developers should, within their maintenance plan, apply these updates and more importantly security updates for you. In reality, what we've found is that, this does not happen. Unfortunately contracted out web development generally means that you end up with the hosting responsibility, and there is a lot more to hosting than simply uploading some files.

We assist in this kind of scenario by:

  1. Hosting: importing your website into our Tier 4 (best that you can get) nailed down server environment. 
     
  2. Re-engineering: we generally only import your website design graphic and data into our morphogine platformWe then replace the existing modules with our similar morphogine modules, and we secure and bug check everything - so we'll remove any hacker injected code that we find. For a list of advantages of using our platform, see morphogine platform advantages.
     
  3. Immediate & Ongoing Security: All of our clients also get our 24 x 7 x 365 website security monitoring services for free!
     
  4. Kick Ass Support: If your current developer/host doesn't get back to you within 4hrs, then you're with the wrong developer/host. We generally respond immediately or within an hour to requests. Support & Security are of the utmost importance to us!

Once we have launched the re-engineered website, we provide free bug fixes as long as you are a client with us, and our fixes are generally applied within 1hr. We are also obviously on top of any hack attempts as they occur - believe it or not, hack attempts pretty much occur every second of the day. Our morphogine platform also monitors all of our client websites and notifies us if any bugs are encountered - we fix bugs and apply updates the same day of the notification. We also push out any new functionality and updates to all of our client websites as soon as it is released. Get Started with our RFP.

Posted in Choosing a Website Developer, Managed Platform, Web Security. Tagged as CMS, Fix Hacked Website, Web Development, Website Support.

Choosing a Website Developer (Part 1) - Cheap equals Trouble.

When choosing a website developer, going the cheap route - or basing your decision mainly on cost - will generally result in you ending up in hot water, one way or another. Unfortunately cheap is, well, cheap - whether that means outsourcing development to India or the Philippines, or choosing a local web developer that offers you the world for nothing - the age old saying applies "if it's too good to be true, it is."

In our first two scenarios, ones that we hear from a LOT of people, we will be talking about selecting a reliable developer and web platform.

Client #1: My previous developer built X % of the project, has taken our money, and now we can't get hold of him. A lot of what was built doesn't work properly.

 

The Problem
These developers offer dirt cheap prices in order to secure the project and they generally throw you onto a freeware platform, such as wordpress, joomla or drupal. They then throw a lot of free modules at it, so that it looks like it's working and once they've got a lot of your money, they run because they either can't actually develop any of the custom functionality that they promised, or they had no intention of following through with the project. Sometimes they dont even provide any of the login details to the domain etc, so you're stuck and it's an uphill, costly battle to get your domain back. In extreme cases we've encountered developers who even try to blackmail the client.

If your developer has dropped you, the only option is to find another developer to take over the "mess". Even though you may find a new developer, the problem is that they'll be building upon the existing "mess" - they generally don't analyze the existing modules, pages and database to make sure that what you currently have is up-to-date, bug free and secure.

 

The Solution
When selecting a developer, you shouldn't think of the developer as a once off builder and move on kinda deal. It's a better idea to partner with a developer who has a track record, and will provide ongoing support and maintenance, as having a website built and trying to host it yourself these days is a really bad idea: free platforms & free modules change so quickly, so unless you are going to be downloading and applying updates to the platform and modules yourself, chances are your website will be hacked in the near future. Solid developers should, within their maintenance plan, apply these updates and more importantly security updates for you. Unfortunately in reality, what we've noticed is that, this does not happen. 

We assist in this kind of scenario by importing your website, specifically the design graphic and data, into our morphogine platformWe then replace the existing modules with our similar morphogine modules, and we secure and bug check everything. We generally have to redesign the database as some of the free platforms have modules that are, more often than not, developed by inexperienced developers and their focus is not on data design, performance and more importantly security. The free platform modules are free, so the developers focus is to get them finished quickly. Now granted, some developers offer support and patches for their modules, but a lot don't.

Once we have launched the new website, we provide free bug fixes, as long as you are a client with us, and our fixes are generally applied within 1hr. Our morphogine platform also monitors all of our client websites and notifies us if any bugs are encountered - we fix bugs and apply updates the same day of the notification. We also push out any new functionality and updates to all of our client websites as soon as it is released. Get Started with our RFP.
 

Client #2: My previous developer built our website. We need to add some new functionality now, but they want to charge us a small fortune for it.
 

The Problem
These "developers" aren't really developers. They market themselves as developers, yet all they are offering is a website powered by a freeware platform, such as wordpress, joomla or drupal. They then plugin some freeware modules. The problem is that they aren't actually developers, so as long as you only request functionality that falls into the scope of free modules that are already available, you'll be fine. As soon as you request custom functionality or fixes/small changes to existing modules, they'll charge you an arm and a leg for them, because they'll have to outsource the development that they cant actually provide themselves. 

The only option here is to find another "real" developer to take over the development. The "fake" developers may at this point try and lock you in by saying that the platform is theirs or the design is theirs etc.

 

The Solution
When selecting a developer, you should make sure to ask if they are able to develop custom modules for you, as well as the approximate costs of custom modules. If they can't develop custom modules, then run for the hills.

We assist in this kind of scenario by importing your website, specifically the design graphic and data, into our morphogine platformWe then replace the existing modules with our similar morphogine modules, and we secure and bug check everything. We will then develop the new modules that you require - we can build anything - and we will plug them into our morphogine platform.

Once we have launched the new website, we provide free bug fixes, as long as you are a client with us, and our fixes are generally applied within 1hr. Our morphogine platform also monitors all of our client websites and notifies us if any bugs are encountered - we fix bugs and apply updates the same day of the notification. We also push out any new functionality and updates to all of our client websites as soon as it is released. Get Started with our RFP.

Posted in Choosing a Website Developer.