One of the concepts several of our clients and people I talk to on “the street” routinely misunderstand is the difference between website maintenance and website hosting. In one of the first blog posts I wrote, I explained that there are 3 different costs to building and maintaining a website: Start Up Costs, web hosting costs, and Domain / URL costs. In another blog post from December 2013, I briefly wrote about web hosting, saying:
Most web developers and designers are not server administrators, and that is why you often times hire two different companies to provide these two very different services.
My goal in this post is to briefly explain the difference between web hosting and website maintenance.
Web hosting is a service that makes your organization’s website work online. Websites don’t just sit in “the cloud” in la-la land. They exist on a very real (and sometimes very powerful) computer (server), or on a sophisticated network of computers, somewhere. These servers require a good deal of careful configuration, monitoring, and updates in order to remain securely available online.
If the server crashes, it is the responsibility of your web hosting company to fix it as quickly as possible. If the server gets hacked, the hosting company has to secure the server and fix the damage (normally this means reinstalling the operating system from scratch, and restoring websites from backups).
On the other hand, your website security is your responsibility. (Unless, of course, you have an agreement setup with your hosting provider that includes website updates).
As I wrote in a blog post on “Securing your Website“, you absolutely must keep your website code updated. For example, common Content Management Systems like WordPress and Drupal routinely come out with security updates for their respective platforms. You can review all of the “core” WordPress security updates at https://wordpress.org/news/category/security/ and Drupal’s security news at https://www.drupal.org/security.
If your website gets hacked, chances are, your hosting company will tell you that it is your responsibility. You must fix the issue – that isn’t what your hosting provider does (unless you have a separate agreement with them, of course).
And so, nonprofit organizations are often times left in a lurch when their website does get hacked. Often times, the person (or company) who developed the original website is no longer available or worse, has all of the passwords, preventing an organization to fix the damage quickly.
The best way to protect against this is to be proactive by: keeping a (secure) record of all of your passwords, and keeping your website code up-to-date.