Risk Management, Computer Security, Asset Protection

It’s been said that the shoemaker’s children are usually the ones that need new shoes. In this case, it’s the security geek’s sites that need updating. Badly.

Would you believe that I found one of my websites with a WordPress installation that hasn’t been updated since 2008?

Oops… Thankfully it’s a blog that I no longer need, so if the site is too badly messed up, I’ll just delete it and start over (and the monetization method is also no longer working due to an expired offer, so there’s nothing lost there).

This all came about because of something I call “deep checking”. It’s a procedure that I just came up with — and it might be a good idea if you do this, too. While I hope you don’t find any blogs that haven’t been updated in three years, you might find some other things you rely on that need some security (or other) work.

Here’s how it works:

1. Get a list of all of your web sites — ALL of them — and put them into a spreadsheet. If you use WHM for your sites, it’s fairly easy; just log in to your WHM hosting panel, click on “List Accounts” under “Account Information”, click on the “All” link in the “Page” area (above the domain listing), then click on “Fetch CSV” at the bottom. You’ll have a great start to your listing.

2. Add columns to your spreadsheet for the stuff that’s important to you. As an example, I started doing this today because I had not only lost track of the domains that currently have active hosting; I had also lost track of which domains have a blog and which have the proper legal terms on them.

(I purchased a license for Auto Web Law to generate my legal documents — and that is an affiliate link. For a product I personally use… It’s pretty thorough and didn’t set me back too much. Click here if you want to see how I do it on my sites.)

3. Log in to each of your sites to see what they have. In some cases, my FTP software didn’t even have a saved entry for some of the sites stored in its Site Manager — which means it’s been a LONG time since some of them received any attention at all! Which means that, most likely, those sites are no longer making me any money while costing me in terms of hosting, domain names, etc.

BONUS TIP: While you have your FTP software open, change regular old FTP to SFTP — if your hosting company supports secure shell (SSH) access. If they don’t, consider getting a different web host (like my hosting company, Dathorn. They allow SSH, have great ticket response times, and a whole lot of other good things going for them. And again, that’s an affilaite link for a service I use…). And if your hosting company allows SSH but your FTP client doesn’t support it, get FTP software that does. FileZilla supports SFTP and is free.

4. Make note of what needs to be changed, etc. In this case, I made spreadsheet entries regarding the existence of WordPress software and my legal terms. And don’t just limit yourself to security stuff; if you see something else that needs work, make a note of it.

5. If you note any other issues that need to be addressed, make an entry in the spreadsheet. As an example, I found a few sites that had Front Page Extensions installed. I no longer use Front Page to manage my sites, and leaving the extensions installed does nothing beyond providing another opportunity for hackers to exploit a security vulnerability.

6. After you’re done, fix the issues you’ve noticed. Otherwise, all you have is a pretty spreadsheet to show your friends…

This can take a lot of time, especially if you have a lot of web sites! But once you’ve done it once, it will be much easier the next time around.

If you’d like to have me do this for you, please go to Protector Support (my help desk) and leave a message. I’ll bill you at my current hourly rate (check the site; it changes from time to time, and rather than list it in a zillion places that need to be changed, I just post the current rate there).

Share on Facebook

{ Comments on this entry are closed }