The trials of keeping a web site up
This is something for you to think about when you see a web site offered for free or something ridiculous like Â£1.99 a year including e-commerce. Stuff economies of scale, costs have to be covered. You can do sites for free (or at least at cost), I certainly do for friends, but you have to bear in mind what you are asking for / giving / getting.
Mostly I just tinker about for myself, but I have helped others, and have done for over twenty yearsâ€¦
Upping sticks and moving server is never fun. (I think I’m on something like my ninth server and fifth provider, though a few have been migrating to/from VPS to dedicated servers). It’s rare but I’ve seen overloaded servers crash and burn and take scores of unprepared web designers with them. Had it happen to me, but I’m paranoid so I tend to make a lot of backups!
Then – fortunately rare now – there are the registrars that hold domain names to ransom. Those and cyber-squatters. Names matter.
Seen all the changes from bare text HTML to the grinding load times of adding images to the introduction of style sheets and onto the modern world of ubiquitous access to blogs, wikis and browser games. Things change, sometimes a LOT and you have to try and keep up.
Which bring me to today, as I once more move server, rebuild and harden after some git hacked into the VPS server I had. The cost was â€¦ steep. Eye-wateringly so.
Still, needed doing.
In the old day you’d write in a text editor (which, as much as possible, I do anyway!), preview changes on the development machine and upload when you are happy. Now, for live sites, it at times be can be like the 7 changes of grief/acceptance mashed into a few hours or days! You have to navigate through layers of security (essential to keep the hackers and vandals out), through layers of cache, while still getting it to work on all devices from Nokia smartphones to iPads to computers with one of several browsers – half of which choose to implement de-facto standards and agreements in their wayâ€¦ That’s before you worry about keeping the client happy, even if said client is just yourself. One has to have standards, hmmm?
Just sorting a glitch with SSL took me days. It was my first time so there is a learning curve, but I’ll offer this advice: if you are using a third party firewall and they say that entering the ‘Chain Certificate’ is optional – be aware that it bloody well isn’t. It causes all sorts of headaches and hassles if you leave it out.
Curiously, what really broke my certificate was a single plug-in. One that persisted through removal and cache purges. At first I thought it was my theme but I couldn’t find a thing wrong with it. The fact changing it to a default WordPress theme cured it (temporarily) only made it harder to trace.
If you are interested in why it’s not quite straight forward, particularly if you know this frustration, read this :
WordPress on web caches : I make changes and nothing happens
Basically, seeing changes on a live site, particularly a heavy, SSL certified domain isn’t straightforward. Without caches the Internet would probably crumble under the bandwidth strain, so it is needed. Between a web site and you there can be plug-in (internal) caches, external caches like CDN, there are caches that ISP’s etc hold, then there’s the cache in your own browsers. For new pages, like this I’m soon to post, not a great problem. For existing, updated pages, style sheets, function changes, it can take up to 48 hours to appear. A bit of a chore if you need to be absolutely sure that the changes you are making doesn’t break something else!
When it looks like that you can’t ask visitors to just accept the blocked material, that would be unethical and a tad risky to say the least.
Until, eventually :
Between those points though is a lot of digging, frustration and more than a little temptation to walk away from it all! But you don’t.
The seven stages of a web designers’ grief/acceptance
Shock and denial : No, I can’t really have lost it all? I have backups, right?
- Pain and guilt : What have I done?
- Anger and bargaining : Why me? The frustration of looking around for answers.
- Depression, reflection, loneliness : I can’t live with this ugly design, how could I let this happen? I’m never leaving my office again. I’ll just sit here alone and hack functions.
- The upward turn : You calm down and rationalise, a little
- Reconstruction and working through : You address the practicalities of rebuilding your broken site
- Acceptance and hope : You learn from it and move on. However painful, you’ve learnt from it.
- Full of confidence you try another new change – on a live site (See 1.)
(Note this does not trivialise depression, it’s a macrocosm of it. There’s a certain sense of being violated when some numpty hacker gets into your server because a client or forgotten site had a weak password or old plug-ins/code that got found by a sniffing bot and whoop-de-do for them proved to be an exploit they could access.)
Meanwhile, just when you thought it was safe to go back in the water :
That represents just a handful of the hundreds of attacks a day of just one of my blogs. I’ve nothing worth stealing, I don’t do eCommerce, these are just parasites and bots looking for a way into any and all sites to inject malware, upload images for use in mass-mailed spam or any other of a number of other unsavoury and wholly illegal activities.
It’s not paranoia when they really are out to get you!