Make your digital life more secure

By Matt,

December 2023


Make your digital life more secure with this one easy trick! Just update stuff…

We all hate the little message bubble or red dot telling us a software update is available. It is never a good time to install one. No matter how many new emoji you’ll get. However it is probably the easiest way to keep your devices and software safe from security vulnerabilities.

The Craft CMS community recently had the biggest (only?) major security issue they had ever had. A vulnerability was found that could allow a hacker to execute code on the server as Craft CMS. This is bad, as it essentially means the hacker can do anything on the server that the CMS could do, including editing files, accessing the database and so on.

This caused a bit of a scramble in the Toward Studio. We quickly identified clients whose sites were running an affected version of Craft CMS. It wasn’t many clients, but they all had one thing in common - they were not signed up to our Website Care Agreement, and so were not getting regular updates. If they had been, by the time this issue was found they would already have been on a fixed version.

All software has bugs

It’s not just Craft CMS that has this issue. All software has bugs, and every major platform has to issue a security update from time to time- just google Wordpress Hacks. A well known example of out of date software causing major issues was the Wannacry Malware which affected Windows systems back in 2017. Users who were either automatically or manually updating their operating systems weren’t affected, but users and systems that didn’t do this were exposed (including some NHS computers, which ended up disrupting services and costing them around £192m) . As for websites,  in the 2022 Securi Hacked Website Report, around 50% of all CMSs were out of date when they were attacked. 

Website Care Agreement

Once your shiny new website is live we offer all clients peace of mind that the website is looked after through a Care Agreement. This ensures that it runs smoothly, is secure and is up-to-date and we do this by:

  1. Maintaining your SSL. Google punishes websites without an SSL (Secure Certificate).
  2. Regularly check for updates to your version of Craft CMS or plugins, and install them for you, ensuring your site is up to date.
  3. We’ll constantly monitor your site, making sure it’s up and running. If it goes down, we’ll investigate.
  4. We’ll constantly monitor your server to make sure it runs hiccup-free.
  5. And most importantly, in the unlikely case that something goes wrong with your website, and it’s a quick fix, we’ll fix it as a priority, at no additional cost.

If you’d like to find out more about our Care Agreement email

Talk to us about how Craft CMS can help you