Welcome to WebmasterWorld Guest from 34.229.194.198

Forum Moderators: phranque

Should I include security? or charge extra?

     
3:04 pm on Jan 29, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1730
votes: 36


If we develop a site for you, promote it, and host it on our own servers, are we expected to look after the site where security is concerned? or do we get to charge extra for securing the site against the various hackings that are possible?
3:54 pm on Jan 29, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1730
votes: 36


Or another way of putting the same question, we pay to get a website developed and hosted by an agency, now we are told we must pay more to keep it secure! Does that sound legitimate?
4:07 pm on Jan 29, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 22, 2005
posts:1177
votes: 16


Ha. I remember when if the client wanted their website to work on mobile devices, you could charge extra. Good times!

There are "security" things one can do that are not a good value and there are basic things that need to be done. In the middle are what your professional judgment says is needed. If the client is paying for your professional judgment, then you should provide it.

Anyway, if you host it on your server, then you're responsible for most of the security.
6:56 pm on Jan 29, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15444
votes: 739


It is to your own advantage to keep the server as secure as possible, so asking users to pay extra is definitely penny-wise and pound-foolish.

Analogy. Suppose you have an apartment building, and you charge tenants extra for having a deadbolt on their front doors. (This is assuming for the sake of discussion that deadbolts arenít already required by law. Work with me here.) Some people pay, some decide to risk it. You can see how quickly this will turn around to bite you, as the next passing crook-with-a-brain takes advantage of the less-secure apartments as a means to gain access to the rest of the building.
10:18 pm on Jan 29, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:2044
votes: 340


Or another way of putting the same question, we pay to get a website developed and hosted by an agency, now we are told we must pay more to keep it secure! Does that sound legitimate?

Not in the sense of it being a must, but it's common for agencies to offer (and recommend) a maintenance service, which would include keeping the website secure. Not to keep the server secure, mind you, as that should be part of a managed hosting service, but things like updating a CMS and making sure nothing breaks along the way (or then fixing it). It's the way agencies prefer it because it's easier (or perhaps the only way) to make guarantees about the continued functionality of the website. Of course, keeping things in-house usually also means bigger profits from reselling hosting services with hefty margins. From the client's perspective, the alternative would be to do their own maintenance, in which case they'd need the expertise, or none at all. It is something that, ideally, you would discuss upfront.
11:11 am on Jan 30, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25841
votes: 847


Would you host a site on an insecure server? I doubt it. It has to be a given, imho, and should be part of the hosting fee.
12:05 pm on Jan 30, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11566
votes: 182


which parts of the security are they leaving out?
12:44 pm on Feb 4, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1730
votes: 36


@engine "should be part of the hosting fee" that is my feeling

@phranque "which parts of the security are they leaving out?" the amount of items they list as being taken care of by their enhanced service, it seems they must miss out most in their basic hosting package.

Our site is php, but it seems that they should take care of any vulnerabilities php may have.
1:05 pm on Feb 4, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:2044
votes: 340


the amount of items they list as being taken care of by their enhanced service

Can you name a few things?
2:51 pm on Feb 4, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1730
votes: 36


Rather not list stuff from their proposal @robzilla, that is their IP, not mine.
3:31 pm on Feb 4, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:2044
votes: 340


Just in generalized terms, I was curious what "enhanced service" might include. You haven't provided enough details for us to judge this.

For example, it can depends on the type of hosting. On shared hosting everything's usually maintained for you, since you don't have any way of doing it yourself. If you have a private server, however, then updates that go beyond the OS itself aren't always included in a basic server management service.
9:25 am on Feb 5, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1730
votes: 36


Scheme 1 includes a scan, some rectification work if required, an audit, and a report.
And service 2 includes ongoing monitoring including annual scans.
6:30 pm on Feb 5, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Mar 30, 2006
posts:1574
votes: 119


@Mark_A +, it depends.

You develop the site, you provide the hosting, you should provide then some level of security, it's after all your server and your CMS so it's part of what you sell. Otherwise you could sell Joomla and tell clients "if something bad happens you are on your own, or we will charge for fixes".

You could charge for extra fee regarding maintenance as in "keeping the last version of the CMS online" for security concerns. This way the client will always have the latest version and security (supposedly, remember some updates break the sites).

Both previous options SURE involve having a backup, this is FOR YOU as an admin or as a developer. Example: you update the site, it breaks, then restore your backup. Remember, HDD fail sometimes and servers can also die, I've been working on the web since 1998 paying for hosting on good companies and let me tell you bad things happen sometimes.

Other than that you can easily charge extra for backups (daily, weekly, monthly, etc). IMO you must always have backups, but your client doesn't have to know unless it's paid, they probably would want to access those backups.

HTTPS is something you can also charge extra due to "certificates" yes, there are free options but you can charge for your service.


Not in depth: it's difficult to charge for "security", sites can get hacked and you might experience hard times getting them back online and your client might misunderstand this "I'm paying, why hacked then? and why so slow on recovery?".
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members