How to protect your web site

There have been a few posts lately with regards to organizations getting handcuffed by uncooperative webmasters, hosts, or domain registrars. I decided to start this thread in an effort to educate people on how to avoid some of those conflicts before they arise. I will try to keep each post on a different topic, and it might take a day or two between each post. I am sure some of the other developers will contribute as well.

Let's start with domain registration. Since this is the key to your online identity, this is perhaps the part that is most important to get right. The domain name is an asset, and should be treated as such. It may only cost ten bucks a year to register your domain name, but mistakes in the regitration process can cost you hundreds or thousands of dollars to correct if things go awry, not to mention down time and aggravation.

You need to ensure that you keep complete control over the domain registration at all times. Even if you outsource your web design and development, make sure that YOUR ORGANIZATION registers your domain name. When doing so, use your organization's DBA name as the owner, and NOT the name of an individual. You can specify alternate contacts for billing and technical issues, but the owner of the site must accurately reflect the organization in order to survive rifts. Document the username and password and place the document in the same place you store all of your other sensitive information. This username and password should not be needed by the developer or the billing contact, so don't share it with anyone who does not need it.

As the owner of the domain, the owner account can override the technical and billing accounts on the domain. So, if there is a problem with tech or billing issues you can still take control of the domain.

Another item to note... Even if your plans for a website are a year or more away, there is nothing stopping you from registering your desired domain name right now. You do not need to have a web site behind the domain name until you are good and ready. But by registering it as soon as possible you help ensure that it will be there when you need it.

Great thread!

Backup your website files in TWO places.

1. Create a "Site_Backup" folder on your web server, in the "top level". Copy the contents of the entire site into this folder. REPEAT every 30 days.

2. Create a folder on your local computer in your site files called "Site_Backup". Copy the entire site into this folder monthly (semi-monthly?) as well.

If multiple people are updating your site. Be certain to backup the site files FROM the server in order to capture the latest update.

hth,

To go along with the idea of protecting your domain, I suggest that you have different email addresses for each contact. This is to prevent a renewal or other notification message from being missed, which could cause your registration to lapse if not caught in time.

I like to create "role" email accounts such as "billing@", technical@", and "administration@". This way if you have staffing changes you can just assign the email forward to the new person in that role and do not have to change your registration contact information.

Don't forget that if your site is using a CMS or database for the backend you need to backup this data too. This is normally MySQL or Microsoft SQL. I have seen people who think they have a backup and it turns out they don't have any content cause it wasn't stored in normal files in their web directory.

Keith

Super thread indeed! Currently going through a major headache in migrating a county wide website to a new host, and the umpteen DNS/Registration changes that involves.

I'd go one further on the registration documentation: Keep records on the contact info of the Registrar too. Knowing a real live phone number is one of the best ways to pull yourself out of a jam.

Fabulous thread, and thanks very much for contributing this information.

Some additional tips on domain name registration that I recommend:

1. Try to register your domain name with a company that is NOT also your Web host. If you use the same company for domain registration and hosting, should you ever wish to change hosts, you might run into tremendous difficulty in moving your domain name to the new host.

2. Keep your contact and billing information up to date. If your address, phone number or e-mail address should ever change, you must update your domain account record accordingly.

3. Don't forget to always renew your domain name by the renewal deadline. (Most domain registrars normally send out renewal notices by e-mail about a month before the domain expires.)

Yann

Dittos on the tip about keeping mutually exclusive your domain registrar and web hosting company. If you ever have trouble with the web hosting company, a simple switch of nameservers is all that's needed to say bye bye to them (alongside putting a stop payment, etc. on any billing issues).

Re backup:

if you are the webdesigner always always work locally and then upload changes to the web. It is very easy to work online and skip the local option. BUT working locally means that you always have the most recent (structured) version of you website that in the event of disaster can be uploaded.

Great thread, great ideas. Maintaining control of your own web site will save SO much heartache and money over time...

My two cents' worth: if you have paid a web designer to initially create your web site, be sure to obtain a CD which not only has the site's files, images, javascripts, etc., but which also contains the artwork (Photoshop with layers intact, Illustrator, etc.) that was used to create your site.

If you find, down the line, that you need to make changes to graphics -- add a button, change a logo, etc. -- and are unable to contact your original designer (or don't want to, for any reason), this will allow you to hand the CD/art to a new web person to create something that matches your site...avoiding the time & expense of creating something from scratch, guessing at typefaces/colors, etc. It can save a lot of time and money, especially with elaborate designs.

Margaret

With respect to the previous two posts, there is a fundamental flaw from my point of view. If you get a CD from the developer, it is pretty much obsolete from the moment the next change to the website occurs.

While it does hold some value, I don't think it is prudent for an NPO to put a whole lot of confidence in the fact that they have a CD that could be quite old by the time a problem occurs.

An automated, scheduled backup of the live website and corresponding databases, etc. is the most useful form of protection. And in a perfect world you would keep several iterations of backups. For example, if you keep complete backups for January, February, and March, you can reconcile a problem that may have occured in February, but was not detected until March.

This concept may seem like overkill to those who have not encountered a problem, but the insurance it provides is quite inexpensive vs the immeasurable convenience of being able to go back in time.

Some of these practices seem like a lot of work for a tiny website. This may be so, but getting into the habit and sticking to a regimented approach is critical for this business process, just like any other business process associated with your NPO.

If you look through the forums for "problem posts", the vast majority of them can be attributed to not following some of the fundamental rules of good business practice.

Web development has become so "simple" that it has lost quite a bit of respect. Doing it cheap and wrong is simple. There is a great span between doing it the easy way and doing it right.

You owe it to your NPO to do it right... don't you?

Great points!

Having been through a number of NPO situations in which a site's entire graphically-based navigation system had to be redesigned, resliced, and programmed because the original designer skipped town with the artwork (there being a world of difference in usefulness between the .jpg on your backup disk and the layered Photoshop document which contains the original photos/fonts et al), I stick to my guns that it's also best to have a copy of the original art used to create the site....and keep later iterations backed up as well! Better yet, to use text-based navigation wherever possible, since it's easily changed and most likely to NEED to change as the organization evolves. :)

But backup, backup, backup is a good mantra all around.

I agree with Margaret's very good point that the original files have value, I just don't want people to be lulled into a sense of false confidence by them. They DO have a purpose, but they will not solve all of the NPO's problems. They will not necessarilly have the 'latest and greatest' version of the website.

Let's take this observation a step further by combining Margaret's advice and mine by insisting that NPO's place a statement in the contract with the developer (you DO have a contract, don't you???) that states the developer will provide to the NPO ALL files, artwork, content, coding, etc. included in the development of the website PRIOR to, and as a condition of, payment for the final work. Make sure the contract specifies that the created work is the property of the NPO, and NOT the property of the developer. This helps to clarify exactly who owns the work, and who is entitled to it.

It's good to point out that web development contracts can differ significantly. There can be different parts of the intellectual property involved. The discussion so far has been about artwork. Artwork can be licensed or bought in a varitety of ways. Higher end designers will often charge more to buy the artwork outright or to use it in a different media. It is important to clarify at the time of contracting.

Another portion of the intellactual property can involve programming or scripting. In my experience, often working on the web development side of this, it is important to secure the right to modify your code but you may not need to own it. Forcing a programmer to re-invent the code wheel on your project instead of re-using code from other projects may drive up the cost.

Amen Brother! I had that exact experience - the webhost set up our Domain Name and everything went to them. We ran into continuous problems with their web hosting not to mention numerous personality clashes...and they charged us an arm and a leg to host the site.

When it came time to move everything I had to crawl back and nicely ask for the admin password to change our domain info and get everyting pointed to the new host.

If you don't know who is registered as your domain owner you can do a WHOIS lookup at most of the registration sites (like Register.com).