3 Essential Insurance Policies for eCommerce Sites

Using a quality managed WordPress hosting provider goes a long way towards keeping your site in top shape. For example, most managed hosting companies will provide:

• automated daily backups of your site
• staging sites or development areas for testing
• great support
• sFTP access

However, using a good managed hosting provider doesn’t cover all of the issues that can arise while running an eCommerce business. Backups can fail or get corrupted, plugins or themes can break, custom code needs to be maintained, or sites can be hacked. This issues are the ones that you need to protect against as your site becomes more valuable that aren’t covered elsewhere, and there are some premium services or plugins that can help you do so.

Does creating these insurance policies for yourself make sense if you only have a few orders per day? Probably not. However, these are some things you should definitely think about as your site grows. For example, if you lose 6 hours of data on your site, how much is that worth to you? $100? $1000? $5000?

As your potential losses grow, protecting your site against a host of poor scenarios, such as data loss, bugs or conflicts that can take your site down, and security issues, becomes more important and worth the associated costs.

Here are three “insurance policies” for eCommerce sites that you should be thinking about or investigating as your site becomes more valuable.

Hold the phone here, Beka: don’t you already say your hosting company should take care of this?

I absolutely do. I typically only recommend hosting companies that take automatic backups of your site, and these are usually done each day. It’s imperative that you have a backup on hand if something drastic happens to your site so you don’t lose lots of data. There’s absolutely no question that you should have backups available for your customer accounts, orders, and other vital information.

However, these backups may not be enough, and shouldn’t be your only copy; they cover about 80% of what you need in terms of backups. You still need a backup insurance plan.

Don’t think you need a second set of backups? This is a real situation in which my company’s backup plan made a huge save for a former client, even though the client was with a top-notch hosting provider.

We saved the client thousands of dollars and countless hours of headaches and angry customers because we had an insurance policy.

To insure your backups, I recommend an automated system such as VaultPress or BackupBuddy. I like that VaultPress lets you do realtime backups so your backup is always up-to-date, but it requires a monthly subscription (though at a pretty nominal price point). In the situation above, we used VaultPress’s realtime backups in the Basic plan to save the client’s data.

BackupBuddy requires a yearly license purchase and will allow you to schedule daily, weekly, or monthly backups to your “BackupBuddy stash” or your own offsite storage (Dropbox, Amazon S3, etc).

Redundancy in backups is your insurance policy. If you can’t afford to lose your data, then you can’t afford to put all of your eggs in one basket and rely on only daily backups from your hosting provider alone. I typically recommend the basic plan from VaultPress for $15 per month ($165 per year), or the BackupBuddy 2-site license at $80 (valid for a year).

Site security is typically a focus for managed hosting companies, and many of them will take steps to ensure that your site is secure or help you fix security issues. However, their main business is hosting websites, not security.

While the security focus your hosting company provides is great to start, improving your site’s security as it becomes more valuable is your responsibility. Again, the important question is: how much can you afford to have go wrong? Can you afford to compromise customer data? Can you afford to lose control of your site (and could you get it back)?

If you’d like to start off with security monitoring, you can check into the annual AntiVirus plans offered by Sucuri, who’s one of the leaders in website security, which start at $100 per year.

You should also follow some general best practices on your own (and check out these tips from WooThemes):

• Use an SSL certificate, even if your payment gateway integration doesn’t require one. This protects your login credentials as well as customer data and credentials. Without one, your login / pass is sent in plain text each time you log into your site and could be subject to a man-in-the-middle attack.
  A fringe benefit is that the increased trust from an SSL certificate can lead to higher conversions.
• Try to use plugins and themes from reputable, veteran authors to avoid introducing vulnerabilities to your site (though this isn’t a guarantee that vulnerabilities will never exist)
• Delete plugins and themes you don’t use, as this code is still present on your server and could contain a vulnerability
• Keep WordPress core, themes, and plugins up-to-date
• Don’t use “admin” as your username, as this is frequently used in brute-force attacks. You should change this username, or better yet:
• Delete your first WordPress user (especially if the username is “admin”). As the first user created by WordPress is always an administrator, this gives would-be hackers valuable information about your site: a user with id=1 is an administrator. Change this to a subscriber or just delete it after making yourself a new administrator account.

There are also some helpful free plugins to secure your site. For example, BruteProtect (soon to be a part of Jetpack) is designed to protect against brute force attacks. You can also check out Sucuri Scanner or Wordfence for more complete security solutions.

What do you do if you upgrade a plugin or theme and it looks different or stops working? What if you change or update something and you see completely white screen or can’t access anything? What if you’ve added custom code to your site but now need to make changes or upgrade? How do you update a plugin or theme via FTP instead of via the WordPress admin?

If you already know how to handle these situations, that is spectacular. If you don’t, then you may need some help managing your site. While WordPress can be easy to manage for many industrious eCommerce entrepreneurs, this management may become more difficult as your site grows, and you may have to treat it with more care since breaks will cost more money.

How long can you afford to be down if there’s an issue? Can you afford 1 hour? 6 hours? 12 hours? You’ll need to determine, based on how active your site is and how much revenue it generates, what kind of support and maintenance policy your site needs. For example, if you can afford to wait some time, you could use the support included with your site hosting, plugins, and / or themes to try to sort out potential issues, but you may have to go between several services.

The downside to this is that the ultimate responsibility for your site lies with you. Your host doesn’t have to fix issues related to plugins or themes. Theme and plugin developers don’t have to fix or support customizations you’ve made or had done. Support from these services is not instantaneous, and you may need to have someone that answers a panic button, or worries about maintenance and issues so you don’t have to.

Someone needs to be responsible for your site’s well-being, and it’s either going to be you or someone you hire to worry for you.

If your site generates significant revenue, you may have a site administrator (or want to hire one). If not, then you should think about outsourcing your site maintenance to a developer or maintenance company. This ensure that, if issues ever arise, someone perfectly equipped to handle them is ready to do so.

If you hire a developer, think about purchasing a block of time each month to devote to checking in on your site, performing updates or maintenance, and answering any questions you have. Chances are that you won’t need someone on staff to maintain your site at first, so a retainer for a developer can cover a lot of scenarios.

You can also choose to subscribe to a maintenance service. Each service covers different things, so I’d recommend checking out these tips and questions from Post Status on what to look for with a support and maintenance service. You’ll want to know things like: if the service includes eCommerce sites, what kind of support and development questions are answered, or if regular updates and major plugin / theme upgrades are included.

This takes the worry about site maintenance off your mind and ensures that someone is responsible for your site. You can typically subscribe to maintenance services from about $40 per month to custom pricing for enterprise plans. Here are some reputable services to check out:

• WP Maintainer
• WP Butler
   

The best part about a maintenance service is that many will also be able to help with issues we’ve already discussed, such as security and backups. For example, all Maintainn plans include a Sucuri subscription and daily backups. While I’d still use something like VaultPress for real-time backups, having someone else to worry about and maintain your site can greatly simplify your life as an entrepreneur.

If you don’t plan for the worst-case scenarios with your site, you’re essentially self-insuring it. While the costs of doing so may be low and you can afford them while your site is small, these costs grow as your revenue does.

If the cost of your site going down or losing data is greater than you can (or want) to pay, investing in insurance policies for eCommerce can be a wise use of cash each month. Backups, investments in security, and routine maintenance can help to guarantee that you won’t suffer catastrophic losses when issues arise with your site.