Before doing any changes to your web site, the first thing to figure out are your goals. As a web development shop, we focus on building web sites that create measurable value for our customers, aligned with their goals.
Some common goals:
- Help me close more sales from people who I send to my web site (brochure/information)
- Bring me new customers (online marketing, SEO)
- Help me manage sales leads (CRM)
- Increase sales (e-commerce)
How you should revamp your site completely depends upon which of those goals (or whatever other goals you may have) are most important for your business at the current time.
Yesterday Drupal.org got hacked, and potentially all the password hashes on the site fell into malicious hands. According to the security team's announcement, the attack was not a result of a Drupal vulnerability, but of other, as yet undisclosed, software on the server.
Drupal has long had one of the best security track records among open source CMSs. The security team does a great job of tracking down even the smallest exploits, often removing modules that maintainers choose not to fix. The vast majority of fixes and security updates we see are protecting against "privilege escalation" -- vulnerabilities that can only be exploited by users who already have some level of administrative access.
For example, there was a webform update yesterday to close a hole that allowed somebody who already had permission to create or edit a webform, to gain full administrative access. We use webforms on a huge number of sites, but we have never set up a configuration where we give an untrusted user the power to create or edit webforms. And yet on a large, community driven site, you might want to give some people the ability to create a survey without further access. This kind of strict, detailed review leads to a project that has a high level of security baked in. It's very rare that we see the more dangerous kinds of exploits -- SQL Injection, Cross-site scripting (XSS), or Remote Code Execution.
This incident highlights that there is more to security than just the software. In this case, something else in the hosting environment provided a weakness that allowed an attacker to break in. What was it? They haven't said, so far, but we can speculate on some possibilities:
Hey, that's not what I was thinking!
That's a very common complaint customers have with developers, when they receive the result of weeks or months of hard work. And it indicates a failure of planning.
We've found nothing that works better to avoid this result than to write up and discuss user stories in detail.
What's a user story? It's a description of the process a person goes through to get a specific result, and what happens along the way.
Apparently Elon Musk ( @elonmusk ), the founder of Tesla Motors, wants to bypass auto dealerships, and has gone to the Texas legislature for special exemptions to allow him to sell his cars directly to consumers. The story is covered here: http://www.bizjournals.com/houston/news/2013/04/10/tesla-ceo-texas-elect...
I was talking with a new client the other day who spends a lot of money on Search Engine Optimization (SEO) and Search Engine Marketing (SEM) to try to get people to visit his online store. And yet his blog -- what search engines value most -- was on wordpress.com.
We have several other clients who have WordPress blogs separate from their main site. If this is you... * Cough Cough *
At Monday night's MIT Enterprise Forum event, Mark Anderson headlined a fascinating sideline discussion of the "Coming Tech Wreck."
The discussion centered around how Microsoft, Apple, Google, Facebook, Amazon, carriers, manufacturers, and others are all competing to dominate the next "platform," which they spent the first 10 minutes trying to define.
While Drupal is our primary focus here at Freelock, we've been experimenting with Ajax and rich client applications for a lot longer. The first time I used Ajax to populate a table of data was back in the days of Internet Explorer 5.5, circa 2001.
As I was bringing on more work and starting to hire employees in the mid-2000s, I built an internal task management tool called Project Auriga, and as the Dojo Toolkit hit a version 0.9 and then 1.0, I used Auriga as a playground for experimenting with single-page in-browser applications.
Chances are, whenever you do anything on any website in the world, Google knows about it. That's because half of the top million sites use Google Analytics to track everywhere you go. Nearly 2/3rds of the top 10,000 sites use Google Analytics. And out of all 186 million active web sites in the world, including a huge number of spam or parked domains, nearly 16 million of them use Google Analytics.
When I first handed John an initial disaster- an unfinished website that had to be completely rebuilt, he took all in stride and developed our site from the ground floor up, with speed and expertise. In addition, John has continued to take initiative in making our site to be one that we are extremely proud of. John continues to be a collaborative partner in the maintenance and continued development of AnswersForElders.com. I highly recommend him and his team for all your open source web needs.