UsabilityGeek was founded by Justin Mifsud in 2011 with the primary objective of sharing knowledge that bridges theory and academic research with practical and personal recommendations on how to deliver a great user experience. To achieve this purpose, the site covers a wide array of topics that range from usability, to content creation, conversion, and business strategy.
Justin has made it a point to ensure that these topics are reflected in their articles, whether in a more hands-on approach, or described in key concepts.
Since user experience encompasses several fields, the experience and expertise of UsabilityGeek’s readership varies. Some readers originate from the web design and development community. Others operate in the educational field, while others are marketing professionals and business owners. What is common among such a varied community is the love they all share in creating a great user experience.
UsabilityGeek started off actually as a hobby blog more than anything else. It embodied what Justin considered as a mission to give something back to the community that gave him so much. In fact, the inspiration to start off UsabilityGeek came when he shared some research papers with the development team he was managing at the time and while they could understand the findings of the research, they discovered it difficult to apply it to the problems they were tackling. This gap between the wealth of academic research that is available and the lack of its application in the commercial web development world (and the nerd in him itching to start using a different CMS other than DotNetNuke) inspired him to start off UsabilityGeek.
At this time, since UsabilityGeek was a ‘hobby site’, it was essential to keep costs as low as possible. There were no long-term sustainability goals, no forecasted traffic-growth or any planning in terms of generating any income off it. In fact, the site was developed in WordPress (v. 3.1 at the time) and launched on very cheap shared hosting. The theme itself was a free ‘blank slate’ theme that contained all the code but no CSS file so as to allow maximum customization. With regards to plugins, it had many - way too many. But the same setup (maintaining WordPress and Plugin updates) was kept until disaster struck. Hindsight, the site had disaster spelled all over it from day one.
The problem with small sites is that they cannot afford a huge investment. Site owners tend to try and do everything by themselves to keep costs low. I was no exception.
Justin applied his web development skills to set up the site, modify the theme and its plugins, and implement some good security practices that he read about. This, of course is not necessarily bad, as there is a wealth of information on how one can do this.
What is bad is that most of the information is highly subjective - meaning what works for one person does not necessarily work for another. Moreover, while there is a multitude of tweaks that can be done, such as modifying the .htaccess file, salting passwords, changing database names etc. you may unwittingly modify core WordPress files and break your site. Also, installing certain plugins may result in conflicts with other plugins or mis-configurations. At one point, using the site admin credentials, it was not even possible to login to the site. Lucky for him, he had a backup.
Despite adhering to best practices, by having the most up-to-date WordPress and plugins, as well as constant monitoring of the server logs, UsabilityGeek was breached after about a year and a half of operation. Worst part of it all, is that the breach did not come from the outside but from an infected site on the shared server. Together with a colleague, Justin worked day and night in trying to remove scripts that were being generated in the header of the entire site, only for them to reappear again.
I had hit rock bottom when I received a notification via Google Webmaster Tools that the site was compromised and that users were now being shown the infamous red screen.
Faced with such a scenario, it became obvious that the problem needed to be solved - fast! The research began. This time, the search was not for a DIY article or yet another plugin but for a company that can solve it for him. This is where Sucuri began coming up in the searches.
The reasons why UsabilityGeek engaged Sucuri was that based on comments in discussion forums and a couple of reviews, they appeared as the go-to guys for security (even though they were a relatively new company at the time).
Moreover, their price was incredibly reasonable for the numerous features they were offering, including human support, and they were willing to secure the site even though we were currently hacked! So, in reality it was a no-brainer decision.
At the time, Sucuri only offered a subset of what is now the Antivirus solution. UsabilityGeek was signed up and a support ticket created. A helpful guy called Frank from the support team had managed to find a backdoor through which attackers were able to access, modify and reinfect the site. Despite being known for being hard to find, Frank managed to locate the problem, clean up the site and patch up the security. This was the beginning of a long relationship that today is stronger than ever.
Today, Justin entrusts Sucuri with all of the security aspects for UsabilityGeek as well as for his clients. He added other Sucuri services such as the Rapid version of the Antivirus, Firewall (CloudProxy) and Backups.
The Sucuri AntiVirus offered round-the-clock monitoring of all files, and settings to identify any issues. So this was already a very good start. But the best service, according to Justin, came with the introduction of the CloudProxy firewall. This service anticipates attacks such as bad bot accesses or DDoS attacks even before they reach the site. And if that is not enough, there is the added benefit that it acts as a CDN, thus improving the overall user experience - something that is essential for a site like UsabilityGeek that preaches UX.
A common misconception is that hackers are only interested in the big sites. This is absolutely not true as in the case of UsabilityGeek. It was attacked at a time where traffic was less than 25% of what it is today. Every site is appealing and every site is hackable. Moreover, small sites tend to forego proper security measures due to a lack of entrusting qualified personnel in a bid to keep costs low. This is what actually makes them an easier and more appealing target.
Today, UsabilityGeek is hosted on a managed server with Synthesis - who also entrusts Sucuri for their server-side scanning. It also has a professionally designed theme from the same guys behind the hosting solution and it runs using very few (and reputable) plugins. All coding is now carried out by a reputable web development company too. This, in addition to several security best practices. And as for Justin, well, he can focus on what he loves most - preaching about the importance of offering a great user experience!
So is this security setup impenetrable? No, probably not. But it is surely tougher to break into. And if someone manages, there is the added peace of mind that there is a team of professionals who are available 24/7 to fight back. And that team is called Sucuri.