Is your Website's Code Safe??

Is your website's code safe, or has it been tampered with in some way? How would you even know if your website's code has been altered? Well, keep reading, because we're about to tell you!

Approximately 60% - 70% of the websites we come across do not use a code repository or version control system.  Wait... a code what or a version what?!

A code repository is a file archive or web hosting facility where a large amount of a website's source code is kept, either publicly or privately. A version control system keeps track of all changes made to your website's code and any files, and it keeps the different versions available for you to retrieve at any time. 

So, if your website has a functionality bug, or if it's hacked and your backups are deleted, then, with these two systems in place, you'll still have your website's code and file versions at your fingertips. Otherwise, you could well be left with the hugely costly and time-consuming aftermath of creating a whole new website from scratch.

Small to medium websites skip setting up a version control system in particular due to lack of knowledge and/or the ease of a 'one click' install provided by the hosting provider. Today, we'll go over all the great benefits of having a version control system to store different versions of your website.

A version control system brings many advantages, including:

  • Keeping Track of Modified Files
  • Code Deployments
  • Revert Changes
  • Source Code Audit

Keeping Track of Modified Files

This is a big one, especially when multiple people are working on a project.  The version control system keeps track of both the files that were modified and of the user who did the modifying. This allows for a code audit and approval process before updating the live website.

It also prevents developers from losing their updates or providing an inconsistent update alongside someone else's.  Say that you have two developers working on the same file-- the version control system will automatically merge the files together.  This is very beneficial and saves time!

Code Deployments

A version control system makes the website's source code more portable, and that makes it downright easy to deploy the code where it needs to go.  So, why not make your life easier?

Without a version control system, manually transferring these files can often take a long time, and files may even be overwritten that shouldn't be.

Revert Changes

Having a revision history of all the edits and changes made to a file or files is very beneficial to the development team.  If something is overwritten by accident, or if a website template was changed, no problem! The changes can be reverted back right away. Using the version control system's history reduces development time, creating a lot of financial savings in the long term!

Another great benefit of being able to revert changes is during updates to the current website. If you apply a new plugin or module update to your DEVELOPMENT website, and it breaks the website, then it's no big deal, as you can simply revert back to the website as it was before that update. Remember, ALWAYS update your development website first with any changes-- NEVER your production website.

So, using a version control system makes it easier and often faster to test new plugins and module updates.

Source Code Audit

Using a version control system makes it easy to review the production website's code and perform an audit.  When was the last time you reviewed your production website's code?  Do you know if it's been altered or hacked?

Version control also makes it easy to compare the current code's state to the last release of the website's code. This is a vital process for a worst case scenario, your website being hacked. Using version control, you'll be able to pick out which parts of your code are correct and which have been altered maliciously. 

Version Control Tools

There are two main types of version control systems: CVS (Concurrent Versions System, not the pharmacy!) and GIT (not an acronym).  They both have their strengths and weaknesses, as all systems do.  

From our experience at Trail 9, we recommend GIT.  CVS is an older style of version control.  

We have also explored GIT vs CVS in many other open source communities and Meetups.  GIT wins the debate, not only for its features, tool set, and popularity, but when working on team projects, the merging of code is much easier and much faster with GIT.

Recap

One click installs are nice and convenient, and our hosting company may back up our website's source code, but how do you verify that your code hasn't changed or been tampered with?  You can't easily validate this without a version control system.

That is why version control tools were put in place.  Version control tools help keep track of what was changed, when the changes occured, and who carried the changes out.

Version control is very beneficial when doing a security audit, when working in teams, and even when just moving the code around.

We always recommend using a version control system, and you should too!