Today's Websites are a complex symphony of different technologies that depend on vast ecosystem of services and systems working together in harmony. Like every piece of complex technology, you must maintain your Website to ensure proper function and reduce exposure to security risks. Technology and security are constantly evolving, without a proactive strategy, eventually the code that makes your Website work will soon leave you verlnerable.
When your Website doesn't work the way it is supposed to, your company looks bad and your visitors go elsewhere.
Why would Website code need maintenance?
There are primarily two reasons for a Website's code to require maintenance:
- Updates to service platforms.
- Discovered security vulnerabilities.
Service Platform Updates
Unless your Website runs on a server maintained by you, it is mostly likely to be hosted by a third party hosting provider. If the provider is being responsible, they are continuously updating your server to newer and newer versions of the server operating system. When a vendor updates their software, often there are changes to the way it handles the code that it runs. When your Website was built, the developer built the site to run on the server platform that was in operation at that time. But that code may not work properly in future versions. Backwards compatibility is not always possible or even advisable for the creators of the software.
Today's Websites depend on many different services and APIs ( application programming interfaces ), not just the server they run on. Perhaps yours uses Facebook or Twitter to share content or provide log in or even comments. Well these change how they work all the time, many times without warning. To ensure these services continue to work, your Website needs to be updated on a regular basis. Even a basic Website will often contain dependencies on half a dozen external services in order to function properly.
Additionally, the software used to view the site ( called an Internet browser ) is updated often, and with increasing frequency. As browser competition increases, makers such as Mozilla ( Firefox ), Google ( Chrome ), Apple ( Safari ), even Microsoft ( Internet Explorer ) are pushing new features and dropping support for out-dated technology. Your Website might have worked fine on a Windows XP computer with Internet Explorer for 10 years, but when you look at it on a Mac or even Windows 7 or 8, suddenly things aren't quite right. Drop down menus are no longer working, image rotators may not rotate.
Bottom line, if you leave your Website alone long enough, eventually something will break.
The Internet has become a hostile place for a Website to live. Spammers and hackers are becoming increasingly sophisticated and automated attacks make your Website an attractive a target. Business owners often say to me, "I don't have any customer information on my site, so I don't need to worry." It may be true that an information only Website, even a blog, may not contain information that would provide intrinsic value to a hacker or spammer, but that is not the only motivation for hacking your site. If your site is hacked, it can serve as a vehicle for attacking other sites, or even your visitors. A visitor may have their computer compromised just by visiting a hacked Website. Search engines and security software may block access to your site if it is determined to contain malicious code. Spammers may use your site to serve unwanted ads to your visitors for services and products that would make you blush.
Security is a constantly evolving mission. Software vendors are constantly releasing security updates to newly discovered vulnerabilities, and just like it is important to keep your computer patched and updated, so to is it important to keep your Website code patched and updated.
Also, what we consider a security vulnerability changes. Recently, the Payment Card Industry ( PCI ) updated their standard for how merchants handle credit cards on the Web. It used to be acceptable for a merchant to accept credit cards and transmit it to a gateway's API over an encrypted SSL ( Secure Socket Layer ) connection. As long as the merchant never stored the credit card number, it was considered compliant. This is no longer the case. As I wrote in Safer Ecommerce for Small Business, any time a credit card number touches a server, that server must conform to PCI DSS guidelines or face crippling fines. Even if you aren't processing the cards, such as using them for confirmations, reservations, or any other purposes, you CAN NOT let these cards touch your server. If you accept credit cards in any way on your Website, you need to have it checked out immediately to see if you are following the latest PCI DSS guidelines.
It's not about fear, it's about responsible ownership
It is easy to see this post as scare mongering and dismiss it as such. But if you own a house or car, do you not take care of them? Believe it or not, I've known people who didn't change the oil in their vehicle. Sure, they saved money on oil changes, but eventually the engine seized, and the repairs cost more than all of the maintenance they skipped. This is a terrible way to manage an investment.
If you own a business ( if you are reading this, likely you do ), you should understand the value of maintaining your technology. Your computers need maintenance to ensure you can remain productive. Well, your Website is often the first contact you have with a customer, and if a negative experience costs you their business, then you are hurting your business by not maintaining your Website.
A final word about being responsible with your Website. If your Website is hacked and used for spamming, or attacking others, then part of that responsibility is yours. By being an easy target and not being a responsible owner, you are contributing to the terrible state of the Web. Please, don't complain about spam if you are part of the problem.
How often should Website maintenance be performed?
The first step for maintaining your Website is to set a schedule that is appropriate. If your site is very basic, you can probably get away with a minimal maintenance schedule. If the site is all HTML and there is no server side scripting or database, then there is little that can go wrong from a security or server software point of view. However, you still need to consider updates to browsers and external service dependencies. You might consider an annual maintenance schedule.
If your Website does utilize a content management system ( CMS ) such as WordPress or Drupal, you should consider a monthly maintenance schedule. Keeping these systems to date is vital to ensure their proper function and security. Many of these systems have an alter or notification system to inform you that updates are available. While updates for a CMS can be released on a daily basis, for smaller Websites ( less than 1000 hits per month ), monthly is probably sufficient. However, if your site is very busy ( many visitors, new content, ecommerce sales ), you should consider a more aggressive maintenance schedule. Weekly or daily may be a more appropriate schedule.
For sites that have custom server side programming are a bit trickier to set a maintenance schedule. First of all, unless the developer is on some sort of retainer to continue development of the site, there probably are not any updates to install. If the site is of significant size or complexity, it may be challenging to determine what code might break with a server update, and security vulnerabilities in the code will be difficult to determine with out extensive testing. I would suggest at least a minimal schedule of every three months having a basic maintenance performed, more frequently if the site receives a large amount of activity.
So, what does a Website maintenance include?
Well, if you've noticed, there are many things to consider when it comes to maintaining your Website. As such, what a maintenance would include has a fair amount of consideration. In general, here is a list of items that should be performed on a regular basis to maintain your Website:
- Assess the current state of the site. Are there any errors? Broken links? Known bugs or security updates?
- BACK UP!! Before any changes are made to your site, ALWAYS get a fresh backup. This includes backing up the files and the database if there is one. I recommend going directly into the database and performing a full export.
- Locate and repair any current issues.
- If you use a CMS, update the core application, then any plugins. Confirm the site works properly after the updates.
- If there is a problem, try to determine if the problem is from the core or plugin. If you can't repair, restore from backup, and apply fixes and updates one at a time until the problem update has been identified.
- Once the all of the updates and repairs have been successfully applied, take a final backup so you will have the most recent copy and all of your hard work is safe.
Sounds simple, why hire a pro?
There are two reasons why an industrious business owner who is technically compitant would consider having someone else perform maintenance.
- When things go well, any one can perform basic Website maintenance. However, when things don't go according to plan, you will want someoone experienced and capable handy to help.
- As a business owner, you have so many demands on your time and attention. You must ask yourself if working on your Website is in fact the best use of your time.
Often, I meet business owners who spend valuable time struggling with their Websites, learning HTML, learning image editors, and getting frustrated. Meanwhile, these same people don't change the oil in their own vehicle. Why not change their own oil and perform other maintenance? It's not difficult. It doesn't take much time. So why do your own Website maintenance?
Relying on a professional to perform your Website maintenance will save time and headache, and it will get done quickly and affordably. And if something goes wrong, the person you would call to help is already on the job.