Website Maintenance

The average website owner does not think about website maintenance.  It is rarely top of mind, and for the most part viewed as either a necessary or unnecessary business expense.  This article discuses what is website maintenance, the risk of not doing maintenance, how often it should be done and what’s included in a maintenance cycle.

A website contains a database and several pieces of software all of which resides on a web server.  Just like the software on your personal computer, it needs to be updated from time to time.  Website maintenance, then, is the practice of updating the software that runs your website, and can include, updating the software that runs on the web server where your website is hosted. Website maintenance can also include looking after the content of the site to ensure that it is up-to-date and presenting correctly across the website.

The software elements on a website that need to be maintained include:

WordPress (WP): A Content Management Systems (CMS) deployed on about 40% of all websites used to build websites and create content to be published on the internet.

Theme: A set of design tools used to create the website design and control how content is displayed.  Themes often come with a library of pre-built designs.

Plugins:  Extend, enhance or add new features or functionality to the website.

Server PHP: Scripting language used to manage dynamic content, databases, and more.

When a website is not maintained it can result in:

• Increased vulnerability to malware which can affect the site’s functionality or compromise its design
• Incompatibility between software components (WP, Theme, Plugins, PHP) that need to work harmoniously
• Reduced page load times (load time is a critical Google Ranking Factor, with a goal of less than 3 seconds)
• Content missing or becoming unavailable, usually because there was a link to some content, event or a photograph on or off the website that was removed, resulting in a 404 Error Message when the visitor tries to access the content

The website maintenance updates address:

• The repair of any new issues or bugs identified since the last update
• Add new features, functions or capabilities
• Updating PHP
• And most importantly, website security against malware and other malicious intrusions by closing backdoor pathways that malware can penetrate and harm the website or database

The maintenance cycle for the most part depends on your risk profile. 

Low Risk Profile Maintenance Cycle
If the website has a low risk profile, then an annual maintenance plan is likely to be sufficient. However, given the ever-increasing risks associated with malware in today’s world, we recommend the website be updated a minimum of every 6 months, or quarterly if you can afford it, just to be on the safe side and protect your investment in your website.

Medium Risk Profile Maintenance Cycle
If the website has a medium risk profile, then a monthly or quarterly maintenance plan is recommended.

High Risk Profile Maintenance Cycle
If the website has a high risk profile, then a monthly or continuous maintenance plan is required. 

Continuous relates to the idea that throughout the month the website is inspected to see what parts of the website (server PHP, CMS, Theme or Plugins) are in need of an update and corresponding backup.

The answer is it depends on your risk profile and how critical the website is to your business operation.

If you fall into one or more of these conditions, then your risk profile is low if your website is:

• Not mission critical
• Not integral to the buyer’s journey or part of the marketing mix
• Not used for e-commerce
• Not collecting any personal identifying information
• Not required to generate leads or promote your brand proactively online
• Not storing or provide access to important or proprietary company information
• Not using landing pages related to third party Pay-Per-Click (PPC) or print adverting
• Not used in connection with internal business processes or connected to your company network
• Not in a regulated industry (finance, healthcare, etc.)

If you fall into one or more of these conditions, then your risk profile is medium if your website is:

• An important part of your marketing mix
• Integral to the buyer’s journey
• A major source of leads
• Using a form that collects and stores personally identifiable information
• Using a landing pages related to third party PPC or print adverting

If you fall into one or more of these conditions, then your risk profile is high if your website is:

• Mission critical
• A conduit to an e-commerce transaction
• The primary source of leads, registrations or subscriptions
• Connected to or contains important or proprietary company information
• Using landing pages related to third party Pay-Per-Click (PPC) or print adverting
• Using one or more forms that collects and stores personally identifiable information
• Connected to other business processes or systems on your company network
• In a regulated industry (finance, healthcare, etc.)

A discussion about maintenance would not be complete if we did not discuss malware.

A malware attack is where malicious software invades your websites software and executes unauthorized actions that can affect the design, corrupt the database, make the site inaccessible, pirate information or perform other malicious actions.  Maintenance in combination with antivirus software is the best defense against malware.

Malware and computer viruses are serious because they can:

• Take a website down resulting in reduced revenue and lost leads
• Slow down your website’s performance, frustrating users
• Take many hours of a development time to troubleshoot and scrub (remove) the malware
• Cause your website hosting company to temporarily kick you off the server (isolate you) to protect the other websites sharing the same server
• Cause your website to continuously display error messages compromising trust in your brand
• Cause Google to shut down your Google Ad campaign resulting in fewer leads or lower revenue
• Lead to search engines or browsers may display warning messages, and in worst case scenario, blacklist the website
• Provide hackers access to valuable company information or personally identifiable information

What’s included in website maintenance is determined by the website developer doing the work, the tools they use and process they follow.  So some variability can exist.

However, every maintenance initiative should at a minimum include the following:

• A restorable backup of the website and database
• Update the WordPress CMS
• Update the Theme (if used)
• Update the Plugins
• Update the server PHP (if needed)
• Remove inactive users from the system (as needed)

Additional website checks may also be done at the discretion of the developer:

• Load time speed check
• Look for and repair broken links
• Delete any SPAM that may be hidden in the CMS or database
• Verify the forms are still functioning correctly and being sent to the right person
• Review WordPress Security Logs