Many businesses, especially those that manage their websites internally, often ignore website maintenance. This can be a very costly mistake.
Website maintenance is often overlooked by many business owners, and this can have serious negative consequences for the website and the business. Website maintenance is not website development and is not SEO. Website maintenance includes activities to make sure the website continues running smoothly, without any security issues.
Website maintenance is primarily an issue for websites run on standalone content management systems such as WordPress, Drupal or Joomla and less so for website builders such as Squarespace or Wix. This is because website builders tend to be updated automatically and much of the security is handled centrally by the website builder servers. For traditional CMS websites such as WordPress, Drupal and Joomla, an active website maintenance program is essential.
These opensource CMS utilise themes, plugins and extensions to allow the website to deliver the required functionality. Each of these elements represents a vulnerability to your website stability and security. Whether you look after the website in-house or use external agencies, it is important that someone is responsible for website maintenance. Your SEO support is probably not doing website maintenance!
Basic website maintenance services
Website maintenance, which is normally carried out on a monthly basis should include the following standard activities:
- Check all themes, plugins and extensions have been updated;
- Carry out a security screening (often this is an ongoing activity);
- Back up the website files (off server).
Sometimes plugins become obsolete so need to be removed and replaced. Leaving them in place increases the risk of a security breach and potential website instability.
So, what type of security breaches or website instability are we talking about?
Typically, websites are hacked to install malware or ransomware. Ransomware is obvious – bad actors either take your website down or threaten to take it down in an attempt to extort money. This can kill a website overnight. Never pay a ransom. This is where backups are vital. If a recent backup is available, with the help of an IT specialist the website can be largely recovered in a relatively short period of time.
Malware can take various forms, although stealing customer data is a common type. As an example, we recently experienced a situation where the website of a potential new client was being hijacked and redirected to a betting website. The owner was completely unaware – a classic example of in-house website management overlooking the need for regular maintenance. Such malware can greatly diminish website performance through reduced speed, lost keyword rankings and traffic, and lost customers through poor website experience. Even if website management is being carried out, it is important that the person responsible knows what to look for.
Not updating plugins and security breaches can reduce website speed and cause instability, meaning the website may crash temporarily or permanently. Sometimes even when plugins are regularly updated, incompatibility issues between plugins can cause instability, which is why websites need continuous monitoring.
What website security should you have in place?
From a security point of view, a number of essential checks should be in place:
- Make sure your domain is on auto-renew to stop someone taking it;
- Ensure the website uses HTTPS;
- Make sure the website host (server) has a high level of security protection and backs-up data;
- Make sure there is an off-site back-up of the website;
- Ensure all CMS and plugins are up to date;
- Website users should all have unique, complex passwords;
- Two-factor authorisation (2FA) should be in place;
- Website access should be limited to essential personnel, with controlled levels of access;
- Captcha must be used for form submissions;
- Browser software should be kept up to date;
- Virus/malware protection should be installed on computers.
But the essential action is to make sure you have a specific maintenance and security plan for your website. You can’t afford not to.
Dr Phil Ridley, Director, Bug Doctor Media
