Having a website: It's a responsibility. While modern content management systems make it easy to manage your website, they also require ongoing maintenance to keep them secure and performing well.
Having an out-of-date website is the leading reason a site will get hacked. During the first quarter of 2016, Sucuri found 75% of the sites they cleaned were out-of-date. A hacked website puts both your business and your customers at risk. Compromised sites often serve malware, or participate in botnets, and face penalties in terms of both search rankings and email-sending reputation.
While it requires effort and investment, it is possible to keep your site properly maintained.
For Every Site
For every site on the web, whether using a third-party platform or hosting it on a server you control, there are things that need to happen on a regular basis. Using fjorge's website maintenance process, developed over years of personal and professional website management, we have laid out the steps you need to be taking.
Have a Process
Website maintenance is the oil change to the car that is your website. Much like the sticker on your windshield reminding you when to get it changed, implementing these steps as a process at your company is the best way to drive value out of it. While ad-hoc updates and checks do still have value, having a documented monthly process will drive accountability and keep anything from falling through the cracks. The month you miss doing updates could very well be the month your contact form plugin gets hacked.
Stay Up to Date
Keeping your site, plugins, frameworks, and server up to date is the biggest step you can take to secure your websites. During the first quarter of 2016, the top three outdated plugins were responsible for 25% of all WordPress breaches.It is important to regularly check for updates to your plugins and your core site frameworks. These updates often contain security patches, and applying them to your site in a timely manner will close the window for intrusion. When new vulnerabilities are discovered in common web frameworks, hackers will scan the internet for sites that are vulnerable—you want to make sure your site isn't on their list.
Many frameworks and plugins offer email, Twitter, or other alerts that you can subscribe to. These offer instant notice of important updates and are an effective way to stay ahead of bad actors.
Make Backups of Everything - And Make Sure They Work
Backups are the cheapest insurance policy you can buy. Storage is cheap, and compared to the hours of employee (or agency/contractor) time that will be needed to bring the site back—if it is possible—it is a bargain. All it takes is a simple misclick to cause serious damage, and having a backup means that you can recover quickly.
For most websites, there will be two main components that need to be backed up: the site files and the database. The site files include your framework, plugins, theme, design, customization, and many other key items. The database refers to the storage engine utilized by your website to store information, such as site content and configuration. Depending on the complexity of your website, more sophisticated backup solutions may be needed.
There is a saying in the IT world: “A backup is only a backup if it can be recovered.” It is important to test your recovery process with an actual backup, from a worst-case scenario. Make sure that you can get the site up and running and that the entire process is documented in a known location.
Monitor Your Site’s Uptime and Speed
There is a fact that many web companies don't want to admit: Websites go down. Whether it is a datacenter that got struck by lightning or a rodent chewing through a fiber-optic cable, or something more mundane, no website is up 100% of the time. Therefore, it is imperative that you monitor your site’s reliability so you are alerted when it's down and can react accordingly.
Site speed is a key indicator to both customers and search engines alike. Google is supporting sites that are mobile-friendly with a special tag and better rankings. 47% of customers expect a site to load in two seconds, and 40% will abandon the visit if it takes more than three seconds to load.
Stay Compliant With Laws
Know About WHOIS Privacy
When you first signed up for your domain, you had to provide your email, phone number, address, and more. This information is displayed in a query and response protocol called WHOIS. Hiding your personal information in the WHOIS can and should be done to protect your privacy. You can do this by buying WHOIS privacy from your domain registrar, which will replace this information with that of a third-party agent who handles incoming communication.
Other important items to keep in mind:
Back Up DNS InformationDNS is the system that connects URLs with IP addresses throughout the website, so the entire user experience is dependent on DNS. DNS is also involved in your email system, as well as other critical infrastructure.
Set an Alert for Domain and SSL ExpiryDomains and SSL expire one to five years after registration, so it can be easy to forget when it is time to renew them. Find out when they will expire on your website and set a reminder for yourself. Make sure multiple people are alerted to their expiring, and utilize auto-renewal services whenever possible.
Watch AnalyticsA variety of analytics tools track your visitors’ journey through your website, as well as provide insight into how successfully ads, videos, social tools, devices, and more are driving traffic to your website and accomplishing goals. Keeping an eye on traffic trends can be an early indicator of how changes affect your site, or can alert you to a problem—sudden declines in a metric will usually indicate the onset of a problem with a marketing channel or technology change.
Understand Search TermsConduct keyword research to understand what your visitors are seeking and how they’re phrasing their searches, then be sure to use those terms in your content. If you notice a decline in traffic to pages on your website, it may be time to update your content or rethink your digital strategy to cater to what your visitors are looking for.
If You Have Access to the Server
If you are also responsible for the server hosting your website, you have an even bigger responsibility on your shoulders. In addition to all of the above, you need to follow the same core process for your server: secure it, keep it up to date, follow best practices with administration, and stay up to date on security news. Servers are valuable targets for bad actors. In addition to giving access to the website, servers can offer access to sensitive data, or even offer a pivot point into the internal company network. Server administration is outside of this guide; seek out proper resources for your specific server configuration, whether internal or contracted.
Website maintenance can be a daunting task, but it is the key to your website being a valuable asset for the company. Without proper maintenance, you can face issues from slow speeds to hacked customers, or website data loss due to data corruption. Whether you create the process internally, or utilize an outside resource for your website maintenance, invest in keeping up your company's web presence (and get your oil changed!)
Mitch Hislop is the digital strategy lead at fjorge, a website development company based in Minneapolis, Minn. Visit fjorge's website to learn more.