Why focus more on website maintenance?

December 5, 2019

Maintenance work isn’t what many people make high priority. It’s not the new shiny project. You aren’t starting from scratch with all the associated creative freedom. Sometimes it is simply forgotten in the stress of daily work. Often it feels like a burden and is neglected until something ‘breaks’. What for an agency such as nonfiction studios is very problematic, is for a private user very annoying, and for a business at least costly, if not potentially dangerous. Opting to stay on the safe side and keep up with maintenance has some really good points going for it as you will see. In the following you will learn methods to protect your website with proactive maintenance and more reasons why it’s a good idea.

Why bother maintaining your website properly?

We all have seen the hacker movies were a young man with a hoodie attacks a website. After some heavy and fast typing of cryptic commands he gains complete control over the website. Of course – as any Hollywood plot demands – the website is of high value. Unless you’re running a high-profile website such as a government website, Amazon or eBay, you probably feel safe assuming “Who would care enough to hack my small website? Who would see enough value to attack it?”.

 

Unfortunately, there is something wrong with the image Hollywood portrays here, and it doesn’t make it easier for website owners. In reality, a bad guy seldom sits around and actually analyzes your site by hand; automated bots circulate around the Internet doing the dirty work. One by one they attempt every possible hack known. Bots work relentlessly without breaks. No human input is needed to check one website after the next for weaknesses.

 

Along the way bots collect personal data to sell or use for further attacks. Sounds pretty grim? Yeah, it isn’t nice. But there is a way forward: maintaining your website properly, which is much easier than you think.

Wait a second, I’m not running some small old software. I’m running a WordPress site. This should provide some security, right?

Not really. In reality, quite the opposite is the case. The more popular the software you are using, the more interesting it gets for bad players too. The effort to build a bot that checks sites for vulnerabilities makes much more sense for a million websites than for a hundred.

 

According to statistics, WordPress had not only the biggest market share of content-management-systems (CMS) worldwide, but it also was the most attacked software. Around 90% of all CMS websites hacked in 2018 were running WordPress. Regularly upgrading your WordPress site and only using popular plugins will keep you on the safe side.

It actually not only makes your site safer, it also makes it faster and gets you more visitors.

Keeping your site up to date doesn’t only improve the security. Very often it makes your site perform better. Newer versions of libraries and programming languages are often faster. With an upgrade from PHP version 5.6 to version 7.3 you can gain over 100% improvement. Not bad, for something you get along the way.

 

Higher performance means visitors are less likely to leave your site. Google is a known fan of speed and rewards fast websites with better positions in its results.

How is maintenance usually done?

Traditionally, maintenance is a developer task. The developer would upgrade the components the website is made from, test the website and deploy the new version to production. Sounds technical, but it is actually pretty logical. No website is built from one piece of software only. It’s composed from a set of different software libraries (often called “components”, “packages” or “modules”).

 

These libraries, together with core software and the programming language itself all need regular updates. While the upgrade of the programming language needs changes to the server, the libraries can be updated fairly simply and fast. The process depends on your CMS.

How do I upgrade my WordPress sites?

WordPress comes with a built-in automatic update mechanism. This was introduced due to the very high numbers of vulnerable websites around the internet. It depends on your use-case and website if the automatic updates are the right decision for you.

 

Generally speaking, automatic updates work most of the time. This being said, in some rare cases it might end up breaking your website. If you have a so-called “staging”, “testing” or “development” environment you should try the update there first. It might protect you from damaging your live website and save you a lot of stress.

 

Even if you do have a second environment in which to try the update, always take a complete backup before starting your upgrade. This can either be done by your hosting company or using a trusted backup plugin. If you are in doubt, contact the support of your hosting company.

 

If your developer is too busy or you simply want to try the manual update path read about it before you get started.

How does it work with other systems, such as the SilverStripe CMS?

Most content-management systems use some sort of package management, for example “composer”. Usually this means you require support from your developer to identify if your site needs an update or not and process the update.

 

Besides WordPress, nonfiction studios use the SilverStripe CMS. It comes with a handy tool for non-developers to learn more about the maintenance state of their website. The “SilverStripe maintenance”-module allows website administrators to view version and security information in the CMS. Packages are regularly checked for pending updates and newly identified security issues are highlighted. This enables website administrators to proactively monitor their website and respond before anything happens.

 

The steps of updating the components, and testing and deploying them are still tasks for your developer. This keeps you safe from accidentally damaging your website. This module is intended to be used as an option to keep an eye on your websites’ state and give your developer a friendly nudge now and then.

 

This article was written by Peter Thaleikis. He is working with nonfiction studios on SilverStripe projects. Most recently, this included finishing an upgrade as well as the on-going maintenance of a SilverStripe website for a government agency in Alberta. Before, he worked with government agencies in New Zealand on SilverStripe websites. The SilverStripe team and Peter also developed the maintenance module mentioned above. Besides this, he runs his own development company “bring your own ideas” and maintains a number of side-projects, such as startup name check.”