The Ultimate Guide to Maintaining Your Website
The Ultimate Guide to Maintaining Your Website
Having a website: It’s a responsibility. While modern content management systems make it easy to manage your website, they also require ongoing maintenance to keep them secure and performant. Website Maintenance is the ongoing process that will keep it up-to-date, secure, and loading fast.
Having an out of date website is the leading reason a site will get hacked. During the first quarter of 2016, Sucuri found 75% of the sites they cleaned were out-of-date. A hacked website puts both your business and your customers at risk: compromised sites often serve malware, or participate in botnets, and face penalties in terms of both search rankings and email sending reputation.
While it requires effort and investment, it is possible to keep your site properly maintained. Whether you leverage one of our website maintenance plans, or run the process yourself, make sure someone in your organization is keeping your site up to date.
For Every Site
For every site on the web, whether using a third-party platform or hosting it on a server your control, there are things that need to happen on a regular basis. Pulled from our own website maintenance process, developed over years of personal and professional website management, we have laid out the steps you need to be taking.
Have a Process
Website maintenance is the oil change to the car that is your website. Much like the sticker on your windshield reminding you when to get it changed, implementing these steps as a process at your company is the best way to drive value out of it. While ad-hoc updates and checks do still have value, having a documented monthly process will drive accountability, and keep anything from falling through the cracks. The month you miss doing updates could very well be the month your contact form plugin gets hacked.
Make Backups of Everything – And Make Sure They Work
Backups are the cheapest insurance policy you can buy. Storage is cheap, and compared to the hours of employee time (or your agency/contractor) that will be needed to bring the site back – if it is possible at all – it is a bargain. All it takes is a simple misclick to cause serious damage, and having a backup means that you can recover quickly.
For most websites, there will be two main components that need to be backed up – the site files and the database. The site files includes your framework, plugins, theme, design, customization, and many other key items. The database refers to the storage engine utilized by your website to store information, such as site content and configuration. Depending on the complexity of your website, more sophisticated backup solutions may be needed.
There is a saying in the IT world – “a backup is only a backup if it can be recovered”. It is important to test your recovery process with an actual backup, from a worst-case scenario. Make sure that you can get the site up and running, and that the entire process is documented in a known location.
Stay Up to Date
Keeping your site, plugins, frameworks, and server up to date is the biggest step you can take to secure your websites. During the first quarter of 2016, the top three outdated plugins were responsible for 25% of all WordPress breaches.
It is important to regularly check for updates to your plugins and your core site frameworks. These updates often contain security patches, and applying them to your site in a timely manner will close the window for intrusion. When new vulnerabilities are discovered in common web frameworks, hackers will scan the Internet for sites that are vulnerable – you want to make sure your site isn’t on their list.
Many frameworks and plugins offer email, Twitter, or other alerts that you can subscribe to. These offer instant notice of important updates, and are an effective way to stay ahead of bad actors.
When there is an update available, it should be applied as soon as possible. If you have a test environment for your site, you can use it to verify the update first. Should you have a highly customized environment, you may require more manual care to apply the update.
Monitor Your Site: Uptime, Speed, Security
There is a fact that many web companies don’t want to admit: Websites Go Down. Whether it is a datacenter that got struck by lightning or a rodent chewing through a fiber-optic cable, or something more mundane, no website is up 100% of the time. Therefore, it is imperative that you monitor your site’s reliability, so you are alerted when it’s down, and can react accordingly.
In addition to monitoring your site’s uptime, you should also be monitoring it’s security and speed. Regularly use tools such as PageSpeed Insights and Sucuri to keep your site running quickly and safely. These tools will alert you to issues with your site, and help provide next steps to improve the situation.
Keep Your Speed Up
Site speed is a key indicator to both customers and search engines alike. Google is supporting sites that are mobile-friendly with a special tag and better rankings. 47% of customers expect a site to load in 2 seconds, and 40% will abandon the visit if it takes more than 3 seconds to load.
Utilize tools, such as Pingdom and PageSpeed Insights, to identify slow parts of your site, and work to improve them. Every little bit helps – you don’t need to get a perfect score to get benefits.
Analytics
Google Analytics is a free product that collects visitor data and can be easily installed onto your website. Google Analytics tracks your site visitors from the beginning to the end of their journey through your website. It provides insights on how successfully ads, videos, social tools, devices, and more are driving traffic to your website and accomplishing goals. Google Analytics paints a picture of who your audience is, how they navigate to your website, and what they do once they get there. Keeping a close eye on the performance of your website, and whether or not you are accomplishing your goals, provides you with insights on what updates might be necessary to improving your site. It can also help you identify and avoid problems before they become hazardous to your website. Keeping an eye on the traffic trends can be an early indicator of how changes affect your site, or can alert you to a problem – sudden declines/negative changes in a metric will usually indicate the onset of a problem with a marketing channel or technology change.
Search Changes
Make sure that Google is displaying your website for the correct search queries and get error alerts when it isn’t with Google Search Console. Every time you create a new page, use Google Search Console to get insights on which search terms are leading people to your website, and if Google is interpreting your content in a way that is desired by you. If you notice a decline in traffic to pages on your website, it may be time to update your content or rethink your digital strategy to cater to what your visitors are looking for. Google Search Console also lets you monitor how Google views your site, and how their search bot crawls through the site. Using this information, you can make sure every needed page is reachable, see how a single page is rendered to Google, and use the Search Console to submit changed sitemaps. Google accounts for massive amounts of traffic to the average website – make sure that it is properly viewing, parsing, and utilizing yours.
Set an Alert for Domain and SSL Expiry
Domains and SSL expire 1-5 years after registration, so it can be easy to forget when it is time to renew them. Find out when they will expire on your website and set a reminder for yourself. Letting a domain or SSL expire can have severely negative impacts on your website – if either one expires, it can create problems in the short term (visitors experiencing issues getting to your site) as well as the long term (ranging from loss of visitor trust to the loss of the domain name). Make sure multiple people are alerted to their expiring, and utilize auto-renewal services whenever possible.
Compliance With Laws
Make sure you know which laws and regulations your site needs to comply with, and ensure all relevant policies are followed. For the average site, work with your legal team on your Terms of Services and Privacy Policy. These two items are needed by nearly every business site, and can be forgotten in a redesign. Make sure to include stakeholders from Marketing – they often utilize tools, services, or platforms which require additions to these documents. If your website is conducting e-commerce, you must comply with the Payment Card Industry Data Security Standard (PCI). PCI is a security standard that controls credit cardholder data to reduce fraud. Continuously monitoring and enforcing the standards mandated by PCI is the best way to maximize the security of cardholder data. Learn about specifics here. To keep your website and business up and running well, make sure you are complying with these laws.
WHOIS Privacy
When you first signed up for your domain, you had to provide your email, phone number, address, and more. This information is displayed in a query and response protocol called WHOIS. Hiding your personal information in the WHOIS can and should be done to protect your privacy. You can do this by buying WHOIS privacy from your domain registrar, which will replace this information with that of a third-party agent, who handles incoming communication.
Backup DNS Information
DNS is a critical component to ensure that your website stays up and running correctly. DNS is the system that connects URLs with IP addresses throughout the website, so the entire user-experience is dependent on DNS. DNS is also involved in your email system, as well as other critical infrastructure. It is a protocol that can have issues from time to time. Keep a backup of your DNS info, which will help make outages and migrations easier. If you have a business-critical site, consider utilizing multiple hosts for your DNS, or have a self-hosted server. The DNS protocol allows for failover to secondary servers, so utilizing multiple hosts will prevent an outage at one host from taking your site offline.
If You Have Access to the Server
If you are also responsible for the server hosting your website, you have an even bigger responsibility on your shoulders. In addition to all of the above, you need to follow the same core process for your server: secure it, keep it up to date, follow best practices with administration, and stay up to date on security news. Servers are valuable targets for bad actors – in addition to giving access to the website, servers can offer access to sensitive data, or even offer a pivot point into the internal company network. Server administration is outside of this guide – seek out proper resources for your specific server configuration, whether internal or contracted.
In Conclusion
Website maintenance can be a daunting task, but it is the key to your website being a valuable asset for the company. Without proper maintenance, you can face issues from slow speeds to hacked customers, or website data loss due to data corruption. Whether you create the process internally, or utilize an outside resource for your website mainteance, invest in keeping your company’s web presence (and get your oil changed!)
