No matter how big or small your website is, once it’s done and launched it needs to be maintained. Otherwise you may soon incur expensive fees to catch up with the technical debt.
It’s true. We have rescued many websites and web applications that are so outdated that we needed to schedule discovery sessions to re-evaluate existing parts of those systems that simply become incompatible with modern tools and technologies.
There are different activities involved in website maintenance. The most common ones are:
Server Security Updates
If your website is running on a non-managed host, you are responsible for server patches and updates. Being on top of this activity will keep your server secure from the most common threats. Neglecting these updates will open up server vulnerabilities making it easier for hackers to take over your hosting. Under a hacker’s control, your website is at risk to activities that range from replacing its content to installing malicious software designed to deny access to your website and data until a ransom is paid.
Sometimes we need to spend a couple hours deciding how to handle some of these updates, but usually servers are updated in matter of minutes.
Software Security Updates
If your website is running over a content management system like Drupal or WordPress, or any framework like Symfony, Django and others, you’ll need to keep an eye on security announcements of the corresponding system and install security updates when they are available.
A few years ago we had to spend weeks reinstalling a new server and Drupal environment for a government agency because they didn’t follow any Drupal security updates and failed to install a patch for a serious Drupal vulnerability called Drupalgeddon, which was exploited by hackers on hundreds of websites.
This is probably the least critical website maintenance activity from a security standpoint, but it’s also quite important. The community behind content management systems and frameworks is actively improving the performance of those tools and fixing bugs. Often, these software updates are released to support server package updates such as the deprecation of an ancient PHP function.
In our experience, when we take over a project that hasn’t been updated for several months we have to spend a good amount of time installing updates and testing that all the functionality supported by the updated components is still working. Sometimes these components are so outdated that they become incompatible with other components in the system, and it’s easier to just remove them or replace them with similar components rather than trying to make them work.
We took over a Drupal 8 project that hadn’t been updated for months, and the process of just updating Drupal core to the latest version was quite challenging. When we tried to install all of the updates at once, the system choked. Because Drupal 8 changed so radically compared to its earlier versions, we had to upgrade it one version at a time, perform regression testing and address the issues after each update.
The activities mentioned above involve updates released by third parties. However, your website itself (custom functionality, design, content structure) will need to be maintained as well.
We have several website maintenance contracts with some government agencies where we extend the functionality of their websites. We use the Agile methodology to prioritize the needs of our clients and release changes every two weeks. This allows us to make progress on what is critical, and let the stakeholders use what they need quite quickly, without the need of waiting months, and spending hundreds of dollars just to discover that what they needed is now obsolete.
This is a more integral activity, that involve setting tools to monitor the health of different aspects of the server and website. For instance, some monitoring tools will trigger notifications when server resources are running low and website is about to crash. Other monitoring tools will tell you if there is a huge drop in website traffic, which could be caused by a website issue. There are also monitoring tools to find broken links in your website, so you keep your data up to date.
These are more preventive activities that complement the other ones mentioned in this article. It allows you to act on time given some conditions, rather than react to issues that are sometimes discovered too late.
Having a website maintenance contract in place will ensure you have a dedicated team taking care of your website, and will be more cost effective in the long term because most of the times updating an outdated site will cost almost the same amount of money than the value of the actual website.