Website maintenance and updates are just as important as computer operating system and software updates, but are often overlooked or not taken as seriously. Sometimes it is assumed that ‘someone else is taking care of it’. That’s dangerous logic for a website developer or agency who is hired to support business clients, as failing to perform maintenance updates to a client’s website on a regular basis can lead to vulnerabilities that can be easily accessed by hackers. This can cost the business time, money and potentially the company’s reputation.
You are probably familiar with notifications announcing that an update is available for the operating system on your computer. Many of these updates improve functionality, fix known problems, and patch holes in the code that can be exploited and lead to security breaches. Sometimes these can be set to happen automatically, and sometimes we need to use these notifications as prompts to manually go in and perform the updates. This also happens with the software installed on our computers.
Microsoft and Adobe, for example, regularly send out notices of new patches and performance updates. With other programs and applications, you don’t see the new update availability until you log into a program or visit an App Store and see the notification. It is crucial to regularly perform this basic computer maintenance to keep your operating system and software programs up to date and secure.
Security updates, performance updates, code updates, etc. aren’t automatic on websites. Some developers don’t understand the critical nature of regular maintenance updates, and some aren’t as detailed in their work, which can cause major problems for business owners who are unaware and assume that their website developer/agency is doing all that is needed on their behalf.
A True Story
Several years ago, a new client contracted with us to oversee the management of their website, along with other services. When we checked, it had been three years since the theme and plugins – or unique packages of code that extend the functionality of a basic WordPress site – had been updated. No one had updated the site’s security, renewed important security licenses, or even checked “under the hood” of the site for years! We began the onboarding process and discovered that the website had been hacked and that information had been exposed.
The situation could have been avoided if the initial developer had communicated the importance of regular, scheduled updates and maintenance with the client. The client then would have had the knowledge needed to make an informed decision to contract for website maintenance services once the site was launched. With the right resources and support in place, the breach could have been prevented.
Why Are Updates Important?
There are several critical updates that should be completed on a regular basis. These include security, coding, and performance updates. Every website has several systems and code languages that all work together to deliver a good website experience for your viewers. Like any well-built structure, each layer builds upon the layers below to function properly and stay secure.
This starts with your hosting company. Their systems and frameworks house your website files and databases and provide the conduits to deliver your website to your viewers’ screens. Depending on the hosting company and plan that you have, your hosting company may be responsible for keeping all aspects of the hosting server up to date, or you may be responsible for some of it. It’s important to have a reputable and quality host for your website.
Layered on your host’s server is your website, which is made up of many files of code and databases. If you use a content management system such as WordPress, they are continually improving and updating the code and releasing new updates regularly. Sometimes your hosting company will automatically install these updates for you, and sometimes you need to do the updates. It’s important to know who is responsible and ensure that updates are made soon after release, as they often include security updates.
Your WordPress installation may have a purchased or custom-built theme on top of it. It too, has potential updates available, and checks should be made to ensure that the code in the theme stays up to date and compatible with the current version of WordPress on which it is running.
Your website may also have a series of Plugins installed. These are unique packages of code that extend the functionality of a basic WordPress site. These could be things like a slideshow, forms for your viewers to fill out, a specialized calendar of events, a company directory, or items that work in the back end like one that performs security checks. All of these plugins need to have code that works with the current version of the theme and core WordPress Core versions. It’s critical to make sure that only current quality plugins from reputable authors who are actively maintaining them, are used. Abandoned plugins from authors who no longer update the code are one of the biggest entry points for breaches.
All updates, including security updates, on website frameworks, themes and plugins are vital to keep your site out of the hands of hackers and cybercriminals. With each new virus, trojan, or malware released, companies and code authors work hard to figure out a counter attack and defense. Security code updates provide you with these virtual shields to protect your site. Cybercriminals and hackers know that many people don’t login to their websites regularly, or even know what to look for in abandoned themes and plugins when they do login occasionally. These hackers are on the lookout for coding loopholes and send out their bots to find sites with outdated code – they are easy targets to infiltrate. They can place malicious code on your site, hack into it, or disable it. Then you are left with an expensive and frustrating problem to fix.
When update alerts appear, take action. It only takes seconds to perform an update but hours to fix problems caused by ignoring update notifications.
At Dashboard Interactive, we take your website’s security and maintenance seriously.
The following are some of the maintenance tasks we perform each week on the client sites we maintain:
- Review all notifications.
- Create backup according to schedule (database backup each week, monthly backup of entire file structure).
- Download and store backup off-server.
- Perform updates on any plugins whose author has sent notice of updates, and then test.
- Perform updates on theme files needed, test.
- Update any core platform versions available, test. (If the host has auto-updated the core version, perform testing.
- Look at new form entries, remove any spam.
- Review Users and permissions to ensure none were created or altered without us knowing.
- And much more.
It takes this level of detail to properly manage a website and if your development resources go to this level of detail, you’re in good hands. If not, your website could be at risk.
Everyone Is a Target – Take Action
The FBI states that computer crimes, including removing spyware, malware, and malicious code, costs businesses $67 billion. Small businesses and nonprofits tend to be criminal targets because they lack the resources to fight back when attacked.
Don’t be a statistic. Find knowledgeable website maintenance and development support. If you don’t know of qualified resources, feel free to contact Dashboard Interactive. We are happy to help. Updating and maintaining all aspects of your website is too important to be left for another day.