It’s a jungle out there

I see it all the time. A company pays good money to have a website built, but within a few years, the site is broken, slow, and maybe even taken over by unethical hackers with unscrupulous agendas.

The problem? They did not maintain their website.

As Bad as it Gets

I ran across a real nightmare case a couple of days ago. I wrote a letter to the company to inform them of the issues. I tried to contact them by email, but the address listed on the site was broken.

At first, the site looked modern and nice, with a splashy drone video header background. But it did not take long to discover major problems. Less than a couple of years old, it already had significant “bitrot” due to a lack of maintenance and updates:

The first thing I noticed was that their Google Maps widget was broken. A year or so ago, Google started requiring API keys and current billing information on file for all Javascript Maps API users. They are simple to get — less than a 5 minute fix, typically — but no one was maintaining the site, leading to a very unprofessional impression.

Next, I noticed that there is no SSL encryption, leading to a glaring “Not Secure” tag in most modern web browsers. Additionally, Google now penalizes sites that are not encrypted, especially if they have contact forms, or accept comments, or otherwise may induce visitors to submit personal information. With completely free SSL certificates from LetsEncrypt.org, there’s no longer any excuse for running an insecure website. Of course, the certificates must be renewed every three months, a process that is not always easy to automate, depending on how domain redirects are handled.

Again, in the modern era of websites based on common software platforms and public service APIs, maintenance is crucial.

Did They Read the Terms of Service? 

Here’s a pretty amusing one:

This video was definitely not this size when the site was built, I am guessing. It was likely downsized by a video hosting provider interested in saving bandwidth allocated to free account holders. Did anyone at the company notice? Not likely.

Our Website is Doing WHAT?!

 

Finally, here is the ultimate example of what can happen to neglected websites. It appears that unethical hackers have conscripted the site to promote software that helps people spy on other people’s cell phones. Talk about sleazy! No company wants something like that on their site… let alone the all-important “Contact” page!

This particular hack probably happened back in 2017, when there was a crazy-bad WordPress bug that allowed unauthenticated posts via remote API calls. It was a terrible bug, to be sure… but it happened almost TWO YEARS ago! To think that a system went unpatched for that long… it really shows how unaware a lot of companies are about the need to actually maintain websites and hosting platforms with current security patches.

While this example is highly visible, many other forms of unethical hacking are less obvious. If your website seems unreasonably slow, or if your hard drive starts inexplicably grinding every time you visit your website, there’s a good chance your web server is dishing out javascript code that is mining bitcoin on website visitor machines! If your site experiences random bouts of unavailability, or very slow performance, your web server could be part of a bot army making resource-intensive requests of targeted sites, in order to slow them to a crawl — so-called “distributed denial of service” attacks. It sounds far-fetched, I know. But it’s not. These types of issues are commonplace — for those who do not maintain their websites, anyway.

What Exactly *is* Website Maintenance?

A lot of my clients seem to think that website maintenance entails simple content updates, such as phone directory updates after personnel changes occur. That is important, but frankly, it’s the least of it. Website maintenance boils down to the following:

  1. Ensuring that available security patches have been applied to critical software components, including the underlying operating system, the content management system, and all plugins, themes, and add-ins. If you are using WordPress, it is best to enable automatic updates, in order to keep ahead of “zero day” exploits, which are those that appear in the wild on the same day they are discovered.
  2. Quality testing after each security patch application. Upgrades can and often do break stuff!
  3. Keeping automated on-system backups of the website files and database, so that any failed updates can be rolled back easily and quickly, and then manually upgraded after identifying and fixing the issue — typically an out-of-date theme or plugin that’s incompatible with the new CMA software that has been installed.
  4. Keeping automated off-site backups, as insurance against website host computer system failures and the worst sorts of hacks
  5. Registering the website with Google Search Console and related services, in order to stay informed of any problems affecting site usability or search engine placement ranking
  6. Keeping abreast of updates from any third-party APIs used on the site, be they font libraries, javascript libraries, map libraries, email sending (smtp) libraries, and so on
  7. When the software components underlying your site reach their “end-of-life,” as all components eventually do, it is time to bite the bullet and pay to have a new version of your site built, atop modern components likely to be supported by security patches for at least a three-year horizon.
  8. Where appropriate, using tools such as Wordfence to scan for malware
  9. Simply interacting with each website regularly, such as after each upgrade cycle, is invaluable in identifying any issues that have cropped up. Most clients do not have time. At Winnemucca Web Works, we do. I’m not going to claim that we click through every single link after every single upgrade… but I am proud to say that so far, after nine years in business, there have only been a couple of isolated instances where clients found problems before we did. If you pay us to keep on top of your website, we will.

How Important is it to Maintain a Website?

I hope the example above helps to illustrate how absolutely vital it is to not only have a great website built, but also to make sure that it is competently maintained. At Winnemucca Web Works, we offer maintenance services tailored specifically to individual website needs, at costs that range from a few hundred to a few thousand dollars per year. We value maintenance so highly, that we have always offered free website hosting space to every client whose websites we maintain. It really is that important.