Zen and the Art of Website Maintenance
Congratulations! The website your organization has been working on with a digital agency over the past six to twelve months to define, design, and execute has launched. Now what? Your first thought may be, “Finally, I can take a break!” While it is important to take a step back from a freshly launched project in order to regroup and measure your success metrics to define your website moving forward, you also need to protect it.
The Importance of a Post-Launch Maintenance Plan
A post-launch maintenance plan is pivotal to the long term success of your newly launched site. Similarly to how you should buy a security system for your new home or lock your car doors at night — your new website must be protected.
To help contextualize the importance of website maintenance we’ll review some statistics released by Sucuri’s 2019 Hacked Websites Trends Report.
During 2019, we saw that over 60% of websites were vulnerable at the point of infection — a 4% increase from 2018. This trend indicates that website owners continue to fall behind on patching and maintaining core CMS files and extensible components.
If 60% of websites infected during 2019 had simply kept up to date with the latest core version of their chosen CMS or framework they would have been protected from those attack vectors. This also means that over half of all website hacks in 2019 were not advanced hacks like we see in the movies, but instead due to something as simple as missing a plugin or module update.
Almost half of all infected websites contained at least one backdoor. 47% of all infected websites contained one or more backdoors, allowing attackers to maintain access to compromised environments after initial infection.
Almost half of all websites hacked in 2019 had backdoors installed to allow attackers to be able to easily re-hack the same site without needing to access the site via the original attack vector. Meaning even if the compromise used in the original hack was patched, the attackers still had access to the site.
Reinfections are a common issue for infected websites. In 2019, the largest volume of website reinfections occurred for sites infected with SEO spam and generic malware. Our analysts saw 20% of infected Magento websites had been reinfected with credit card skimmers, stressing the importance for website owners to follow post-hack protection steps after malware cleanup.
Based on these few statistics alone it should go without saying that the single most important thing your organization can do to protect your newly launched site is to keep it maintained and updated. The statistics above are also centered around core CMS updates. Any plugins or modules your website uses (it is common for sites to use upwards of 20-40) all need to be maintained as well.
The thing is though, website maintenance is not as easy as clicking the update button. Similar to vehicle maintenance, unless you are well versed in auto mechanics, it is best left to the professionals. Website and server maintenance works exactly the same.
Sometimes updates can break a site due to conflicts in code. To avoid post-update issues, our development team here at WDG uses git as our version controller with the 3-tiered development, staging, and production playbook for a leveled process to thoroughly test updates and their effect on code and content, as well as allowing us to be able to roll them back if necessary.
- Account for, at minimum, six months to one year’s worth of post-launch maintenance cost into your project budget,
- Include the operating cost of a development and, if budgets allow, staging server into your project budget,
- Make sure you and your agency have agreed to and funded a post-launch maintenance plan prior to launch to ensure a smooth transition after the project warranty period comes to an end,
- Keep your site updated and protected.