Website decay keeps me up at night. Only one CMS helps me to sleep soundly…
When a website is first rolled out it’s like a shiny new car coming off the production line. It has all the latest and greatest features you could think of at the time, with the best available plugins and libraries out there. It’s fast, sleek and everyone is happy driving the new machine. But like with any car if you don’t maintain it, the wheels can literally start to fall off.
Maintenance issues occur often with free / open source CMS’s such as WordPress and Drupal. Frequent updates are rolled out for the cores of these platforms to improve functionality and keep them secure. Every single plugin that has been used will have a similar number of releases to ensure they remain compatible and secure. There is often a button that says “click here to update” but quite often hitting this button can crash your entire site if there is an incompatibility between plugins and themes.
In WWW-land everything is evolving at a rapid pace, security issues are found on a regular basis and are often exploited by hackers to redirect users or expose their personal information if not patched quickly.
Maintenance is a PAIN!
When updating a site to ensure you have minimal down time it’s recommended you create a backup, run the updates on a separate staging or testing server to verify there are no issues before updating the live website. You then have to painfully click through and test all the core features to visually confirm nothing has broken. If something does break it’s time dust off your coding skills or drop a line to your web developer for help$.
Who can be bothered doing that? Definitely not your clients. So often it becomes our job to manage this on their behalf$.
This is generally pretty straight forward if done on a regular basis but usually over time more and more plugins are added which can really start to bog things down while the flexibility is what makes these platforms great it can also be their undoing. Which in the end takes more time and money to resolve$.
Clients often do not want to pay for on-going support (or understand why it is important). We have often handed a website over and then the client comes back complaining a few years later how it’s broken, hacked or running very slow – 90% of the time this is due to neglect / ignoring the 50+ update warnings from a year or two ago.
Most free / open source platforms have extremely weak security features – if someone gets a hold of your login details they often have full access to the site and can modify many of the files.
One of the most impressive hacks I have seen was when a client’s admin details were compromised. The hacker had added some code which would randomly redirect a very small portion of traffic (1 in 5 mobile users only) to pornography sites making it extremely difficult to detect and fix, every time we fixed it the issue kept coming back until we removed admin access from everyones accounts$.
To get better security on open source platforms you have to install additional premium plugins$ to lock it down further. Simple features like dual factor authentication for admin login is essential these days.
When I first started studying IT I loooved hardware. Upgrading, fixing things was good fun. I still enjoy it now… but only for personal projects. For work projects down time$ is an absolute nightmare and for some reason it always happens on a Friday afternoon before a long weekend. If your server is in a huge data center somewhere it’s also often out of your control and you simply need to join the support queue and hope your last backup worked.
Random outages aside, you also need to keep the software stack up to date on the server. If it’s old enough and the stack becomes end-of-life (as in no more security updates) and you need to decommission the entire thing and migrate all your websites to another server$. This is a huge pain as again you need to fully test everything to ensure the newer stack supports your old website. Most often not and you’ll need to replace deprecated functions or remove them$.
On a standard setup WordPress and Drupal do not scale very well a lot of web traffic can often cause issues especially combined with poorly coded plugins. Running a campaign that gets popular real quick? Boom your website will go down$.
Is this website running on a shared server? Everyone else’s websites will go down as well or start running very slow. You will also most likely be told to find a new host or upgrade your plan$.
If you are using a managed hosting solution where they take care of a lot of this for your bill will sky rocket$… and it still might crash.
If you have ever built a website for a large client or someone who deals with sensitive user info you will need to go through this process. Usually a 3rd party will attempt to find and confirm any security issues and give you a report with a bunch of recommendations to fix$. While this is great – it’s always sprung on you about 1 day before go live.
The real problem is they only ever seem to do it once! (usually because it’s an expensive process starting at around $10,000$) As discussed above over time new flaws get discovered – while everyone thinks they are safe after the initial report / resolution process it can leave everyone with a false sense of security.
Backups are great… when they work. Did you know they don’t always though? Often you only find out they are no longer functioning when you have an outage and jump on to see if you can pull the last backup down just in case. We actually run two seperate backup processes now$.
Do you have cyber insurance? What happens if a server you run gets exploited for whatever reason and you get sued? $
These policies often have strict requirements around firewall requirements and security review$. Which again take time and effort to keep on top of. Not to mention there are less than a handful of Underwriters willing to take it on…
So what actually keeps me up at night…
Mainly the thought of having an unhappy client from any of the above potential often completely random issues.
If you have worked as an agency or a developer for a while you probably have quite a few projects out in the wild. Let’s say you create one new website per month over five years. That’s 60 sites you will be responsible for. Server goes down, a massive new security flaw is discovered and you’ll be dropping what you were working on to try and sort that out. It really ruins your day and usually your weekend! It’s also not profitable work even if you have a retainer in place as you could easily spend a few days trying to resolve an issue.
What doesn’t keep me up?
Websites built on the HubSpot CMS. I literally don’t have to worry about any of the above. Our team can focus on being great web developers without having to worry about the underlying infrastructure. It also frees up a lot of my time to focus on other aspects of our business (like writing whiney articles). I also no longer have to spend time fighting fires on random technical glitches or issues. Worst case I have to open a support ticket with HubSpot.
You might have noticed a few little dollar signs all through the article above. People are often ask us to justify the price of the HubSpot CMS hosting as they are usually comparing it to a $9.95pm shared hosting plan. But once you start to factor all of the above you are getting quite a lot for your monthly fee + a great night sleep.