Your Digital Green Thumb: The Importance of Website Maintenance
In many ways, websites are like gardens. If you planted a new sod lawn and never watered it, the grass would die. Your lawn and garden need regular watering and maintenance in order to survive and grow.
Websites also need regular care and maintenance to ensure that the platform core and contributed modules or plug-ins are being updated with relevant security updates. This maintenance needs to be done regularly and consistently — month over month — or your website may be at risk for bugs and broken functionality, or even worse, open to attack by a hacker. When you are in the final month of the build phase of your new open source website, you should have a plan in place for who will take on the site maintenance.
What is security patching?
Security patching is a code update for the platform core, the contributed modules or plug-ins that fixes a security vulnerability, performance issue or bug. Open source websites, like WordPress or Drupal, need to have regular ongoing patching to keep the platform core, contributed modules or plug-ins up-to-date and secure. The benefit of open source is that everyone has access to the source code, so that they may contribute fixing issues and improving the functionality. However, this also means that the source code is available to those who look for opportunities to exploit websites. Leaving your site unpatched essentially opens the door to hackers who may find vulnerabilities in the software and potentially attack and exploit your site.
Why you must patch and maintain your website
The cost of maintenance is exponentially lower than the cost of cleaning up the mess from a site hack. Depending on the severity of the exploit, you can expect to pay several thousands of dollars to fix a hacked site. In some cases, when sites have gone years without patching, the costs can be in the tens of thousands of dollars. And in many cases, your site will need to be reverted to a backed-up copy, which means losing content that was added after the hack.
All of that trouble, time and expense can easily be avoided by completing regular security patching. If you don’t have a developer on staff to manage your website maintenance, you should choose a support partner to help you with updates and security patches. Forum One’s dedicated support team currently manages security patching, hosting and website support for over forty organizations.
Maintenance best practices
Stay in the loop on the security updates and have a plan for implementing them in a reasonable amount of time. Here are some of our suggested best practices:
- Get notifications about security releases:
- Drupal releases security updates every Wednesday. You may create an account on Drupal.org and sign up for the newsletter, which includes security releases, follow @drupalsecurity on Twitter or set up an RSS feed.
- Set up an RSS feed to follow the WordPress blog for updates
- Implement Critical or Highly Critical security patches 1-2 days from release
- Implement non-critical security patches within a week from release
Want to learn more about website maintenance? Forum One would be happy to answer any questions you might have.