IDEAS | BLOG

Your Digital Green Thumb: The Importance of Website Maintenance

In many ways, websites are like gardens: if you plant a new sod lawn and never water it, the grass will eventually wilt away. Your lawn and garden need regular watering and maintenance in order to flourish and grow, just as your website needs regular care and maintenance to ensure that it is running strongly and effectively.

Some of the biggest reasons that websites need regular care and maintenance are to ensure that the platform core and contributed modules or plugins are being updated with relevant security updates. This kind of maintenance needs to be done regularly and consistently — month over month — otherwise, your website may be at risk to bugs, broken functionality, or worse, open to a cyber attack. When you are in the final month of the building phase of a new website, you should putting a plan in place for how site maintenance will be managed once you are live.

Why security patching matters

Security patching is a code update to a site's platform core (module), one of its contributed modules, or to a plug-in being used on the site. The purpose of any one patch can be to resolve a security vulnerability, to fix a performance issue, or to repair a bug.  An open source CMS, such as WordPress or Drupal, needs to have regular ongoing patching to keep the platform core, contributed modules, and plugins up-to-date and secure. The benefit of an open source CMS is that everyone has access to the source code, which means that they can contribute to fixing issues and improving functionality. However, it also means that the source code is available to those who may be looking for opportunities to exploit it. Leaving your site unpatched essentially opens the door to hackers who are looking for software vulnerabilities.

Why you need to patch and maintain your website

The cost of maintenance is exponentially lower than the cost of cleaning up a mess from a cyber attack. Depending on the severity of the attack, you can expect to pay several thousands of dollars to fix a hacked site. In some cases, when sites have gone years without patching, the costs can be in the tens of thousands of dollars. And in many cases, your site will need to be reverted to an older backed-up copy, which means losing all content added after the hack.
All of that trouble, time and expense can easily be avoided by completing regular security patching. If you don’t have a developer on staff to manage your website maintenance, you can work with a support partner that can do it for you. Forum One’s dedicated support team currently manages security patching, hosting and website support for over 50 organizations.

Maintenance best practices

Stay on top of security updates by implementing them within a reasonable amount of time. Here are some of our suggested best practices to stay ahead:

  1. Sign up to receive notifications about upcoming security releases:
    • Drupal: you can create an account on Drupal.org and sign up for their newsletter, which includes security releases. You can also follow @drupalsecurity on Twitter.
    • WordPress: set up an RSS feed to follow the WordPress blog for updates.
  2. Implement critical or highly-critical security patches 1-2 days from their release
  3. Implement non-critical security patches within a week of their release

Looking for website maintenance support?

Forum One’s support team is here to help. Get in touch today, and we can make sure your site is up-to-date and running smoothly.