This post is half a rant and half a lesson for all to learn — and 100% an exercise in bravery for saying it all. I’ll start out with the rant because I just have to get this off my chest before anyone gets hurt, and then we’ll talk about how you can avoid the same problem in your own business.
Let’s begin with a sad tale of some really, really bad "web pros". I was recently contacted by a friend of mine who works in the same market but provides different kinds of services. She had a client with a site that seemed to have some serious issues. Not being a developer, she didn’t know how to fix it — but at least she knew enough to know something was very wrong and to call for help.
After some preliminary information from my friend, I spent about 20 minutes going through the website, and then I talked to the client for a while. Here is what I discovered:
- The site had been developed and launched during the summer of 2013.
- The site had two companies work on it — the first did the initial design and launch, and the second made some sort of additions.
- Beyond some general weirdness going on, the site had some serious issues displaying for mobile. It was supposed to be responsive but broke on mobile devices.
Feeling a bit like Sherlock Holmes (the Benedict Cumberbatch version or the Jonny Lee Miller version — you can pick your favorite choice), I tried to piece together what had happened. And here it is, unfolding like the bad plot of a straight-to-video horror movie:
- The original developer pushed a site live in summer 2013 using a version of WordPress that was already 6 months old AND a version of the theme from fall 2011. Essentially, the site was outdated the second it was launched.
- When the client noticed the mobile issues, the developer then applied some half-effort CSS patches instead of updating the theme. If the developer had simply started with the current version of the theme at the time of development, the site would have been fully responsive from the start. Terrible CSS: Hourly rate, and not really a solution. Theme update: Free, and would have solved every issue.
- The second developer came along about half a year later and installed membership site software, but did it incorrectly so that it isn’t really protecting the content properly. This developer also installed some coding changes but never once mentioned that there deeper problems. (Let’s just keep slapping lipstick on that pig!)
- At the point where I had been called in, the site has been live for nearly a year using a theme that is 2.5 years old, a version of WordPress that is 18 months old, and numerous outdated plugins.
Someone who is generally familiar with WordPress would, at this point in the story, ask why the client simply didn’t update the site when she saw the update messages at the top of the dashboard. And here comes the kicker: Somewhere during the above process, those messages were disabled. That’s right, either the first developer disabled them and the second failed to mention it, or the first simply launched an outdated site and the second installed the suppression plugin without fixing the problem.
I assure you, I was floored when I discovered this. This is beyond "bad programming" — this is getting into the territory of complete negligence.
So what now? Now we’ll have to basically go back, completely gut the site, and rebuild it the right way. The site is less than a year old and will need to be entirely replaced — and quickly, before more damage is done. (The search rankings have already suffered badly, but at least it hasn’t been hacked!)
This brings me back to you. As in you, the one who owns a website. What does this entire story have to do with you? Well… regardless of what someone has ever said to you, your website requires maintenance.
If you invest in a car, you would expect to maintain it right? The same with a house. Or your fancy laptop. Or your phone. They all require things like updates and regular care. This is true with your website as well.
So what kind of maintenance can you expect? I’ve prepared a starter list for you to help you plan for the future of your site. Whether you are doing the maintenance yourself, getting help from a VA, or you have managed hosting that provides maintenance for you, you’ll need a solid plan to make sure all of your bases are covered.
Your WordPress Site Maintenance Checklist
- WordPress Updates
The WordPress software updates a lot more in recent years than it did in the past. Keeping up with the latest updates is important both for the health of your site and for its security. Some WordPress updates are feature upgrades, some are "maintenance releases" which means that they fix bugs in the previous version, and some are "security releases" which means they fix vulnerabilities in the previous version. (You can see what is what here.) Security releases are obviously the most important, but letting your WordPress version get severely out of date not only makes it more likely that you will get hacked, but it also makes updating your site even more difficult in the future. Minor updates (like v3.8.2 to v3.8.3) are now applied automatically, but you should still log in to make sure the site is working after you get an update notice.
- Theme Updates
Theme updates make it possible for your theme to work with newer versions of WordPress, fix existing problems, update your theme to current technology, fix security holes, and/or add new features. If you’re ever having issues with your site in terms of newer technology, my first recommendation is always to update your theme. There are also some themes with huge security flaws in earlier versions, so updating will save you from getting your entire site hacked.
- Plugin Updates
Plugin updates fix both security issues and add new functionality. They are important because old plugins are often a prime source for viral infection.
Every client I work with now gets a copy of BackupBuddy as a standard practice. It just saves a lot of heartache in the future if there is a solid backup plan in place. But setting up backups and leaving them is not enough — you need to log in to make sure the backups are completing properly and without errors. You also need to remove older files or your hosting account will get full after a while.
Sure there are security plugins to monitor your site for you, but it’s not enough. You’ll need to make sure you don’t have spam comments building up, registered users that you don’t recognize, errors, updates that need to be made, and so on. Routinely checking on these things can help you spot problems before they become disasters.
- Regular Checkins
A site that has been left for a while is just ripe for hacking, spam takeover, and other problems. If this site also happens to be in the same account as other sites that you are using, the infection can spread to all sites and you’ll find yourself with a disaster on your hands. Sometimes the best defense to problems is just keeping your eyes open and not letting a site sit unattended. If you have an old site that you no longer wish to maintain, perhaps you should consider backing it up, downloading the backup, and then deleting the installation. (It’s much safer than just letting it sit!)
Having your site designed?
You can use the above checklist as a guide to start the discussion with your new designer and/or developer. Turn the checklist into a list of questions you can use to start the discussion and create a plan for your site after it launches. These questions can include:
- Will all my software be updated at launch?
- Who will provide ongoing maintenance with my site?
- Can you teach me how to maintain my site?
- Will my new site be updatable using WordPress Updates?
- Have you or the hosting company disabled the updates, automatic updates or notifications in any way?
- Will my new site come with schedule backups and security measures?
- Will you be removing the old copy and any development installations from my server after the launch?
What about you?
I hope you have learned something from this story, and from the tips that follow it. Have you had trouble with updates, let a site go too long, or received a new site that was already outdated? Let me know in the comments below if you’ll be doing anything differently now… and as always, questions are welcome too!