In our last post we talked about why your company needs to have a website maintenance plan.
A website is an investment in your future, and one that requires upkeep. Deferring this upkeep can lead to security vulnerabilities, and the loss of your clients’ trust. It can even lead to the outright loss of your website! Even the smallest of issues can compound into a monster of a headache — the kind that you truly cannot ignore, and one that will cost you far more than putting the “fix-it” hours in to begin with.
Not all website maintenance tasks are created equal, however. There are some that, if ignored, won't even waste their time as compounding issues — they'll come straight out of the gate in the form of a migraine the size of a Mack truck.
Here's the four website maintenance tasks your company cannot afford to ignore.
1. SSL Certificate Expiration
We've all come across it one time or another. Instead of a website we want, we are greeted with an exclamation point, a red triangle, and an ominous warning: “Your connection is not private.”
Though there can be several reasons for this message, it's important to know two things: the first is that the warning is serious, and one that you should heed; the second is the most common cause is an SSL certificate expiration.
SSL stands for Secure Socket Layer, and is a security protocol used to secure (encrypt) the connection between a webpage (the “client”) and the server, so that a third party cannot sniff the traffic. This is particularly important for credit card transactions, or the transmission of any kind of sensitive data, including passwords. An SSL certificate is essentially a cryptographic key that binds to your domain name, server name, or hostname to your location and company name (i.e. your organizational identity). One installed on a server, an SSL certificate activates the secure HTTPS application protocol (rather than HTTP), and a padlock icon appears in your browser’s address bar, signaling to you that this website can be trusted, and that your connection is secure.
These certificates are vital, not only because they allow your users to access your website free from fear that information will be stolen, but because your reputation depends on it. If you don’t have a valid SSL certificate — they do expire after a certain amount of time and need to be renewed — you risk losing business to the “your connection is not private” warning.
2. Website Patches
Bugs and vulnerabilities are a basic fact of digital life. Since to err is to be human, and humans are the ones doing all the coding, it stands to reason: no technology is perfect. This is especially true for core components that make up the front and back end of your website. As vendors find these bugs, they go to work finding ways to squash them, which they then release to you as updates (aka “releases”) throughout the year.
These updates come in three forms: a major release (think iOS 13); a minor release (e.g. a service pack, which is a bunch of fixes bundled together); or patches, which are usually meant as a hotfix of a single issue. Not all updates are created equal. Some can be ignored or held off on — and sometimes (see: iOS 13.1) they should be — but others might contain crucial bug fixes, or be critical security patches designed to plug holes that hackers might exploit. It’s the latter of these that require your most urgent attention.
Let’s be honest: it’s not like these releases are few and far between. When you add together all the components that comprise your website, you could be looking at dozens upon dozens each year. That’s a lot of releases to keep up with, and trying to figure out which ones are critical and which ones you can do without is a hassle, so most companies don’t even try. It’s so much easier to automate.
Except, there's a danger in that too. Frustrating as it may be for those who prefer the “set it and forget it” approach, websites are not pop-culture’s beloved Ronco Showtime Rotisserie. Websites can actually be broken by patches. What this means is that it’s actually safer to try testing these patches individually first, before letting them go live. (Queue the entrance music for your trusty web developer).
3. Domain Renewal Management
We all know what a domain is. It’s the google.com; the wikipedia.org; the thomascookairlines.co.uk (this one might actually be up for grabs soon). Whatever your domain is, it is your company’s identity — the rights to which are arguably the single most valuable intangible asset you own. As a registered name holder, the problem is that these rights can expire — making the potential for the loss of its domain the Achilles heel of every company.
Though their ethics might be dubious, there are people who prey on lapsed domains — swooping in like vultures and purchasing out from under the previous registrants. It’s perfectly legal, if opportunistic, but it can make for the kind of hostage crisis no company wants to deal with. It’s a problem that’s plagued companies both big and small, but none more infamously than when a former Google employee somehow managed to purchase the most trafficked domain in the world: google.com. The price tag? A paltry $12. Though Google got lucky — incidentally, it owned the domain registrar used, and the transaction was promptly cancelled — it still meant that someone else still owned Google.com for a minute. The former employee was as shocked as anyone when the transaction went through; he was just playing around with the registration service. But what was more shocking was that in that minute his Google Search Console started updating with messages intended for the owner of the Google.com domain. He had complete access to the Webmaster tools.
It’s the kind of security breach that could cripple a company, but even if your expired domain isn’t purchased by someone else, you still face the problem of your site effectively being taken offline. Instead of your homepage, your customers will be greeted with a parked domain page. For people with business to do on your site, that could make for a lot of angry folks… and a lot of broken trust.
Luckily, the solution is incredibly simple. Like, as easy as checking a box, simple — because that’s literally all it is. You click on the check box for automatic renewal, and make sure it stays that way. Or even better, register your domain for several years in advance and then never have to worry about it. As a side bonus multi year domain registration has been known to give a small boost to your SEO! (more on that in a future post)
4. Domain Privacy Protection
It’s impossible to talk about domain renewal without also mentioning this last task: domain privacy protection. All accredited registrars are required by ICANN, the international governing body that oversees domains, to maintain what is called a WHOIS database, which must contain the personal contact information for every domain holder that registers through it. This means that your name, phone number, address, email, and the expiration date of your domain are all publically available and searchable.
In the small business website world that is about as bad as posting your social security number and mother’s maiden name to Twitter. The potential that someone will misuse that information is too high, leaving small business owners in an unnecessarily vulnerable place. The solution is to pay for domain privacy protection, which is a number of registrars offer as a service to their customers. In place of the customer’s personal information, the WHOIS database will display the information of a forwarding service, which allows you to maintain your anonymity and protect your company’s assets.
The Time to Act is Now
Website maintenance is often overlooked — for a wide variety of reasons. For one, properly maintaining a website costs money, so companies divert funds to projects they feel are more important. Or perhaps the site is brand new, and only just launched. Since it’s so new, there shouldn't be anything to fix, right? There hasn't even been enough time for anything to “break,” as it is.
There's a false assumption that the website is a finished product. But the reality is that it's anything but. Websites are in a constant state of flux; as your priorities change, so will the content of your website.
The problem with these ways of thinking is that a lot of effort (and expense) went into building your awesome new website. Hundreds of hours and thousands of dollars, all in the name of bolstering your company's presence and growing your client base. It's an investment in your future, and one that requires upkeep.
Like an oil change for your car, website maintaining is a necessary expenses. Without it, you'll only end up stuck on the side of the road, watching your competitors drive by, kicking yourself for not taking action sooner.
Contact JNT TEK for help on developing a plan for maintaining your website.