Site owners may be unaware of the maintenance requirements of a modern website and the efforts it takes to support one. Websites built on open source platforms like Drupal and WordPress are made from code written by many different developers. This makes for great efficiency and cost savings, but requires consistent, diligent maintenance for security, stability and performance.
Here’s why maintenance is critical:
It's a harsh reality, but there are bad guys out there who would like to compromise your website and use it for their own purposes. While there is no way to guarantee that your site will never be hacked, making certain that all the latest code updates are promptly applied will go a long way towards protecting your site from hackers. Security is the number one reason that your website needs maintenance.
Open source software is constantly improving. That's a really wonderful thing, but it does come at a cost. While eventual obsolescence is inevitable, you can fight it off for years by simply making sure your site always has the latest upgrades applied to your core software and your modules (Drupal) or plugins (WordPress).
In the case that something bad happens (either compromise or server/hosting issues) good maintenance will get you back online and back in business faster.
Website maintenance procedures should include:
Monitoring for updates and patches
It’s not enough to log in and check for updates. Compromises happen fast these days and a well-maintained site requires vigilance. Whoever is responsible for maintaining your site should:
Get realtime notifications of, at least, required security updates (there are several ways to do this, by system)
Log in periodically to check the system and look for odd behavior, stray content or anything else that looks amiss
Monitoring for uptime and availability
If your site is down for whatever reason, you want to know about it quickly. Services such as Pingdom monitor your site through web connections and alert you when something is wrong.
A well-maintained site should exist on a three-server architecture:
This is where actual work occurs--both new development and core/module/plugin upgrades.
The staging server must be identical to the production server. Once development work and upgrades are performed on the development server, live data and tested development work are merged here, away from the public eye.
The production server is your live website. Only changes that have been verified on the staging server get moved to production.
Caching and content delivery options like CloudFlare can maximize site speed and uptime. If appropriate, developers will help you with a strategy.
Code versioning and management
Website code is managed in a version-controlled repository. This facilitates multiple developers working on the same codebase and ensures that all changes are tracked and any errors are reversible.
Your web host probably performs some type of backup. In the case that this backup scheme is not robust enough, your developers should design a backup scheme that is more in line with your requirements. Either way, a site should be restored--from backup--at least a couple times a year to validate that its backups are valid and that you can definitely get your site back in the event of a disaster.
With a little help, your beautiful new, super-secure website will have a long and useful life!