The Cheeky Monkey Media Blog

A few words from the apes, monkeys, and various primates that make up the Cheeky Monkey Super Squad.

When Your Website Drains Your Budget

Taking Care of Your Website Helps Cut Down Unexpected Costs Associated With Website Emergencies

Making sure your website gets regular maintenance is kind of like making sure your car gets regular oil changes.

It’s much cheaper to get your oil checked (and refilled, if necessary) than having your engine blow up at the top of a mountain pass at the start of winter  — trust me, I’ve been there.

It’s also much less stressful.

In website terms not maintaining your website leaves you vulnerable to the following situations:

  • Compromised security
  • Out-of-date functionality for modern standards
  • Performance degradation
  • Loss of data
  • A complete collapse of your website.

These sorts of situations usually require emergency assistance from qualified web development and design team.

It’s kind of like having to call a tow truck when your car breaks down and being forced to miss that meeting that was going to guarantee your organization funding for the next year. It’s not good.

Instead of paying regular rates, you’re paying the emergency rate. And yes, there is a big difference.

Here’s what I mean:

Regular Rates — What You Can Expect

According to CREDO’s 2017 Digital Marketing Industry Pricing Survey Results, agencies that offer both strategy and service charge an average of $166.63/ hour. On average, the minimum required to spend for a single service project averages at $2,018.52. Those that do only strategy charge an average of $120.00 / hour. The minimum required to spend for a single service project is $1,250.00.

And that’s only the average worldwide. US agencies generally charge more for strategy and service and less for service.

Emergency Rates — What You Can Expect

If you’re not on a maintenance plan, you will usually be charged an emergency rate if your marketing agency or web development shop has to drop what they’re doing or work outside of regular office hours to fix your website catastrophe.

These fees are usually 2X or even 3X your regular rate. Based on the averages above, that’s anywhere from a minimum of $240.00/ hour to more than $1000.00/hour.

I don’t know about you, but those are prices I wouldn’t want to pay, especially if I was also losing money because my website was down.

In fact, I’m feeling kind of sick just thinking about it. Yuck!

via GIPHY

Taking Care of Your Website — Basic Maintenance

All that, however, can be avoided. All you have to do is ensure your website gets regular maintenance.

At Cheeky Monkey Media, we consider search engine optimization (SEO), marketing, and design as essential components of a holistic website maintenance strategy. However, for this blog, I’ll be taking a more development-heavy approach and focusing on the following:

  • Core Updates
  • Regular Website Backups
  • Module Updates
  • Adding pages, tags, and categories

Let’s start with changes to the code.

(Psst, if you want to learn more about maintenance contracts at Cheeky Monkey, shoot us a quick email.)

Maintaining Your Website’s Code Prevents Website Emergencies

In order to understand why updating your website code regularly is so important (crucial actually), you need to have a basic understanding of what a content management system (CMS) is.

Your Content Management System (CMS)

Your CMS is the base of your website. It’s the building blocks we use to make your website look and function the way you want it to. At Cheeky Monkey we usually use either Drupal or WordPress, which are both open source.

In case you were wondering, here’s a recap of open source:

 denoting software for which the original source code is made freely available and may be redistributed and modified (Dictionary.com).

Opensource.com goes on to explain that:

Open source projects, products, or initiatives embrace and celebrate principles of open exchange, collaborative participation, rapid prototyping, transparency, meritocracy, and community-oriented development.

In other words, if a CMS is an open source, the core code for that system is maintained by the community for that system. In our case, Drupal is maintained by the Drupal Association and Drupal Developers in the community while WordPress is maintained by the community of WordPress Developers and Designers.

Code Updates to Drupal and WordPress Cores Equals a More Secure Website

When someone in the Drupal or WordPress community finds a security vulnerability in the CMS code, they immediately take the appropriate steps to alert the entire community, which means we are all aware of the issue and can actively work together to resolve it.

As soon as there are security updates to the Drupal or WordPress Core, the rest of the community is notified individually, through newsletters and letters, and through various hosting partners.

By staying up-to-date with security updates, and ensuring you update the core of your CMS every time a code update comes along, you can sleep well at night knowing that you’ve taken the most important step towards keeping your website safe and secure.

When You Don’t Update Your CMS Core Regularly

Not updating your Drupal or WordPress core (or any CMS core) when updates become available leaves your website vulnerable to hackers.

An attack on your website can be something as minor as all of your members being spammed with the latest and greatest Viagra ad (not great, but not end-of-the-world catastrophic) or having your website completely demolished (your content disappears, your server gets infected with a virus, all your customer information is stolen, and your code needs to be reworked).

By the way, this is why you should always do regular backups of your website at least once a week, but ideally daily.

But back to security hacks:

Fixing a security hack (outside of the legal ramifications of this occurring) can take anywhere from an hour to a full day or more (depending on how up-to-date you’ve been keeping your systems).

During this time you’re being charged an emergency rate by your web development or marketing agency, which is usually at least twice the cost of the regular rate (see below on costs).

An Example:

To illustrate my point, just in case I haven’t terrified you enough already, let’s look at an example Mark from Uncorked Ventures (in San Mateo California) shared with me.

A couple of years ago, we had a site on a wine-specific platform that was quite clearly made back in the 90s (give or take).

Much to our surprise, right before Thanksgiving, we received a note in Webmaster Tools that our site was being removed in its entirety from Google Search because we had hidden links on pretty much every page on the site.

Eventually, we looked through the code; and yes, we were linking out via hidden text to every underground pill seller, male enhancement product, and pretty much a bunch of other undesirable neighborhoods.

When we talked to the software folks, it sounded like they hadn’t updated the email client portion of their software for YEARS….so it was relatively easy to access. We even tried it, and it’s almost comical, but you could create an admin account on our site, as well as about 100 other winery sites, by using the generic combo of “Admin” and “password”. They said it had been done to set up the initial accounts but then never closed and since they hadn’t updated the software itself, the wider group of engineers (that had closed it) weren’t aware it was still an issue for anyone.

Given that about half our yearly business occurs in that 6-week street between Thanksgiving and Jan 1st…..this almost closed our business.

Luckily, the folks at Google were understanding and they helped more than they would otherwise…

In any case, it’s still a tale we enjoy telling since it was truly such a complete and utter disaster!

Yowza! That sounds like an awful and extremely stressful situation.

Luckily, situations like this can be easily avoided.

If you and/or the developers in charge of your website and server make updates to your CMS core as soon as they become available and make the appropriate changes to your log-in credentials, you are generally safe from situations like the one described above.

Feeling Nervous about Open Source Security?

I’d like to pause for a moment here and address a concern that comes up whenever open source and website security are discussed. There’s a general sense that open-source CMSs are more vulnerable to security hacks than proprietary systems.

This isn’t necessarily false.

Our Senior Drupal Developer, Ryan Smylski puts it best:

There’s a slightly greater risk of your site being hacked because of the server security vulnerabilities rather than the CMS software’s. That said, just because something isn’t open source doesn’t mean it’s coded securely. It’s all built by somebody, and regardless of the building blocks, human error can leave something not so secure.

At the end of the day, all websites can get hacked. The example I just shared with you, discussed what happened to a wine website built on a wine-specific proprietary CMS.

The benefit of open source is that there is a large group of individuals working together at all times to reduce risks. And, if the City of London, the World Economic Forum, and Weight Watchers all use Drupal, and The New Yorker, Sony Music are built on WordPress, you can rest assured that open source is looking pretty good.

Construction worker image

If you’re feeling nervous about using open source, because you’re getting the sense that open source isn’t very secure, read this blog.

Ok, let’s get back to it.

Website Backups Will Save You! They’re also Part of Website Maintenance.

Regardless of whether or not your website is built using an open source or proprietary CMS, doing regular backups of your website is absolutely crucial for the health and well-being of your website, and your sanity!

In fact, the fact that we do back-ups of our website every day saved me last week when I accidentally deleted one of our most important content categories. With one click of a button, everything was back to normal. I only lost an hour’s worth of work. Things could have been much worse.

Our Co-Founder and CTO, Gene Bernier advises automating backups of your site to occur at the very least once a week, but ideally daily.  <– I suggest you learn from my experience and do the backups daily.

If something happens to your website — you get hacked and the site is deleted, all of your content is removed, you get a virus, to name just a few — having a backup saves you from having to recreate everything from scratch.

Let’s look at another example…

Example:

When I decided to write this blog, I reached out to other companies, organizations, and web development and design shops and asked them if they would be willing to share their own or their client’s website disaster stories. I was inundated with responses. I’ve already shared one of these with you, but here is another from David Deering, the owner of Touch Point Digital, a digital marketing agency based in New Orleans:

We recently had a client who neglected to pay their hosting bill. The site had likely been down for a while. All of the website files that were once in the hosting account were gone. Fortunately, we had made and kept a copy of the site when it had gone live. But we still had some hurdles to deal with in getting the site back up. And since this was a priority/emergency project, we had to pause other client work to get their site up ASAP. Doing that cost the client a few hundred dollars, but who knows how much business they lost while the site was down.

In this example, the client wasn’t hacked. Rather they forgot (I’m guessing) to pay their hosting bill, which caused their website to (effectively) disappear. Although the digital marketing agency working with them had a backup of the site from when it went live originally, there were no subsequent backups, which caused the client a lot of money in emergency fees and a considerable about of money while their website was down.

Like Cheeky Monkey Media, Touch Point offers a monthly maintenance package that includes monthly maintenance and backups. While there’s an upfront monthly cost to this, it often saves you greater costs further down the line.

As David puts it,

In the end, it’s much cheaper to have someone maintain a website than have to pay emergency rates when something happens. And the peace of mind you get is an added bonus.

David, we couldn’t agree more!

In case you missed it, the moral of this story is BACK UP YOUR WEBSITE!

Module and Plugin Updates Help Secure Your Site. They’re Part of Maintenance Too!

What about module and plugin updates? Our Senior Interface Developer Micah Joyner explains that even though module and plugin updates don’t ring the same alarm bells as updates to the Drupal or WordPress Core, they are still important. In fact, as Calvin Tyndall, our Hybrid Developer reminds us, a badly written module or plugin could leave you vulnerable to exploitation.

Updating Modules and Plugins is also a valuable practice when it comes to optimizing your website for efficiency and user experience.

What’s a Module?

According to the Drupal Association website:

A Drupal module is a collection of files containing some functionality and is written in PHP. Because the module code executes within the context of the site, it can use all the functions and access all variables and structures of Drupal core. In fact, a module is no different from a regular PHP file that can be independently created and tested and then used to drive multiple functionalities.

In other words, a Drupal module is a fancy cluster of code files that allow you to do things like sending emails from Drupal, adding images, and automate posts to social media platforms, and so on.

What’s a Plugin?

According to the WP Beginner glossary:

A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. In the WordPress community, there is a saying that goes around: “there’s a plugin for that”. They makes it easy for users to add features to their website without knowing a single line of code.

Essentially, a WordPress plugin is the same as a Drupal module, except that it’s specialized for the WordPress CMS as opposed to the Drupal CMS.

Maintenance Means Catching Mistakes Early, Which Could Be Your Saving Grace

Another response I received to my inquiry about website mishaps that could have and should have been avoided comes from Max Robinson at A Hume Country Clothing based in the UK. Here’s what Max had to say:

We learned about the importance of the robots.txt file last year after a disastrous few days of online business. Essentially, you can add a file to your website which instructs robot crawlers (the tools that search engines like Google use to index your website) what to do with your website. … The robots.txt file also has the ability to hide your entire website from Google simply by adding a ‘/’ to the file. We worked with a freelance web developer who was making updates to our site and hid our site from Google while this was taking place. Unfortunately, the developer forgot to remove the ‘/’ from the file, and none of us knew why our website had suddenly disappeared from Google. This lasted for almost a week before we finally figured out the issue by hiring an expensive consultant who spotted it immediately. We missed out on thousands worth of sales due to this mishap.

Mistakes happen. However, having a solid quality assurance process in place, which includes having other developers review your work (something freelance developers don’t always have the luxury of doing) and doing regular reviews and crawls of your site through a maintenance package ensures mistakes such as the one above are caught and resolved early, often before website changes even go live.

via GIPHY

^With a maintenance plan, instead of beating yourself up like the guy in the gif above (what’s his name again?) you can catch the mistake and fix it — usually before anyone even knows it’s there.

Maintenance Means Easy Add-Ons and Modifications

And then there’s all that extra stuff. When you have a website, all sorts of little things pop up all the time, for example:

  • You need a new landing page.
  • You want to set it up so you can automatically send posts to your social media accounts.
  • You need to create a new event page.
  • Something goes wrong with your registration system.
  • You need a new design.
  • You want to give users the ability to submit user stories.
  • Your search functionality isn’t working the way you would like so you’d like to improve your content tagging system.

The list goes on, but I think you can see where I’m going with this. Whether you’re the Marketing Director at a nonprofit or the IT Director at a business, there are always going to be changes and modifications that need to happen for your website to do its job properly.

Our maintenance packages help you make sure there’s time budgeted for these things when they come up. Contact us to learn more.

Final Thoughts

A few weeks ago, I received an email from John Jantsch at Duct Tape Marketing. The email was designed to get me to click on his most recent blog “Must Have Homepage Elements.” The blog is good, but that’s not why I’m making this reference.

It was the email introduction that got me:

Your website is not a brochure, it’s not a business card, it’s not just another way people can find you. Your website is the hub of your business – no matter what you sell.

I love, absolutely LOVE, this definition of a website.

via GIPHY

As an organization, whether you’re a nonprofit or a for-profit, your website is an integral part of who you are and what you do. It’s what brings it all together. It connects every part of your organization.

As such, your website deserves your love and attention. It needs to be taken care of.

In the same way that you make a conscious effort to take care of your body — feeding it the right foods, getting enough exercise, taking the appropriate steps when you feel sick, finding purpose and moments of calm in your every day — you need to make a conscious effort to take care of your website, and that means:

  • Picking and paying the right hosting provider for your organization.
  • Doing regular backups of your code and content.
  • Always doing core updates for your CMS.
  • Upgrading modules.

In theory, it’s all very simple, but so is taking care of your body, and how many of us can say we do that well on a consistent basis?

It can be a lot to stay on top of.

We get that, which is why we urge you to consider investing in a maintenance package, whether that’s with us or with someone else. But, whatever you decide, make sure that when you think about your website and maintenance in the same sentence, you think about your website as a complex being with physical, emotional, and mental needs.

Your website would thank you if it could.

And, more importantly, it will start delivering the results you want from it.