Maintenance is a part of daily life for many web designers. Looking after the websites we build helps to keep them running smoothly. And it’s also a great way to earn recurring revenue.
I’ve been maintaining websites for over two decades. I started with old-school static HTML websites. These days, I work primarily on sites built with WordPress. Much has changed.
For example, websites that use a content management system (CMS) have multiple moving parts. And updating core software, themes, and plugins is the main focus.
The process could be relatively simple – except for one thing: security. The myriad of threats is enough to keep us up at night. It seems to be a never-ending battle against bots, malware, and whatever else is lurking in the shadows.
In short, security has turned website maintenance on its head. Thus, we must consider it when pricing the services we offer. Let’s explore the challenges involved and why it’s driving costs through the roof.
Software Updates Require More Scrutiny
There are routine software updates. And then there are security fixes. The latter should become the higher priority.
It takes effort, however, to discern the contents of an update. Looking at a software’s change log is usually the only way to find out.
This isn’t a big deal if there’s only one application to monitor. But consider a typical WordPress install. It will consist of the core software, plus an untold number of themes and plugins.
You may find yourself scrutinizing a dozen or more change logs regularly. Oh, and multiply that by the number of websites you maintain.
Sure, you could simply hit the update button on each site every day. But it’s important to know what is included with each new version. And it’s also worth browsing support forums to gauge stability.
Testing is also crucial – particularly on mission-critical websites. And even security-related updates should be tested. That’s because, quite often, a security fix isn’t the only item included in an update. Thus, ensuring that there are no compatibility issues is still important.
All of this adds up to a lot of time spent researching and applying updates.
The Need for Third-party Security Tools
Every website is a target. Therefore, taking extra security measures is always worthwhile.
Some tactics, such as the use of strong passwords and locking down file permissions, are free. But third-party tools and services are also a key part of the equation. They often have a cost.
There are a variety of options. Everything from WordPress security plugins to content delivery networks (CDN) that include a firewall is useful. They create an extra layer of protection from malicious actors. As such, one of these tools could be the difference in keeping a website clean from infection.
If you provide web hosting for clients, these types of tools should also be included. It may mean a price increase. But that should be easy to justify. Hardening security is part of the cost of doing business these days.
Cleaning up a Hacked Site Is Unpredictable
Implementing best practices is no guarantee of immunity. A website can still be compromised. And cleaning up a hacked site will eat up your time and resources. That holds whether you do the work or hire an expert.
For one, locating the source of a hack is like finding the proverbial needle in a haystack. There are numerous ways for malware to creep in. And its impact could reach beyond the issues you can see.
Reinfection is all too common. Even when you think that you’ve fully cleaned a website – the same problems can come back at any time. This unpredictability makes it hard to provide accurate time and cost estimates.
A hack can quickly exhaust maintenance contracts that include a specific number of hours. Clients may race past their expected budgets.
With that, a maintenance agreement might be considered a minimum cost. A security breach will throw a wrench into the works and lead to higher costs.
The Cost of Security Can’t Be Ignored
Security has become a major factor in website maintenance. The top priority is to prevent a site from being compromised. But there is also the reality that nothing is 100% effective. Thus, cleanup is also part of the job.
All things considered, maintenance has become a constant. It’s no longer just about making changes to the design and content. Each site must be monitored to ensure that it’s both clean and secure.
These costs must be taken into account. Prices should reflect the effort required to proactively implement security tools and practices. In short, if it costs you time and/or money: pass it along to your clients.
Security is simply too important to ignore. It takes time and money to do things right. And things work best when clients understand what’s involved. Therefore, it’s worth discussing.