We’ve consulted with many clients over the years and we’re surprised about one thing in particular. Some prospects come in and they say they’ve talked to a few other website designers in the area but we are the first company that has even mentioned doing website maintenance and what the cost is of owning a website.
Today, basically all websites run on software. The software is either self-hosted (you have your own hosting) or you’re using a hosted solution where the hosting and website software is together and maintained together by your host. The advantage of self-hosting is that your website can usually do more and be more customized than a hosted solution (and sometimes better SEO). The downside is that it costs a little more to own your own website.
This article will go through the cost (and benefits) of owning a website and cover all you need to know about maintaining your website so that you protect your investment.
Websites Are Software
Think about websites as software – just like running Windows or Microsoft Office. That software needs updates, right? Sometimes the upgrades are feature upgrades. Sometimes it’s a bug fix because something was found to not be working right. And sometimes these upgrades are issued to fix security holes.
One, big difference between software on your computer and the software on your website is where it is. Nobody really knows where your laptop or computer is. It’s somewhat hidden on a home or office network and there’s nothing out there advertising it or asking people to come to your computer. With your website, you’re actually trying to get people to go there – you’re advertising it. It’s out there. When you do that, you’re inviting everyone – both the good and the bad – to come to it.
Because your website gets more traffic than your own computer, this means the upgrades – especially the security upgrades – are much more critical. They need to be done immediately or you risk being hacked / compromised.
What Do Hackers Want With Websites?
Our clients often wonder why their website got hacked. The first impulse is usually to wonder why someone would target their website. They think it’s personal and they wonder what enemies they might have or if their competition is doing that. This is hardly ever the case. We’ve seen this maybe just 1-2 times in 16 years.
What hackers do it set up automatic programs (scripts) to find websites and then look for certain files or known vulnerabilities and then automatically launch an attack on that website. So, it’s random, really. They’re trying to get control of a website to do a number of things.
Here are some reasons what hackers want with website:
- To send out spam email
- To set up a phishing page in order to fake a login
- To host files or malware
- To deface a website (bloat their ego)
- They’re just bored and this is their hobby
Why Do Websites Get Hacked?
Websites usually get broken into because of:
- Core software that’s not up to date
- Weak passwords
- Insecure FTP connections where passwords are sent in the open
- Third party add-ons (extensions/plugins) not being up to date
- Server-level vulnerabilities
If security isn’t a focus and priority, then a website will be hacked… at some point. Count on it.
The main culprit is not keeping the website software up to date. We see it all the time and it’s very preventable.
With WordPress, there are 3 kinds of software you have to keep track of:
- The core WordPress software
The core WordPress software is updated about 8-10 times per year. Plugins (depending on how many you use), are updated weekly and themes might get only 1-2 upgrades per year.
A good WordPress maintenance schedule would be to check all 3 pieces (core, plugins and themes) for updates once a week.
Besides these things, make sure you’re using the latest version of the programming language or your website (which is PHP for most websites today).
There are other, preventative measures you can take to avoid being hacked because…
Hackers Are Lazy
Well, they are. If they see a WordPress website that has a firewall, has the login URL changed and has generally been hardened, then it looks like too much work for them and they’ll just move on. They’d rather find an easier target.
It’s like that old joke… if a bear is chasing you, you don’t have to be faster than the bear, you just have to be faster than your friend! The bear will go after the easier target.
Don’t be the easy target – that’s the main thing, really.
Didn’t We Just Do an Update?
When updates come out for any kind of website software – be it WordPress, Joomla, Magento or something else, they come out for a reason. Like I said, it can either be a bug fix, features upgrade or security patch. If it’s a security patch, you should do that upgrade immediately. If it’s something else, then look at what was fixed or what features are now available and then decide if you want to do that upgrade or wait until the next one.
You may seem like you just did an upgrade and then another one comes out that’s a security upgrade. What do you do? You do it – even if you just did one. You’re managing risk. You don’t know when the next upgrade will come out – it could be a few months. Don’t risk it. Hackers also know about the security holes that were found and they’re going to battle to exploit those holes and take over websites. It’s like Christmas for them.
What If My Website Does Get Hacked?
As a website owner, you’re responsible for your website. Your website host provides the server (hardware and software) along with the power, physical security of the hardware and the network. Website hosting is like an apartment unit in a building. You can do what you want with it for the most part but if you leave your doors and windows open and someone breaks in, that’s your problem.
When it gets hacked, you need to clean it up.
- Maybe you can restore the website from backup and only lose a little bit of work.
- Maybe no backups are even being taken.
- Maybe your website has sent out spam, damaging your domain’s reputation.
- Maybe your website has been hosting malware or pirated files that you may now be responsible for, legally.
- Maybe things are so messed up, you need to rebuild or redesign your entire website (we’ve seen that).
Basically, you’re left with a mess that must get cleaned up. How much it’s going to cost… who knows?
Meanwhile, you’re losing traffic, sales and leads. Your website is losing rankings and trust. It may take a lot of time and money to restore that.
Whatever happens, it’s on you. It’s not on your website host or developer, it’s your responsibility as the website owner. Just remember my apartment analogy. It’s your place and you didn’t keep it protected.
And remember that no software is 100% secure. You may have the best website security practices in place and you still get compromised. That’s just how it goes.
“There Has to be a Better Way!”
Yeah, I stole that line from an infomercial.
We have plenty of website clients that go year after year with no problems getting hacked. We’ve provided services to help our clients do this. After all, we’re here to help them so they can run their businesses. We’ll do what we do best so they can do what they do best.
At Webstix, we concentrate on WordPress, Magento and Joomla for website software platforms. This is Open Source software that’s free to get and use and updates are issued throughout the year. Most upgrades are rather easy but sometimes there are even major migrations (a topic for another blog post because this sometimes requires a complete website redesign).
When doing an upgrade, you have to be careful. You can break your website… you can. Most upgrades today go off without a hitch but we do see problems happen.
In order to avoid problems when upgrading your website, you should follow a program like this:
- Take a fresh backup copy of your website files and database.
- Take screenshots of all the functionality of your website so you know how things look and how they’re supposed to work.
- Upgrade the software.
- Check the website functionality and make sure everything works. You must do this in the latest versions of all major website browsers and mobile phone browsers.
- Document when you did the upgrade and list any problems that came up so you have a history of work done on your website.
Oh… you don’t do that? Why? Don’t those steps seem like the smart way of doing it?
Yeah, you don’t have the expertise or time to do that – you have your business to run. Yes, that makes sense.
Well, that is the kind of support you can get from Webstix. We have a Website Maintenance Department that does this kind of series of steps for our client every week. The best part is, it’s affordable!
For WordPress, we have our Website Care program. For under $11/week, you can have us check your website core software, plugins and themes for updates. It’s peace of mind for a low, low price.
For Joomla, Magento and also for WordPress, we have our Automatic Upgrades program. With this program, you sign up and if a core software upgrade comes out, we’ll take care of it and then charge you for it. If you have Maintenance Blocks in your account, we’ll just deduct them.
That way, we’ll take care of this website stuff and you can run your business. Simple… and smart.
So What is the Cost of Owning a Website?
The main point of this post was that, as a website owner, you need to understand that you’re responsible for your website. This includes keeping the software up to date.
The total cost of running a WordPress website yourself could look like this (per year):
- Domain name: $9
- Website hosting: $60 to $375
- Website upgrades: $529 to $750
- SSL certificate: $0 to $120
- TOTAL: $598 to $1,254 / year (or higher)
Those are some rough numbers but you get the idea and you can use these estimates for a rough budget. If you want to know for sure, then contact your website developer and website host or look up your costs for the last, few years.
The cost roughly works out to 10% of your website development cost since many websites today are in the $5,000 to $12,000 range.
Most people today go to your website to check out your business. That is where they find you first. No only does your website need to look good, solve their problem, rank high and load fast – it needs to be maintained so that it’s actually there and running well. As a website owner, that’s your responsibility.
You can choose to do upgrades yourself by leaning how to do it and fix problems yourself, but hey, for me… I’d rather take my car to a good mechanic when it needs to get fixed instead of spending a whole Saturday trying to do the work myself (and I might not even do it right).
If you need help with a hacked website or want to get set up on a preventative maintenance program, then contact Webstix today and let’s talk!