Too often, a company will launch a new or redesigned website and think the job is done—and that couldn’t be further from the truth. A website needs regular attention, maintenance, and updating, not only to keep up with search engine optimization (SEO) needs, but also with changing technology and security requirements.
SEO is Important…
Fresh content is essential to driving increased search traffic over time, for several reasons. And of course that content needs to be search-optimized with keywords, headings, URL, meta tags, image alt tags, etc. But fresh content also creates opportunities to link back to previously created, relevant content, potentially increasing the search visibility of those pages as well.
Periodic technical SEO updates are also critical. Check for and fix broken outbound links, and moved or deleted pages creating “404 – not found” errors, to enhance both the website visitor experience and search rankings.
As the website expands over time, watch for pages that no longer offer visitors (or your business) any value. Pages that no longer draw visits clutter up your site, diluting its authority and making it more difficult for search bots to crawl. These should be regularly updated, or deleted and redirected.
A great example is news roundup pages. These summaries save readers time and can be quite valuable when new or relatively recent. But a weekly news compilation from two or three years ago no longer serves your business or readers.
…And so is Technology…
Staying current doesn’t just mean running the newest version of your CMS. That’s important, certainly, but many web hosts will make those updates automatically.
It’s also about which plugins and other extensions your site uses. For example, some of the most popular WordPress plugins for SEO, list building, and blog commenting from just a few years ago are now discontinued or out of favor. They’ve been replaced by newer, better alternatives. Running plugins that are no longer maintained can lead to software conflicts that make your site unstable.
…But Most Important is Security
When you operate on an outdated CMS or with outdated components, it opens your business up to hacking—the risk of which has risen dramatically in the last year, and will continue to increase in the future.
According to Search Engine Land, data from Google shows that site hacks increased 32 percent in 2016, and the search giant “doesn’t expect the trend to slow down any time soon.”
To guard against any type of sustained intrusion, Google advises site owners to verify their sites in Google Search Console. This tool keeps site owners aware of any security issues, and provides help with cleaning up common hacks if they do occur. But as Google also notes in its 2016 report, “61 percent of webmasters who were hacked never received a notification from Google that their site was infected because their sites weren’t verified in Search Console.”
Why do sites get hacked? The motive, per Sucuri, is most often financial. Common hacks include installing ransomware (malicious software designed to block access to a computer system until a sum of money is paid); stealing passwords and other user information; or redirecting site visitors to pages that generate affiliate or advertising revenue for the hackers.
Hacking often brings to mind news stories of serious data breaches at large companies, which involve the loss of millions of records, as well as millions of dollars. But as the hacks described above indicate, a site doesn’t need to store credit card data, or belong to a large company, in order to make money for hackers. Small and midsized company sites can be lucrative, and easier to penetrate.
Security analyses from Sucuri has “found that it takes about 30–45 days for a new website, with no content or audience, to be identified and added to a bot crawler. Once added, the attacks commence immediately without any real rhyme or reason. It can be any type of website, the only commonality is that it is connected to the web.”
(Want to see the sources of bots hitting your site? Dig into your Google Analytics data. If you see numerous referral visits, from odd-looking domain names, all with a single page view, zero time duration, and 100% bounce rate—those are almost certainly bot hits. Of course, not all bots are malicious. But none of these sessions are from valid, human website visitors.)
And while a small-business site hack may not result in millions of records or dollars lost, the costs can nevertheless be devastating. Citing research from Symantec, GreenGeeks noted “online hacks cost medium-sized businesses and smaller more than $188,000 each year on average. More than 60 percent of these companies had to close down because they were unable to survive the financial damages.”
How to Keep Your Website Safe
So how can you protect your site from bad actors? The GreenGeeks post provides a number of commonsense precautions, such as keeping your firewall and antivirus software updated; using a web host that takes security seriously; and never interacting with unsolicited emails. Among other helpful security practices:
- Use strong passwords, and update them periodically. Consider using a strong password generator tool to make this easier.
- Use multi-factor authentication whenever possible.
- If your site is built on WordPress, install security plugins to thwart different types of attacks.
A final consideration is whether to build your site on a web content management system (CMS) or not, and if so, which one to use.
It’s true that WordPress, Joomla, Drupal, and Magento are the most hacked web platforms. However, it’s also true that they are the most popular. WordPress, for example, is used on 28 percent of all websites, and on nearly 60 percent of those built on any commercial or open source CMS. So the fact these are the most commonly hacked systems isn’t an indication they are not secure, but rather pretty much a statistical inevitability.
The arguments in favor of using a CMS are straightforward and compelling. Using a CMS reduces costs. It takes care of the technical “plumbing,” creating sites with search engine-friendly code that display properly across all types of devices. It enables non-technical content producers to easily add and update website pages. And it’s usually easy to find reasonably priced technical help if needed.
But regardless of the underlying architecture, what’s most critical is to keep all components of the site updated. Staying current on content and technology improves the user experience, maximizes the business value of your website, and helps protect it from cyber threats.