How Ongoing Website Maintenance Keeps Your Site Secure, Compliant and Accessible
When most people think of UX, website maintenance isn’t the first thing that comes to mind. But although a website’s technical backend often takes a backseat to frontend design and functionality in public opinion, it’s responsible for keeping everything running smoothly in the background. Suffice to say? If the backend of your site isn’t well-maintained, the user-facing parts of your site will suffer too.
These days, many websites opt to use open-source CMS platforms like WordPress, Drupal, and Umbraco. But although these platforms offer a more convenient and approachable site-building experience when compared to developing from scratch, their popularity also makes them a bigger cybersecurity target, given the greater ROI to bad actors.
These platforms make installing updates as simple as possible, but hitting the ‘Accept all updates’ button isn’t the same as developing a comprehensive website maintenance program. For instance, if you don’t review every potential update, how will you determine whether or not updates to one module will conflict with another? How can you ensure that patching one area of your site won’t impact the custom code you’re using there?
Although putting your maintenance on autopilot may seem appealing, it can cause more problems than the time-save is worth. Indeed, to update reliably, competently, and safely across sites of scale, you need comprehensive testing processes in place to ensure nothing goes wrong, along with a team that can guide you through ongoing maintenance activities and the order in which they should be scheduled.
Further, to ensure that your site stays accessible and compliant — no small task in today’s rapidly evolving environment — you’ll need the help of skilled partners that have experience undertaking comparable projects and that can implement efficient maintenance structures.
Why Website Maintenance Matters
A lot of business leaders think that building and launching a new website represents the end of the project. The site is live, so they can move on to other priorities — only returning to the site when the content needs to be updated or new news items are released.
But this ‘set-and-forget’ mentality doesn’t make sense with the way modern business works. These days, companies often find themselves having to quickly pivot their operating models to respond to industry changes and global events. Even businesses that don’t change will find themselves faced with advancing technology and evolving regulations.
In other words, even if you’ve implemented best-in-class security and accessibility into your first build, it’s only best-in-class for that specific moment in time. As the technological and regulatory environment shifts, your top-of-the-line build can quickly become bottom-shelf. To prevent this, you need a solid maintenance and service structure that can keep up with the changing tech and legal landscapes.
What is Website Maintenance?
Website maintenance is the practice of keeping your site safe, secure, enjoyable, compliant, and accessible over time. In other words, it’s the process of making sure that your site doesn’t just start out great. It actually stays that way.
Looking at the bigger picture, the most common website maintenance priorities typically involve identifying, evaluating, and implementing any security and patch releases for the OS, CMS, the site’s theme or framework, and any modules or plugins being used.
For example, many sites that used jQuery before v3.4 unknowingly exposed their sites to an XSS security vulnerability. While this issue was fixed in 2020, many businesses have yet to update their sites to the latest jQuery version and, as a result, are continuing to put themselves at unnecessary risk.
Beyond that, website maintenance also includes website optimisation: making sure that the site is still performing well and that it’s meeting the benchmarks of standard frameworks like Google Web Core Vitals.
Finally, maintaining your site means making sure that it’s up-to-date. Unless you’re building a very static brochureware site, you’re going to regularly be faced with changes that need to be made to your site’s content and functionality. Capturing those changes and maintaining a backlog of tasks that need to be completed are important parts of website maintenance.
How Website Maintenance Improves Site Security
Even if your site doesn’t collect users’ private data, site security needs to be on your radar, as it typically costs less to prevent potential hacks than to recover from them. Just take a look at recent breaches of Australian companies, like LimeVPN and NSW Health, to see how much damage they can cause.
The reality of the internet is that it’s a constantly shifting minefield. Whether you realise it or not, your OS may have updated, your server might have upgraded, or a new vulnerability may have been identified — all of which can leave your site wide open for attack.
Hackers and bad actors are constantly on the lookout for new bugs and vulnerabilities that they can exploit. Sometimes, an attack may not even come from an active hacker — it could be from a script that a hacker sets free onto the internet to search for vulnerable sites and servers. In some cases, you may not even notice you’ve been infected for months, all the while the hacker is stealing your data.
Fortunately, developers and security experts alike are constantly working to identify these vulnerabilities and create patches and updates that can keep your site safe. But they won’t do you any good if you don’t actually implement them. That’s why website maintenance needs to be a priority from a site security perspective. Having a strong website maintenance process is crucial to ensuring that your site stays updated, safe, and secure.
As you add more content to your site, you’ll need to stay vigilant. While it might sound scary, even adding a single picture to your website could introduce a new vulnerability — hackers can easily embed malicious code into images, so if you’re downloading a file from an email or an open-source image site, you could unknowingly expose your site to an attack.
The Importance of Compliance and Accessibility
At Sitback, a number of the clients that we work with either are a government department, or they perform work for one, which means they’re required to stay current with specific compliance and accessibility standards. Even if your company doesn’t fall into this category, it’s still a good idea to invest in remaining compliant and accessible for both your business and your audience.
Consider this: one in five Australians has a recognised disability. By not keeping your site accessible, you risk cutting off 20% of your potential audience (not to mention the many people who experience temporary disability, such as a broken arm). Accessibility is especially important for non-profit organisations that work with groups with disabilities and elderly populations, since as we age, the eye tends to naturally develop problems focusing on small text, such as website content.
As far as government requirements are concerned, the Digital Transformation Agency enforces accessibility compliance within the Australian government. It follows the Disability Discrimination Act of 1992, which created a legal requirement for all government services to be accessible to those with disabilities.
Currently, all government agencies are required to meet at least the WCAG 2.0 AA standard (though WCAG 2.1 AA is strongly encouraged). Regardless, WCAG 2.2 is just around the corner. Maintaining up-to-date compliance will require knowledge of these additional assessment criteria, as well as the resulting remediation required.
As of this writing, there aren’t any substantive penalties or other punitive measures in place for companies that fail to meet these standards. But that doesn’t mean your organisation should allow any of its visitors to struggle while using your website.
In 2014, Cole’s Supermarket was sued for disability discrimination for failing to make their online grocery services accessible to shoppers with visual impairments. Cole’s settled out of court, and the case now serves as a lesson to all businesses as to just how important accessibility is — not only from an ethical perspective, but from a practical and financial one as well.
The good news: many popular CMS platforms have some degree of accessibility compliance baked in. However, while this serves as a good starting point, it’s not enough to keep your site truly accessible. Achieving that requires a solid understanding of accessibility, as well as knowledge of specific guidelines, like WCAG, to build and maintain a website that’s compliant and accessible to everyone.
Remaining Accessible and Compliant with Website Maintenance
The role that website maintenance plays in accessibility and compliance is similar to its role in maintaining security. Compliance guidelines change, so even though your site may have started out on the right foot, it may fall into noncompliance over time if you don’t regularly maintain it.
Keep in mind that every change you make to your site introduces the possibility of a new challenge with accessibility. Say your organisation is subject to the WCAG 2.1 standard. If you upload a picture to your site but fail to add alt-text to the image, your website no longer meets the requirements of WCAG 2.1 based on just that single change.
The only way to ensure long-term, consistent accessibility and compliance is to periodically audit your site. In most cases, this will turn up content issues, which are easily fixable. But it’s always possible that deeper and more challenging concerns will be uncovered. For this reason, we typically recommend conducting an accessibility audit on a quarterly basis.
How Sitback Can Help
Considering all of the responsibilities outlined above, it’s clear that most organisations will need at least a mid-level developer to properly perform regular maintenance work. Yet, at many organisations, website maintenance falls to someone in digital marketing, to a project manager, or to a lower-level developer without the necessary skills or background. Too often, though, these professionals don’t fully understand the importance of security, compliance, and accessibility for a website.
If you want to ensure that your site stays secure, compliant, and accessible, you need a partner with deep knowledge of the subject that stays up-to-date on the latest rules and regulations. Hiring someone who only makes a few basic changes and doesn’t stay current with emerging issues just won’t cut it.
Our Accessibility Audit Process
When we run a Sitback website accessibility audit, it’s likely that we’ll find issues of varying severity that need to be resolved. Taken together, these issues can seem like quite a project to fix. But with an ongoing services retained model, like the one Sitback offers, you can take the highest priority items from your list and work on them over your allocated hours.
That means that, even though your website might not be compliant right now, you’ll have a clear plan in place to get it there from a company that understands compliance inside and out. Over time, we’ll also train and educate your internal team on how to maintain compliance and accessibility when updating, in addition to building out any additional functionalities, feature enhancements, or extensions required to maintain compliance and accessibility.
Long-Term Success with Website Maintenance
At the end of the day, you can think of your website like a car. Just because you bought a brand new, luxury sports car doesn’t mean it’ll stay brand new forever.
Not only will you need to address its maintenance through regular services, you’ll want to tune it for high performance. Maybe you upgrade the tyres, add new stereo speakers, swap out engine parts, or even modify the engine management unit. In any case, you’re improving the car — not just maintaining it at the condition it was in when it rolled off the production line.
Caring for your site is the same. If you want to keep it running safely — or even optimise it to its highest potential performance — bring it to the experts at Sitback to keep it in tip-top shape. Learn more about our Support & Optimisation service to see what this work looks like in action.
An earlier version of this article was published on the Sitback blog: https://blog.sitback.com.au/blog/how-ongoing-website-maintenance-keeps-your-site-secure-compliant-and-accessible
