What is Website Management?

In the past, creating a website was mostly a one-off activity. The website was created locally - directly with individual HTML files or with tools such as Microsoft Frontpage or Adobe Dreamweaver and loaded onto the server after completion. Many websites rarely changed anything, and when they did, changes were incorporated directly into the code by the programmer. Work such as adjustments to the header and footer could turn into a lot of work, as these things sometimes had to be changed on each individual page - unless you had a frame layout. :D

1. The constant monitoring of the website and checking whether it is online and functional
2. Monitoring the content management system (CMS) and checking whether security updates need to be installed
3. Checking the plugins and extensions for topicality, security and functionality
4. Checking the server software and whether it is still up to date - keyword PHP and MySQL version
5. A regular performance check with Google Lighthouse
6. GDPR Monitoring and adjustments to the website if something changes due to the GDPR or monitoring the website to ensure that it is GDPR compliant
7. Regular SEO checks of the entire website - preferably with external tools
8. A regular look into Google Search Console to monitor Google indexing
9. The maintenance of content changes if the customers do not take care of this themselves
10. The documentation of updates and changes
11. Manual check of the website
12. A backup strategy and regular backups
13. Ensure customer happiness

In order to ensure the functionality of a website, it must be accessed and checked regularly. The daily manual check of websites is hardly possible in the day-to-day work of an agency, which is why there are online tools that do this work for you.

Such tools offer several advantages:

• You can tick off the websites mentally, knowing you'll be notified if there's a problem. This frees you up for other projects and activities.
• Errors on websites are quickly identified and timely action can be taken.
• Ideally, you will notice the error before the customer does and fix it before it causes a stir. This avoids unnecessary stress and indirectly increases customer happiness.
• Regular server failures are noticed and a pattern may be identified that can help troubleshoot. If, for example, the website fails at 4:00 p.m. daily, this can be an indication that the server may not have enough resources because some services such as backups or cron jobs are running in the background.
• The website is called up regularly and certain functions such as updates are triggered (especially in WordPress).

Content Management Systems (CMS) have made website creation easier, but at the same time created a lot of work.

CMS must be checked and updated regularly so that there are no security gaps that hackers can use to penetrate the server. Checking the CMS versions manually is very tedious, especially when you are managing a large number of websites.

There are various plugins and tools, especially for WordPress, which check the CMS versions from the backend and send information by e-mail. The disadvantage of such systems is that you don't get a message if something in the CMS doesn't work or if the mail delivery goes on strike.

In addition to checking the CMS versions, the versions of the plugins and extensions used must be monitored.

Many security updates appear, especially for WordPress plugins, which should be installed promptly. Vulnerabilities in plugins provide an attack surface for hackers and can lead to data theft or the loss of the entire website.

SYSSY regularly checks your plugin versions and notifies you if action is required.

Security gaps can also arise on the server if, for example, outdated PHP and MySQL versions are in use. Of course, also in any other software that is installed on the server. PHP and MySQL are often used as these are required for the most commonly used CMS.

Security updates are also published here at (ir)regular intervals, which should be installed as soon as possible.

If the website "only" runs on a web space, you have little power over fixing the security gaps, but have to wait until the hoster imports the security patches. With small hosters you sometimes have the opportunity to put pressure on them and request an update.

If you operate your own server, you should react in good time to the release of security patches and import them to close security gaps. If you don't do this, all projects on the server are affected by the security gap.

Also, PHP and MySQL versions will not be supported forever. If a version approaches the end of support (end of life), you should upgrade to the next higher version as soon as possible. It is important that you are up to date with the CMS and all plugins, as there is still code, especially in old plugins and extensions, that are not yet compatible with newer versions.

Which PHP versions are currently supported and for how long can be read from the PHT roadmap.
A similar map for the MySQL Lifecycle is available at this link.

The performance of a website should always be kept in mind. If several websites are maintained, it is difficult to keep a permanent overview of all projects.

Performance checks are usually only carried out selectively:

• at go-live
• if there are problems with the websites
• the customer complains about a slow website
• after important updates
• if the Google Search Console or any other tool reports performance problems

Permanent monitoring means that countermeasures can be taken in good time if slow websites are identified.

An example:
You have developed a WordPress website for a customer, the content of which is maintained by the customer herself. Among other things, the last three blog posts are displayed on the start page. For the latest blog post, the client used an image straight from the photographer and didn't compress it for the web. The image is 5MB and slows down the website enormously. You usually come across things like this by accident.

A website must be GDPR compliant since 2018. However, there are always changes to the GDPR or precedents that make it necessary to make adjustments to websites. Recently, the Google Fonts warnings caused a stir.

If you manage a large number of websites, a GDPR adjustment can turn into a lot of work. Not only the customization itself, but also identifying the problems of each individual website can become a monster task.

The most important questions when it comes to GDPR adjustments:

• Which website has integrated Google Analytics or a similar external analysis service without securing it with cookie banners?
• Which website does not have a GDPR compliant cookie banner?
  A button with "Accept all" is no longer enough - you have to offer the possibility to view and set cookies and to reject them.
• Where is there no IP anonymization from Google Analytics?
• Where are Google Fonts integrated?
• Which website sets cookies of any kind without clicking "Accept" on the cookie banner?
• Where is the "Cookie Settings" link missing to be able to change the cookie settings again?
• Where does the privacy policy not match the website?
• Does the website even need a cookie banner?
  It's amazing how many websites have cookie banners but actually don't have anything embedded that needs to be secured. Just so there is a cookie banner because you think you have to have it. Terrible from a usability point of view, because the user's experience on the website is spoiled unnecessarily with a cookie banner.
• Are there contact forms that require a checkbox "We agree with the data protection declaration"?
  A contact form that is filled out and sent by the website visitor does not require consent to the data protection regulations, as there is a legitimate interest here for which consent is not required. Users enter and submit their data voluntarily, so they must also expect that this data will be processed in some way.
  But it makes a difference if you can also register for a newsletter. Consent must be obtained for this. However, newsletters are a separate topic again, since a double opt-in solution is required here.
• Is there an easy-to-find link on the website that leads to cookie settings? Website visitors must be able to withdraw their consent at any time. A link in the footer "Cookie Settings" is a good choice for this.

At SYSSY we are trying to remedy this and have introduced automated GDPR checks of websites and their homepages. This means that the websites are regularly checked for the most used external services.

The external services checked by SYSSY include the following (the list is constantly being expanded):

It is regularly checked whether one of these services is loaded without explicit consent via a cookie banner. If this is the case and no consent has been given, this is a clear violation of the GDPR and SYSSY creates an alert and notifies you via email and app notification.

A regular check is important because with every installation of a plugin/extension or a theme change, the integration of an external service or the simple integration of a YouTube video, the website is catapulted from "GDPR-compliant" to "non-GDPR-compliant". can. If you are informed about this, you can react in good time. Otherwise it may take a long time before you recognize the error.

Example:
There are no Youtube videos on the website and therefore no security. However, the customer decides to embed a YouTube video on a page of their own accord - thanks to the simple copying of the embedding code or the simple paste function in WordPress, customers can do this independently. Whoops, the website is no longer GDPR compliant and nobody knows.

Regular SEO checks are just as much a part of maintaining a website as calling it up in a browser from time to time.

Especially immediately after the go-live, it makes sense to subject the website to an SEO check to make sure that nothing has been forgotten, all SEO texts are placed correctly, there are no dead links on the website, etc.

You wouldn't believe how many websites go live that forget to switch the robots tag to "index". The website is then online, but is set to "noindex", which means for search engines that the website may not be indexed. New websites are not even indexed by Google and no search results appear. It can be fatal with a relaunch, as you can destroy the entire ranking that has been built up to now. The pages are indexed again after switching to "index", but once the reputation is destroyed, it is difficult to restore it - the same applies to Google. If there are problems with the page and the pages are thrown out of the index, it is very difficult to bring them back in again.

Looking at the Google Search Console is also an important point when it comes to website management. The Google Search Console provides information about indexing errors and thus enables quick action.

The fewer errors that occur in the Google Search Console, the better. Few errors mean that the site is being looked after, that someone cares, and most importantly that the data is being kept up to date. Lots of things that Google really likes.

The most important points include finding 404 errors and setting up redirects. But manually initiating indexing can also make sense, especially for new websites or when creating important subpages. Manual submission to Google indexing can speed up page indexing. From my own experience, it can take anywhere from 5 minutes to several days. :D

Another benefit of Search Console is that it can detect when a website has been hacked. If suspicious scripts or questionable content is found on the website, the Search Console issues a warning. However, you cannot necessarily rely on this, since it can sometimes take a very long time for Google to find out and if Google has discovered the problem, you may already have an indexing problem. Google can then block the website and kick it out of the index due to questionable content or suspected spam. It is therefore better to carry out a manual check of the website from time to time - see the point "Manual check of the website and check for hacks".

However, the focus here should not be exclusively on the Google Search Console. There are similar tools for other search engines as well. For Bing from Microsoft there is the "Bing Webmaster Tools". The process here is similar to that in Google's Search Console.

Although Bing has a much smaller market share than Google, the search engine should not be neglected as search engines like Ecosia ¹ and DuckDuckGo ² pull search results from the Microsoft search engine Bing.

Furthermore, Bing is the default search for the Microsoft Edge browser, which is used by many older people with Windows computers by default. In large companies, there is sometimes not the option for employees to install alternative browsers, which is why Edge is used and the search engine Bing no less often.

Since the search engines Bing and Google also look similar in appearance, there are many people who think they are "google" when in fact they are "binging". ;)

Regular maintenance of website content is very important so that it is always up to date and "something is happening" on the website. Google notices when content changes on a website and it is therefore “alive”.

If a website is never updated or if the latest news is from 3 years ago, you will be able to observe that visibility on Google is constantly decreasing.

General tip: If there is no regular news, it is better not to post any. Or post the news without a date if it is pure information that is not linked to a point in time. The same goes for blog posts.

Experience has shown that documentation for websites is what is most neglected. It is particularly interesting to record the time of essential updates or adjustments to important things on the website that can affect visibility on Google.

If such things are not documented, it is difficult to trace later which updates contributed to which success or failure.

Documentation also has the advantage that you can show the customer at any time what was done on the website and when. It can be particularly relevant for maintenance contracts if customers want to see what happens to their money at some point.

To ensure that the website also looks good, that the CSS is still compatible with all new browser versions and that the website works properly, the website should also be called up manually at regular intervals.

You should use different browsers and operating systems and also different devices, e.g.:

• iPhone 5S – smallest resolution - if everything works out there, you should be halfway save
• iPhone the current generation
• Android Smartphone the current generation
• iPad
• Android Tablet
• Safari, Chrome and Firefox at Mac
• Chrome, Firefox, Opera and Edge at Windows

A manual check is also important because this is often the only way to find out whether a website has been hacked. There are different website hacks, but one of the ones we've come across many times, which mostly affects WordPress, is the one that injects a JavaScript and manipulates all the links on the website. This means that users click on a link (regardless of whether it is in the footer, navigation, cookie banner) and get to an external website, which usually opens various pop-ups. This can be very dangerous, especially for inexperienced users, as this is often where the viruses are located, which can be downloaded with one click.

Such scripts can be injected by a hacked backend user who has permissions to upload plugins and edit the theme. So: Always use secure passwords and always mention to customers several times how secure passwords look like and how important they are.

Another hack often only displays questionable content for bots (e.g. the Google bot that indexes the website). It's a little harder to see at a glance. Here you often find out late - either it is discovered by chance that you can find the website with unwanted keywords on Google, or Google sends a warning via the Google Search Console. In the worst case, the customer finds out about the problem himself. That's not so nice and you might have to work a little more on customer happiness.

A backup strategy is necessary to ensure that the website does not "disappear" even after external attacks or technical problems. If you run the website on a web space with a hoster, backups are regularly created there.

The backup interval and period varies from hoster to hoster. Some save daily and save the backups for several weeks, with others you have 2 backups a week and only have one week's worth of backups. It is often also possible to create manual snapshots or restore points, which is very important, especially before updates.

It is generally recommended that you create a backup before every update - regardless of whether it is just a WordPress plugin or the WordPress core. The functions of the hoster with Snapshops or restore points is very advisable here, although you have to find out beforehand whether the import of such manual backups is subject to a fee.

We also have backups of all websites on our local servers so that in the worst case we can restore the website from there. Data loss can also happen with hosters, which should never be ignored.

A functioning website that doesn't cause any problems makes a happy customer. :)

Let us help you with website management

Do you want help with website administration?
SYSSY works for you in the background!

Register now for free