What is Website Management?

In this article, we have summarized for you what is required for successful website management and why the administration of websites is becoming increasingly important.

In the past, creating a website was mostly a one-off activity. The website was created locally - directly with individual HTML files or with tools such as Microsoft Frontpage or Adobe Dreamweaver and loaded onto the server after completion. Many websites rarely changed anything, and when they did, changes were incorporated directly into the code by the programmer. Work such as adjustments to the header and footer could turn into a lot of work, as these things sometimes had to be changed on each individual page - unless you had a frame layout. :D

Website development has changed a lot over time. A website is no longer a static element. Through the use of content management systems (CMS) and the easy maintenance of website content, websites have become dynamic content on the Internet.

The special thing about today's website projects is that the work with the go-live of the website is far from done. A website must also be maintained and looked after after it has been created in order to keep it “alive” for as long as possible.

So a website needs to be managed.

1. Website monitoring

In order to ensure the functionality of a website, it must be accessed and checked regularly. The daily manual check of websites is hardly possible in the day-to-day work of an agency, which is why there are online tools that do this work for you.

Such tools offer several advantages:

  • You can tick off the websites mentally, knowing you'll be notified if there's a problem. This frees you up for other projects and activities.
  • Errors on websites are quickly identified and timely action can be taken.
  • Ideally, you will notice the error before the customer does and fix it before it causes a stir. This avoids unnecessary stress and indirectly increases customer happiness.
  • Regular server failures are noticed and a pattern may be identified that can help troubleshoot. If, for example, the website fails at 4:00 p.m. daily, this can be an indication that the server may not have enough resources because some services such as backups or cron jobs are running in the background.
  • The website is called up regularly and certain functions such as updates are triggered (especially in Wordpress).

The online website management tool SYSSY also offers the function of regular online checks and notifies you of problems with the website by email or app notification.

2. Content Management System (CMS) monitoring

Content Management Systems (CMS) have made website creation easier, but at the same time created a lot of work.

CMS must be checked and updated regularly so that there are no security gaps that hackers can use to penetrate the server. Checking the CMS versions manually is very tedious, especially when you are managing a large number of websites.

There are various plugins and tools, especially for Wordpress, which check the CMS versions from the backend and send information by e-mail. The disadvantage of such systems is that you don't get a message if something in the CMS doesn't work or if the mail delivery goes on strike.

SYSSY offers plugins and extensions for various CMS (WordPress, TYPO3) with which the CMS versions are transferred directly to SYSSY and checked for security updates there. You will be made aware of a security update directly via email or app notification.

With SYSSY, you always have an overview of how up-to-date all your websites are at a glance.

3. Checking the plugins and extensions for topicality and security

In addition to checking the CMS versions, the versions of the plugins and extensions used must be monitored.

Many security updates appear, especially for Wordpress plugins, which should be installed promptly. Vulnerabilities in plugins provide an attack surface for hackers and can lead to data theft or the loss of the entire website.

SYSSY regularly checks your plugin versions and notifies you if action is required.

4. Server software monitoring

Security gaps can also arise on the server if, for example, outdated PHP and MySQL versions are in use. Of course, also in any other software that is installed on the server. PHP and MySQL are often used as these are required for the most commonly used CMS.

Security updates are also published here at (ir)regular intervals, which should be installed as soon as possible.

If the website "only" runs on a web space, you have little power over fixing the security gaps, but have to wait until the hoster imports the security patches. With small hosters you sometimes have the opportunity to put pressure on them and request an update.

If you operate your own server, you should react in good time to the release of security patches and import them to close security gaps. If you don't do this, all projects on the server are affected by the security gap.

Also, PHP and MySQL versions will not be supported forever. If a version approaches the end of support (end of life), you should upgrade to the next higher version as soon as possible. It is important that you are up to date with the CMS and all plugins, as there is still code, especially in old plugins and extensions, that are not yet compatible with newer versions.

Which PHP versions are currently supported and for how long can be read from the PHT roadmap.
A similar map for the MySQL Lifecycle is available at this link.

If you manage your websites in SYSSY and connect them to a plugin/extension, SYSSY reads the versions of PHP and MySQL at regular intervals and compares them with the latest releases. The versions are therefore permanently monitored. If security gaps are found or if PHP and MySQL versions are outdated, you will be informed by means of an alert, e-mail and app notification.

5. Performance monitoring

The performance of a website should always be kept in mind. If several websites are maintained, it is difficult to keep a permanent overview of all projects.

Performance checks are usually only carried out selectively:

  • at go-live
  • if there are problems with the websites
  • the customer complains about a slow website
  • after important updates
  • if the Google Search Console or any other tool reports performance problems

Permanent monitoring means that countermeasures can be taken in good time if slow websites are identified.

An example:
You have developed a WordPress website for a customer, the content of which is maintained by the customer herself. Among other things, the last three blog posts are displayed on the start page. For the latest blog post, the client used an image straight from the photographer and didn't compress it for the web. The image is 5MB and slows down the website enormously. You usually come across things like this by accident.

With SYSSY, however, you have an overview of the performance of the start pages and can react in good time if there are deviations or something "strange" happens.

6. GDPR monitoring

A website must be GDPR compliant since 2018. However, there are always changes to the GDPR or precedents that make it necessary to make adjustments to websites. Recently, the Google Fonts warnings caused a stir.

If you manage a large number of websites, a GDPR adjustment can turn into a lot of work. Not only the customization itself, but also identifying the problems of each individual website can become a monster task.

The most important questions when it comes to GDPR adjustments:

  • Which website has integrated Google Analytics or a similar external analysis service without securing it with cookie banners?
  • Which website does not have a GDPR compliant cookie banner?
    A button with "Accept all" is no longer enough - you have to offer the possibility to view and set cookies and to reject them.
  • Where is there no IP anonymization from Google Analytics?
  • Where are Google Fonts integrated?
  • Which website sets cookies of any kind without clicking "Accept" on the cookie banner?
  • Where is the "Cookie Settings" link missing to be able to change the cookie settings again?
  • Where does the privacy policy not match the website?
  • Does the website even need a cookie banner?
    It's amazing how many websites have cookie banners but actually don't have anything embedded that needs to be secured. Just so there is a cookie banner because you think you have to have it. Terrible from a usability point of view, because the user's experience on the website is spoiled unnecessarily with a cookie banner.
  • Are there contact forms that require a checkbox "We agree with the data protection declaration"?
    A contact form that is filled out and sent by the website visitor does not require consent to the data protection regulations, as there is a legitimate interest here for which consent is not required. Users enter and submit their data voluntarily, so they must also expect that this data will be processed in some way.
    But it makes a difference if you can also register for a newsletter. Consent must be obtained for this. However, newsletters are a separate topic again, since a double opt-in solution is required here.
  • Is there an easy-to-find link on the website that leads to cookie settings? Website visitors must be able to withdraw their consent at any time. A link in the footer "Cookie Settings" is a good choice for this.

 

At SYSSY we are trying to remedy this and have introduced automated GDPR checks of websites and their homepages. This means that the websites are regularly checked for the most used external services.

The external services checked by SYSSY include the following (the list is constantly being expanded):

  • Google Analytics
  • Google Tagmanager
  • Google Maps
  • Google ReCaptcha
  • Google Fonts
  • Youtube
  • Vimeo
  • Facebook Pixel
  • Twitter Pixel
  • LinkedIn Pixel

It is regularly checked whether one of these services is loaded without explicit consent via a cookie banner. If this is the case and no consent has been given, this is a clear violation of the GDPR and SYSSY creates an alert and notifies you via email and app notification.

A regular check is important because with every installation of a plugin/extension or a theme change, the integration of an external service or the simple integration of a YouTube video, the website is catapulted from "GDPR-compliant" to "non-GDPR-compliant". can. If you are informed about this, you can react in good time. Otherwise it may take a long time before you recognize the error.

Example:
There are no Youtube videos on the website and therefore no security. However, the customer decides to embed a YouTube video on a page of their own accord - thanks to the simple copying of the embedding code or the simple paste function in Wordpress, customers can do this independently. Whoops, the website is no longer GDPR compliant and nobody knows.

7. SEO Check

Regular SEO checks are just as much a part of maintaining a website as calling it up in a browser from time to time.

Especially immediately after the go-live, it makes sense to subject the website to an SEO check to make sure that nothing has been forgotten, all SEO texts are placed correctly, there are no dead links on the website, etc.

You wouldn't believe how many websites go live that forget to switch the robots tag to "index". The website is then online, but is set to "noindex", which means for search engines that the website may not be indexed. New websites are not even indexed by Google and no search results appear. It can be fatal with a relaunch, as you can destroy the entire ranking that has been built up to now. The pages are indexed again after switching to "index", but once the reputation is destroyed, it is difficult to restore it - the same applies to Google. If there are problems with the page and the pages are thrown out of the index, it is very difficult to bring them back in again.

SYSSY checks the SEO data on the start page at regular intervals and shows you if something is wrong. The most important tags are checked:

<title>, <h1>
Meta Tags like <meta name="description">, <meta name="keywords">, <link rel="canonical">, <meta name="robots">, <meta name="generator">
Open Graph Tags like <meta property="og:title">, <meta property="og:description">, <meta property="og:image">

Furthermore, it is checked whether there is a robots.txt and an XML sitemap.

8. Google Search Console and Bing Webmaster Tools

Looking at the Google Search Console is also an important point when it comes to website management. The Google Search Console provides information about indexing errors and thus enables quick action.

The fewer errors that occur in the Google Search Console, the better. Few errors mean that the site is being looked after, that someone cares, and most importantly that the data is being kept up to date. Lots of things that Google really likes.

The most important points include finding 404 errors and setting up redirects. But manually initiating indexing can also make sense, especially for new websites or when creating important subpages. Manual submission to Google indexing can speed up page indexing. From my own experience, it can take anywhere from 5 minutes to several days. :D

Another benefit of Search Console is that it can detect when a website has been hacked. If suspicious scripts or questionable content is found on the website, the Search Console issues a warning. However, you cannot necessarily rely on this, since it can sometimes take a very long time for Google to find out and if Google has discovered the problem, you may already have an indexing problem. Google can then block the website and kick it out of the index due to questionable content or suspected spam. It is therefore better to carry out a manual check of the website from time to time - see the point "Manual check of the website and check for hacks".

However, the focus here should not be exclusively on the Google Search Console. There are similar tools for other search engines as well. For Bing from Microsoft there is the "Bing Webmaster Tools". The process here is similar to that in Google's Search Console.

Although Bing has a much smaller market share than Google, the search engine should not be neglected as search engines like Ecosia 1 and DuckDuckGo 2 pull search results from the Microsoft search engine Bing.

Furthermore, Bing is the default search for the Microsoft Edge browser, which is used by many older people with Windows computers by default. In large companies, there is sometimes not the option for employees to install alternative browsers, which is why Edge is used and the search engine Bing no less often.

Since the search engines Bing and Google also look similar in appearance, there are many people who think they are "google" when in fact they are "binging". ;)

9. Content maintenance

Regular maintenance of website content is very important so that it is always up to date and "something is happening" on the website. Google notices when content changes on a website and it is therefore “alive”.

If a website is never updated or if the latest news is from 3 years ago, you will be able to observe that visibility on Google is constantly decreasing.

General tip: If there is no regular news, it is better not to post any. Or post the news without a date if it is pure information that is not linked to a point in time. The same goes for blog posts.

10. Documentations

Experience has shown that documentation for websites is what is most neglected. It is particularly interesting to record the time of essential updates or adjustments to important things on the website that can affect visibility on Google.

If such things are not documented, it is difficult to trace later which updates contributed to which success or failure.

Documentation also has the advantage that you can show the customer at any time what was done on the website and when. It can be particularly relevant for maintenance contracts if customers want to see what happens to their money at some point.

SYSSY contains a documentation feature that makes it possible to record precise documentation for each project. Furthermore, automatic documentation entries are created if, for example, updates to the CMS, PHP or MySQL version are detected.

It is also possible to send the documentation directly to the customers so that they are regularly informed about updates on their website. This contributes significantly to customer happiness.

11. Manually check the website and check for hacks

To ensure that the website also looks good, that the CSS is still compatible with all new browser versions and that the website works properly, the website should also be called up manually at regular intervals.

You should use different browsers and operating systems and also different devices, e.g.:

  • iPhone 5S – smallest resolution - if everything works out there, you should be halfway save
  • iPhone the current generation
  • Android Smartphone the current generation
  • iPad
  • Android Tablet
  • Safari, Chrome and Firefox at Mac
  • Chrome, Firefox, Opera and Edge at Windows

A manual check is also important because this is often the only way to find out whether a website has been hacked. There are different website hacks, but one of the ones we've come across many times, which mostly affects Wordpress, is the one that injects a JavaScript and manipulates all the links on the website. This means that users click on a link (regardless of whether it is in the footer, navigation, cookie banner) and get to an external website, which usually opens various pop-ups. This can be very dangerous, especially for inexperienced users, as this is often where the viruses are located, which can be downloaded with one click.

Such scripts can be injected by a hacked backend user who has permissions to upload plugins and edit the theme. So: Always use secure passwords and always mention to customers several times how secure passwords look like and how important they are.

Another hack often only displays questionable content for bots (e.g. the Google bot that indexes the website). It's a little harder to see at a glance. Here you often find out late - either it is discovered by chance that you can find the website with unwanted keywords on Google, or Google sends a warning via the Google Search Console. In the worst case, the customer finds out about the problem himself. That's not so nice and you might have to work a little more on customer happiness.

12. A backup strategy and regular backups

A backup strategy is necessary to ensure that the website does not "disappear" even after external attacks or technical problems. If you run the website on a web space with a hoster, backups are regularly created there.

The backup interval and period varies from hoster to hoster. Some save daily and save the backups for several weeks, with others you have 2 backups a week and only have one week's worth of backups. It is often also possible to create manual snapshots or restore points, which is very important, especially before updates.

It is generally recommended that you create a backup before every update - regardless of whether it is just a Wordpress plugin or the Wordpress core. The functions of the hoster with Snapshops or restore points is very advisable here, although you have to find out beforehand whether the import of such manual backups is subject to a fee.

We also have backups of all websites on our local servers so that in the worst case we can restore the website from there. Data loss can also happen with hosters, which should never be ignored.

13. Customer Happiness

A functioning website that doesn't cause any problems makes a happy customer. :)


Let us help you with website management

Do you want help with website administration?
SYSSY works for you in the background!

Register now for free


You might also be interested in this

The sustainable website

Sustainability does not only affect the way of life, sustainability can also be taken into account for websites.

Read more
Goodbye Google Fonts

Google Fonts have been leading to a number of warnings and payments for some time, which is why it is becoming increasingly important to remove them…

Read more