How To Maintain Websites

Maintenance is a time intensive service for which service levels and costs are determined on an individual basis.

Hosting and Design UK provide fixed fee maintenance to our Hosting And Design clients.

Maintenance updates can also be provided on a one off or ‘ad-hoc’ basis.

Hosting and Design small business clients have the option of a Business Plus hosting tariff which includes four maintenance updates per year.

Carrying out maintenance without a plan, history and objective is inefficient and costly.

Have a checklist to reference against – e.g Security Checks

Have a current priority in addition to an ongoing overall priority i.e Site Speed, SEO Rank, Brute Force Hacking Attacks

Do not rely on software solutions alone. Having multiple plugins, scripts from differing vendors can be counter productive and actually render them ineffective. In a similar manner users who use 2 or three antivirus products concurrently can render their overall protection useless and at the same time pay a heavy price in lost performance. Look at the facts: what has happened, what has already been done, what to monitor, what is outstanding and what was learned from the previous incidents or interventions. Document.

HDUK have a background in preventative maintenance – planned and on demand for hardware, software and ‘systems’. Contact us to discuss your needs or concerns informally.



When To Maintain Websites

For content that changes frequently ie daily or weekly you need a content management system (CMS) and a plan or schedule.

A CMS can take many forms and are chosen based on the available skillset, the type of content being managed and cost.  Even with the best initial intention  most small business are time poor, maintaining and updating websites runs a poor third or lower in the list of priorities.

Maintenance requires both discipline and time – scarce commodities. Business users should ideally refresh some of their content monthly.

Technical and performance related maintenance tend to overlap in the scope of activities carried out – and all activities overlap with security.

For some clients we see regular and sustained campaigns to gain access to their site and make modifications to the security configurations on an ongoing basis. In some instances malware sweeps have to be done more often than the norm until a problem is resolved.

In all cases:

Have a Plan – what is to be done, how often, what to improve. Document.


Website Maintenance – Why ?

Internet Browsers are no longer a standard, stable reference platform – there is now a wide choice available, from multiple vendors, with frequent updates and ‘developments’  often due to discovered security risks.

Hardware platforms too are constantly changing – Desktops, Laptops, Tablets, Phablets, Mobile phone… what works well with your website today might not tomorrow …

Search Engines in the main rank your website not just against relevance but also against  revenue and advertising potential – stale content gets pushed to the back of the queue or listings.

Retention – Users like to see changing content in order to maintain interest – but not be overwhelmed with essays.

In a similar way to any asset in life, if you look after it it will reciprocate with long and useful service. With websites there are competing industries vying for dominance and market share hence platforms enjoy very brief periods of stability. On the other hand there is a cottage industry continuously looking for ways to exploit the gaps that are left open. 

Regular maintenance, even the most basic, is essential for your website and other software driven assets.


Administrative Support

maintenance security

WordPress Malware Scan & Fix

A significant proportion of website owners are unaware of malware present in their hosting and infecting their websites – and even if they were they wouldn’t know what to look for. An effective WordPress security maintenance check should include a scan for known malware and suspicious files – identify them and suggest a fix – delete, quarantine etc. For persistent malware problems the frequency of scanning should be increased until the source or cause can be identified and treated.


Update WordPress Softwares

Update core files, plugins and themes

WordPress updates should be managed and not updated in stages – as some may be incompatible with current themes and plugins (which comes first – the chicken or the egg ?). If an update breaks the site then it is easier and quicker to rectify. An update normally has security patches included and should not be ignored or treated lightly.

Core files, themes, plugins and other updates can be ran automatically but as part of the WordPress security maintenance WE do each is stepped through and logged to enable an impact assessment to be carried out.


Remove Surplus Software

Remove unused plugins and themes

WordPress can be readily extended through the vast library of software add-ons ; in the main themes and plugins. Some are only needed once or are replaced by more suitable code and become in effect redundant. Unless you wrote the code yourself the quality and security integrity can vary from one extreme to the other. Each third party theme or plugin increases your risk of being hacked or experiencing unexpected performance issues.

With each plugin installed on your WordPress site, the more likely the site is to be hacked, as new vectors are opened with each installation. It is not enough to simply deactivate plugins that you aren’t using. You actually have to delete them in order to remove the vulnerable code from the server.

If in doubt, throw it out

Delete any unused third party code as part of your WordPress Security checks. This would include deactivated plugins.


Disable XML-RPC

Disable XML-RPC

XML-RPC allows interaction between blog posts and some plugins. WordPress is essentially a blogging platform on steroids – although these days it is mostly used asa CMS for websites. XML-RPC is useful for automated content from feeds but is not used to its full for regular websites.

Hackers exploit XML-RPC as an opportunity to bruteforce password access.

XML-RPC use should be reviewed and the risks mitigated as part of a WordPress Security Maintenance check.

maintenance security

Disable PHP Error Reporting

Disable PHP error reporting

PHP error reporting can be exploited by hackers to glean information about your hosting, website platform or CMS and where to focus their attention to take advantage of known weaknesses in software or applications.

Interrogating error messages and the header information provided can yield the following information :

  • Host operating system
  • Which Control Panel is being used
  • Which plugins are being used…etc.

Having this information a hacker can narrow their attention to be specific to your environment.

This should be covered in a WordPress Security Maintenance review.

maintenance security

Website Security Due Diligence

HDUK Limited is managed by professionals with years of corporate management experience delivering IT, Service and Compliance. The majority of our clients today are relatively small operations employing between 1 and 50 individuals, without the deep pockets or big budgets that a multi-national invests in hired staff to routinely perform due diligence security checks on their public facing assets – websites or apps. However ‘small’ we think we are – we are exposed to exactly the same risks as large corporations :

Website Security Risks Impact

  • Data Theft
  • Malicious Code
  • Unauthorised Access
  • Fraud – through impersonation
  • Punitive Fines for GDPR breaches
  • Loss of business and revenue
  • Reputational Damage

Website Due Diligence Actions

Whilst it is seemingly impossible to cover all the bases we have a primary duty of care to :
  • Identify risks – treat or mitigate
  • Demonstrate that security is taken seriously
  • Constantly improve
Unfortunately too many organisations take a knee jerk approach to Website Security Due Diligence – reacting to legislative or regulatory demands such as GDPR or the professional body they are a part of. Others rank the importance of web security based on its impact on performance e.g. how security, such as SSL impacts on SEO ranking. We continue to be surprised (shocked, amazed, appalled) by the number of ‘professional’ websites – public and private sector, that we encounter that are waving Cyber Essentials and Information Security banners and badges yet lack the obvious – encryption, an appropriate and relevant privacy policy, opt in on contact forms, exposed credentials…

Website Maintenance Plans

HDUK Limited (also known as Hosting & Design UK for web clients) provides adhoc, on demand or regular maintenance interventions for Small, Medium and Larger businesses enabling due diligence to be evidenced and maintaining a document trail.
Activity log – who has last accessed your web administration and when
Users – are there any unexpected or surplus to requirements admin accounts
Malware Scan – identify, record and treat suspicious files
Mitigate Risks – update plugins and themes, remove surplus.
Security Enhancements – mask default login names and paths, set correct access permissions
plus: two factor authentication, CAPTCHA, honeypot traps etc.

See our WordPress Security Maintenance Checklist

If your budget or operational needs do not support a full time, employed resource then speak with us and pay for what you need and as often as you need it – 0207 993 4796 or mobile 07956438026.

 Contact us today – for a Website Maintenance Plan that suits your needs.




Monthly Website Maintenance Plan

Adhoc or ongoing wordpress website maintenance agreements
£ 60 Monthly
  • Core Files, Theme and Plugin Updates
  • Security Surveillance and Malware Check
  • Performance and Functional Checks
  • Computerised Management Database Email Updates