One of the questions I’ve been asked quite a few times since I started doing this is:

Why do I need to pay for maintenance?

So I thought it was probably time I laid out some of the answers to that question!

The first answer is – you don’t. It’s optional. At least, it is with Picture Engine. Some companies like to roll the design, hosting and ongoing maintenance into a single deal with a lower monthly payment and a minimum contract. Picture Engine doesn’t, although if someone asked about it you never know. But for now, it’s optional.

However, that doesn’t mean that doing it is optional. It just means that paying me to do it is optional. If you don’t want to pay someone else to do it, it still needs to be done and here’s why.

All of Picture Engine’s websites (and well over a third of ALL websites on the internet) are designed using Content Management Systems (CMSs), usually WordPress. And like all CMSs, WordPress is a software package that needs to be kept up to date. One of WordPress’s major problems is, paradoxically, its popularity. Because so many websites across the world are based on it, identifying a weakness in WordPress could potentially allow hackers to compromise a significant proportion of the roughly 75m websites worldwide that use on it. That means there’s a whole “black hat” industry of baddies dedicated to finding holes, and whole parallel “white hat” industry dedicated to fixing them.

WordPress is “open source” software – that means it’s updated and developed by a community of online volunteers and it’s the main reason it’s free. The community is pretty good at reacting to threats, and even pretty good at pre-emptively identifying them, releasing new updates regularly to take care of any that are uncovered. What it can’t do, however, is what Microsoft, Apple and most major phone manufacturers tend to do, and that is force users to update their software. So when the WordPress community releases an update, website managers around the world need to update their software for both the basic WordPress software and (usually) a lot of the themes and plugins that add the bells and whistles.

Is it really that important, though?

I mean, how much of a problem is it really going to be if those updates don’t happen?

Well, in response to that, I’ll give you a quick anecdote about one of the earliest websites I created in WordPress. I got it all set up and handed it over, very proud of the work I’d done. Like all my sites, I kept an emergency backup copy from the day it went live but maintenance wasn’t required. A year or so passed and with none of the updates done. Then one day a customer pointed out that the website wasn’t working, so I got a call to look into it. My fine creation was no more, and in its place was what appeared to be a video of an armed Middle-Eastern looking chap yelling at the viewer. My Arabic game isn’t strong, but he wasn’t giving off warm, friendly vibes. And because the updates hadn’t been done, nobody had noticed the backups had stopped working, so the only thing to be done at that point was to go back to my original backup.

So there’s that. Horrible nuisance, but unlikely to get you in trouble with Inspector Knacker of the Yard. However there’s another scenario that could get you into big trouble, and that’s because of our old friend GDPR. If you collect customer details in any way on your website – if you have a contact form, or an online shop, or you allow users to register and comment on blog posts – you have a legal duty to take care of that data. If you decide not to keep your website up to date, and as a result it gets hacked and your customers’ data gets compromised, you could be liable for a fine of up to:

£8.7 million or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher.

Source: ICO

Ouch. All of a sudden that £50 a month doesn’t seem that bad, right?

I’ll leave you with an analogy. Having a CMS-based website, especially WordPress, and not maintaining it is kind of like this…

Imagine if you put loads of your valuable stuff in a shipping container. The people who own the container give you the choice of

  • having them open it up every now and again to make sure everything’s not getting damp and mouldy,
  • having a security guard swing by on his rounds to check the locks are still intact, or
  • just leaving it unsupervised in the yard. By the gate.

Which option is most likely to result in your stuff still being there safe and undamaged when you need it?