Life is full of things we do because we have to. Trips to the DMV.  Jury duty.  Paying taxes. Dental appointments.  Oil changes.  These things are no fun.  But as painful and tedious as these tasks are, the consequences of not doing them are far worse.  

Spending $50 and an hour of your life getting an oil change sucks.  Having your car break down and paying thousands for repairs sucks worse.

In the web development world, updating your site’s software and server operating system are the equivalent of getting an oil change.  It is preventative maintenance done to mitigate the risk of future failure.  And given the lack of an immediate, tangible benefit, it is something that many are tempted to skip.  

Most of the sites we maintain are run in LAMP/LEMP (Linux Apache/Nginx MySQL/MariaDB PHP) environments and powered by Drupal or WordPress.  We typically recommend clients perform preventative maintenance on their sites once a quarter, speeding up the timeline when critical security updates are released.  There are a number of reasons why keeping to a regular, preventative maintenance schedule is important:

• Security.  Platforms like WordPress and Drupal are extremely popular and widely used.  Given their ubiquity, malicious users are constantly working to hack or hijack sites powered by these platforms for personal gain.  If you don’t perform security updates regularly your site runs a high risk of having major security holes that hackers can exploit..  
• Bug fixes.  No platform as large and complex as Drupal and WordPress is 100% bug free.  If you have worked in either platform there is a good chance you have stumbled on a small bug that impacts your work.  By performing regular updates you get access to bug fixes made by the community.  
• Access to new features.  Hundreds of developers are constantly improving Drupal and WordPress  through the release of new features.  You can only get access to these new features if you update to the latest software version.  You have access to the latest and greatest version of the platform.  
• Preventing obsolescence.  If you keep up with updates, the time investment is pretty low.  On most sites a few hours a month are all that are needed to maintain a site.  If you put things off for years, the problems pile up.  The updates become difficult or even impossible in some cases.  A neglected site can get so behind on updates that it is obsolete.

While we try to communicate the need for preventative maintenance to our clients, we’ve been involved with a number of projects where it wasn’t a priority.   In some cases the client has skipped updates for long periods without any negative consequences.   But we’ve seen other cases where clients have suffered disastrous losses as a result of neglecting updates.

Recently we had a client with a site built in WordPress who hosted and maintained their site themselves.  They got behind on updates on one of their core sites and a hacker got access to their administrative tools as a result.  Likely in effort to improve SEO on a site they were affiliated with, the hacker quietly inserted links to third-party sites on highly trafficked pages and created a bunch of new, spam pages.  The hacker exploited the site for months before they were detected.  As a result of the attack the client’s SEO rankings for the keywords they are taking took a big hit and they spent tons of time trying to expel the hacker and manually cleaning up content.

We came across another example recently when talking to a prospective client.  The organization was years behind on Drupal updates and were targeted by a malicious hacker.  The hacker defaced their website, deleting content and hijacking their homepage.  In addition to not updating the site, the client also wasn’t performing regular backups.  As a result they had to rebuild their entire site from scratch and rewrite a great deal of content.  It was a disaster.

Businesses and organizations spend untold time and money building and maintaining web presences.  Given the investment and importance of web programs to most organizations,it is dangerous and short sighted to not invest in preventative maintenance.