The post-dev process – a website after publication
The case is as follows: your company commissioned a website development project that was executed with utmost care. Both parties are happy with the cooperation, and most importantly – you finally boast a personalized online showcase. Is that all? Well, no. There are still many things you need to take into account. Let me try to outline them in this article.
First of all – optimization
In Poland, the first website was created in 1993. Since then, the requirements for an effective website have increased dramatically. According to Statista data from August 2021, there are as many as 1.88 billion websites. It raises the question: how to distinguish a website? What can you do better? How can you ensure the users have a positive experience while visiting the site?
This process can be skipped if it was carried out at the handover of the project. If it was not, a developer should analyze the code once again. Besides the obvious things like readability, it is important to make sure that the lines of code are not duplicated. That makes the file larger, decreases readability, and negatively affects page load speed. It is recommended to implement critical styles (CSS) containing the styles of all elements that a user will see first. Another good practice is code minification – reducing the source code by removing unnecessary characters while maintaining its functionality.
A website should be in line with the W3C standard that provides guidelines for building a website. It helps create a user-friendly website, especially for those with disabilities. Standards of accessibility, SEO, or performance are set by Google and its algorithms for evaluating and positioning websites.
Another important step is taking care of graphics. Incompetent image management may reduce page load. We are talking about drops in page performance by as much as 10%, so it is worth counteracting this. To optimize the “weight” of images, you may:
- compress images manually (e.g., using a free compression tool),
- upload images of dimensions you want to have on your website (e.g., if you need to upload a 250 x 250 picture, you should avoid uploading graphics in FullHD dimensions),
- change file format from .jpg, .png to .webp.
- if you use WordPress, you can install plugins such as Autoptimize, Smush, Lightspeed Cache.
Moreover, optimize your images for SEO and accessibility. Add image attributes such as ‘alt’ or role=”presentation”, especially when the graphic serves a purely decorative function and has no substantive meaning.
The structure of a website inherently involves internal links or links to other pages. Ideally, a user should be able to get to any nook of the page in three clicks.
Proper linking structure helps to rank a page higher in the Google search engine. Automated algorithms (robots/crawlers) enter each subpage, analyze the content, page structure, link, and ultimately evaluate the site. The easier access to each sub-page for the robot – the higher the rating.
It is important to:
- make sure that no errors generated by a faulty code appear on any of the subpages,
- avoid linking to pages without content,
- each link has a text form (the so-called hyperlinks),
- add “no follow” attribute to links if you do not want Google’s crawlers (algorithms) to scan the page under the link (e.g., pages with social media).
Secondly – security
It is said that there are no 100% secure applications and websites. There is a lot of truth in it. Nowadays, it is very difficult to protect oneself from all the hackers’ ideas.
So what can you do as a website owner? Let’s use an example of a website based on the WordPress content management system.
Let’s start with login and password. Supposedly everyone knows, but many users still repeat the same basic mistakes. Remember to create a WordPress administrator login other than “admin”. The password should not be the same as the login. Even better if the password consists of letters, numbers, and special characters.
Once and for all, let’s bust the myth that a shorter password is enough (e.g., eight characters), as long as it contains lowercase and uppercase letters, numbers, and special characters. Brute Force Attacks (a dangerous algorithm that checks every possible combination of characters to break the password) are among the most common types of attacks.
It is recommended that your password has at least 15 characters. It is enough to include one number and a special character.
It is best illustrated by the following graphic.
It turns out that malicious algorithms can break even 9-character passwords in a few days, and a simple password consisting of at least 15 characters takes 46 days. It would take an algorithm at least 200,000 years to crack a more complex password.
If you lack an idea for such a long password, use one of the many password generators available.
Brute Force Attacks
One of the most common types of attacks on websites is the previously mentioned Brute Force attack.
To reduce the risk of such an attack, it is recommended to modify the .htaccess file by adding a login and password for the logging page. Usually, the tools available in the hosting service allow for easy implementation or modification of login and password. You can also use one of the plugins available in the WordPress plugin finder.
Plug-ins that limit the possibility of multiple logins in a short period, such as Limit Logins Attempt, also come in handy. After entering the wrong password three times (the number of attempts can be changed), the user’s login is blocked for 20 minutes.
It’s a critical sub-point in the topic of safety. The issue seems trivial, but it is serious. Many people accuse the WordPress platform of being unreliable in terms of security. This opinion is unfair because it is the negligence of website owners that makes hacks possible.
How come? To start with, out of all existing websites, 500 million are based on WordPress CMS. There are more than 500 such websites created every day. The numbers are impressive, also to hackers who are constantly looking for a chance to take control of websites and sensitive data.
Another issue are updates. It is a prerequisite for security as most websites get hacked because of:
- old PHP version (currently PHP 7.4 or newer version is recommended),
- not updated plug-ins,
- not updated WordPress system or MySQL database.
Developers working on plug-ins or PHP programming language usually develop their software paying special attention to security. New versions contain, among other things, improved code with fixed security loopholes that made the software susceptible to hacking.
In the case of plug-ins, the authors try to stay up-to-date with the technical changes in WordPress and PHP and fix the reported bugs. Unfortunately, this is not always the rule, so if you come across a plug-in with no rating and current updates, better not install it.
The update process is continuous, so once in a while, it’s worth checking if there are any functionalities that require installing the latest version.
What if something goes wrong? There’s always the risk that the website will get infected, or a plug-in will turn out to be incompatible with the installed PHP version causing errors that hinder browsing.
Therefore, backups should be your primary security measure. A suitable tool should be included in the hosting package. The backup can be performed manually or automatically, depending on the specific service package. Of course, there are plug-ins (e.g., Duplicator, UpdraftPlus, WordPress Backup Plugin) that enable a backup including all system, theme, and database files. This procedure will bring your website back to life with a few clicks.
Thirdly – specialized knowledge
Understandably, not everyone is familiar with website maintenance, so when in doubt, it is best to look for information on the Internet or take a specialized course.
However, not everyone has the desire or time for it. The best thing you can do is leave your website to professionals. For every virtual magic specialist, searching for industry news, learning about new tools, and picking up technical nuances is an everyday thing.
Articles isn't enough?
Would you like to learn about the whole process and how we could carry it out in your organization?Let's talk
See the service
Check out how we can
carry out this process
together in your company.