A web site is the most visible part of a companies Internet presence, but not the only part.
The following issues must be continually addressed and frequently monitored:
- Content Maintenance This includes all content changes. It may also require navigation changes. Many sites use content management systems such as eZ publish, Drupal, or Joomla. These make editing content easier, but still require some training. The content itself is important, but its presentation must also be considered. Web pages should be easy to read, and informative. They should be attractive and consistent with the other pages on the site. The content should be consistent with the language of the target site visitors. If it is a professional site, everything should be spelled properly, cased properly, and with valid grammar. Slang language should be avoided.
- email Careful use of email accounts and forwarders is important. Forwarders allow the same address to deliver messages to multiple people. In addition, a forwarder can ease personnel transitions, the email address does not have to change if a different person is handling it. email accounts must be budgeted. Disk space is cheap, but it isn’t free. In most cases, the disk space used by email is deducted from the available space for the site. For that reason, one must keep track of the number of accounts and how big each mailbox is. Notification should be set up to ensure people are alerted when their mailbox is full. Issues that can take alot of time include recovering if the domain or server is blacklisted, blocked emails for various reasons, client configuration issues.
- Contact mechanisms First, one must comply with the anti-spam laws http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm. Newsletter content can also be a valuable part of a site. In addition, contact mechanisms must be protected from abuse. Tools available include CAPTCHA http://www.captcha.net/, Akismet http://akismet.com/, http://ostermiller.org/contactform/, and custom code.
- Logs Error and access logs should be checked at least weekly for any unusual entries, for example missing pages or images. Some hacking attempts will show up in the error logs, as file not found errors - usually with distinct URLs, repeated requests into forbidden areas. Restricted areas should not be served, if they are, the web server configuration should be updated to protect them. IP address patterns should be observed to see if requests (potential attacks) are from a specific area. These can be blocked with a firewall. If you have access to the email logs and the server level logs, particularly the SSH and MySQL logs, they should be reviewed as well.
- Application Management It is extremely important to ensure the applications are up to date. Application upgrades range from a simple button click with Fantastico to complex database and patch or upgrade sequences. As a rule, the cost of these upgrades should be included in maintenance allowances.
- Security In the unfortunate instance when an application is hacked, it must be cleaned up, and usually the application must be upgraded. These tend to be emergencies and often result in outages. Careful Application Management (above) can greatly reduce these. Credit card and personal data must be handled very carefully (ideally by someone well-qualified ). https://www.pcisecuritystandards.org/
- External Interfaces Many sophisticated sites have complex interfaces into payment gateways or web services. This type of code usually requires strong engineering skills.
- SSL Certificates To support HTTPS for ecommerce and secure access to information, certificates must be purchased, approved, installed, and then renewed as required. Renewal requires reinstallation.
- Web stat checks Periodic review of the web stats allows an evaluation of the site’s search engine positioning, sources of traffic, keywords, and pages accessed.
- Custom code Custom code should be carefully audited for security. http://phpsec.org, http://www.fortify.com/security-resources/rats.jsp. It should be protected by a web application firewall such as http://modsecurity.org.
- Quality Assurance Time must be taken to check the site for problems like broken links to external resources, and any problems within the site itself.
- Technical Quality The quality of code used on a site is visible to all visitors. How it looks in the browser, and the code that delivers it should be high-quality, with current technologies applied properly. Poor displays and bad code can harms a companies reputation and professional image.