The big WordPress maintenance experiment: Let’s find out the truth

Blog Audio: Read/listen time: 7 minutes

I’ve set up a test website with no intention of maintaining it. Will it get hacked? Will it end up selling dodgy pharmaceuticals or will it just soldier on forever?

My name is Paul Edwards, I am a Web Consultant and Frontend Developer and I’ve been working in the web industry since 2005.

Any web professional you talk to will tell you the importance of ongoing website maintenance and most of the time will encourage you into an ongoing maintenance agreement for your website. I would be very surprised if you hadnt asked yourself:

Does my website really need ongoing maintenance or is my web designer trying to squeeze more profit out of me?

This is a question that so many of you ask or think quietly to yourselves that as of May 2022 I have set up a test website to once and for all find out the answer. To make the results of the experiment useful to you, the test site has to be a close appoximation to the ‘average’ business website so it includes both ecommerce and blog functions and is built with commonly used plugins and methods as suggested when I polled a forum of nearly 2000 web professionals.

In order to answer your questions about website maintenance,  I’m not going to maintain the test site at all. Nothing.

I will record what happens and report back to you.

Giving you the facts, and the data to back it up

The test website will be monitored by automated tools and also manually at weekly intervals (or more frequently) to see what state it is in and to keep note of any important statistics or issues. If something breaks, I will tell you. If the site gets hacked I will tell you. If it keeps running without issue, yes you guessed it, I will tell you.

I will keep all of these stats and nuggets of information and will collate a report to give you the a look behind the scenes of a website without after care. If I can help you avoid mistakes on your own website then it will all have been worth it.

I’ll send the final report to you by email (and occasional progress updates)

The report at the end of the experiment is going to hold lots of valuable insight and useful behind the scenes information to help you manage your own WordPress website. Signing up to recieve the report could help you avoid lost sales, damage to your website or brand and remove the need for a costly website rebuild.

Get a free copy of the report

Pop your email address in the form below and I will send you the report when it’s done. The results might just surprise you (and me).

Unsubscribe at any time and don’t worry, your information won’t be shared with anyone else.

Jump to content

  1. Purpose
  2. Assumptions and conditions
  3. Data protection
  4. What will be monitored (and how)
  5. Experiment duration
  6. How will I keep you up to date?
  7. Final thoughts…
  8. Get the report

Purpose

To give you an insight into what happens to a website when there isnt any aftercare.

So many of us build our sites and then sit back and enjoy the leads they generate, the signups and the product sales and totally forget to ensure that there is ongoing maintenance.

Yes, maintenance and aftercare is an ongoing cost. However, when your website is your main source of leads or income it could be seen as recklesss to leave it unmaintained. To be fair, you may not realise it needs maintenance, or your web designer/agency never managed your expectations about ongoing website costs.

A company that wants to prosper, for the long term, will protect its source of income.

Assumptions and conditions

Right. This is tricky….

I promise that I will share the full details of the experiment conditions once the experiment has concluded. However, should people find this post and find the experiment I dont want to give away any potential attack vectors that could be used to compromise the site and derail the experiment.

Once everything has concluded I will list for you what software and versions were used as well as all the plugins or themes installed on the site.

What you can be assured of however is that the site will be pretty average for one that is built by an industry professional using off the peg themes and plugins.

To determine what plugins and theme to use, I questionned a community of over 2000 UI/UX/Web professionals as to what they use on a typical build. I added this list to my own, removed duplicates and created a site with dummy content and those plugins.

In addition to plugins the following will be used:

  • Average quality cheap shared hosting account
  • Server software, running a popular version of PHP, Apache, MySQL
  • No site maintenance will be performed

Data protection

The goals of the experiment dictate that this website is typically average for a small to medium-sized business. For that reason, it will contain an eCommerce and blog function with comments enabled. This will replicate the typical functions that you would expect to see on an average website.

Although the site will have eCommerce enabled and contain fictional products, no payment gateway will be active and the registration of user accounts will be disabled. No purchases or transfers of personal data will be functional. Yes, this kind of reduces the potential attack vectors but is a reasonable precaution to take to protect that that may unwittingly interact with the site.

The location and url of the site will not be shared until the end of the experiment to safeguard the site from abnormal attempts to compromise it.

What will be monitored

  • Uptime
  • Downtime
  • Total Plugin updates outstanding over time
  • WordPress core updates outstanding over time
  • Cumulative number of updates missed per plugin/theme
  • Prevented site attacks/unauthorised logins
  • Documented security vulnerabilities caused
  • Number of spam comments on posts
  • Number of spam contact submissions

How long will the experiment last?

Monthly progress reports will be provided with the experiment concluding after 12 months or until the site gets compromised. Whichever is sooner.

Should the site get hacked (even if it is a friendly hack), it will be immediately deleted and the account closed to prevent the experiment from being used in any innapropriate way by any third party. The intention here is not to get the site hacked but as with all websites, it does remain a possibility.

How will I keep you up to date?

I will send you an email at then end of each month discussing the state of the experiment any notable recent activity and provide a link back to online results and data.
When the experiment conludes, a final email report including data, a summary of the experiment timeline and recommended actions for your website will be sent to you.

A final thought…

I havent heard of any experiment like this before. I’m sure it must have happened, even if unintentionally, but to document it and record useful data from it will be a really interesting experience.

Regardless of the outcome I will share all my data and conclusions with you. It is important as professionals we challenge our own assumptions and advice time to time and I really look forward to any learning that I/we can gain from this experiment. I hope you join me for the ride. If nothing else, it’s going to be interesting.

Get a free copy of the report

Pop your email address in the form below and I will send you the report when it’s done. The results might just surprise you (and me).

Unsubscribe at any time and don’t worry, your information won’t be shared with anyone else.