Sandstorm Blog

Nick
Drupal vs. Wordpress

Over the years, Sandstorm® has built websites on content management systems (CMS) using a variety of programming languages: Python, .NET, and PHP to name just a few. These programming languages support CMSs like Django, Kentico, and Joomla, respectively. Two of the most popular CMSs are Drupal and WordPress, built on PHP.

A common question we hear from clients is whether they should use Drupal or WordPress. While there’s no right answer, there is an answer that’s right for you. Each one has its place, so we've laid out where you can gain the most benefit from each CMS.

The Benefits of Drupal

Speed and Performance

When it comes to a scalable CMS that can support high-volume traffic and vast libraries of content, Drupal beats out WordPress. Not only does Drupal offer better performance out of the box—including default cache features that help pages load faster—it’s more robust for handling complex projects with lots of functionality.

Security

Drupal is favored by many top companies and government agencies, including whitehouse.gov, for its enterprise-level security. Drupal has a very active security team with a stringent review process for plugins and a robust permissions layer that provides nuanced limitations for user access.

WordPress, on the other hand, is a popular target for hackers whose malicious attacks often succeed due to fully coded plugins compromising security. Additionally, WordPress doesn’t provide the flexibility in tailored permissions that Drupal does.

Lead Conversion

When it comes to getting leads through web contact forms, WordPress requires third-party tools like Gravity Forms or JotForm, which will cost you extra.

With Drupal, web form functionalities are already built into the platform, so you don’t need external tools. Drupal can also enable rules and set up triggers so that when someone fills out a form on your website they receive an SMS message from your company, which helps with lead nurturing efforts and potential conversions.

The Benefits of WordPress

Ease of Use for Small Businesses

Since WordPress started primarily for less tech-savvy bloggers, small businesses with a junior development team benefit the most from the platform. Additionally, most writers and content managers have some experience with WordPress, so there's little need to train them on the platform.

Where It's a Toss Up

Supportive Community

Drupal and WordPress users have created diverse global communities that offer international conferences like DrupalCon and WordCamp; local training events and Meetups; and active forums where users can ask questions and learn more about the platform. While the WordPress community is larger than Drupal’s, it’s uncommon that you would run into an issue with either platform that someone hasn’t encountered, and solved, before.

Search Engine Optimization

It doesn’t matter to Google which platform you use, and both platforms offer excellent plugins and modules to help you with your SEO, including Yoast for WordPress and Content Optimizer for Drupal.

At Sandstorm®, our experts have extensive experience developing, designing, and writing in Drupal, WordPress, and many other content management systems. We’d love to find the one that’s right for you.

This blog was posted by Nick on May 1.
Nick Meshes

About the Author

Nick Meshes

Nick is Sandstorm’s Director of Technology & Analytics. He’s boosting our quantitative focus. He’s busy increasing our capabilities in web analytics, website optimization testing, SEO, SEM, display advertising, business intelligence, and personalization.

Rise of the Bots: Digital Security in 2017

Now more than ever, digital security is something that needs a thoughtful approach.

From Yahoo! to the DNC, large, high-profile security breaches are filling the news and making security a hot topic for everyday conversation. There are so many hacks that even data visualizers are struggling to make sense of them all. Which is why 2017 will be the year that companies finally realize the value and necessity of security for their digital properties.

Whether cause or effect, our increasing reliance on technology correlates with the spike in frequency, size, and severity of security breaches. At Sandstorm®, we're big fans of Steve Gibson and his podcast Security Now, where he talks about the race to keep up with new security threats. With each new security improvement developers release, hackers are ready to uncover weaknesses. Over the years, this has brought us to a place where both the threats—and the necessary defenses against those threats—have reached a level of complexity that can seem daunting.

From Convenience to Security

The complexity and automated nature of modern attacks has changed the industry’s view on the lengths hackers are willing to go to. Now, we have to assume that there is always someone looking to exploit opportunities and weaknesses.

While these are just a few examples of the risks and remediations that companies need to consider, they illustrate the many different attack vectors that developers need to address. The trick is to do the following:

  • Define the requirements
  • Identify the risks and determine the solutions
  • Design a highly functional application that still puts the user first

Trend #1: Rise of the Botnets

Botnets are a major reason for the increase in security issues. As an industry, we’ve known for some time about the danger of improperly patched or unsecure computers and servers that get infected with malware. But in the last few years, risk has increased exponentially due to the prominence of the Internet of Things (IOT). We have an explosion of internet-connected devices (light bulbs, refrigerators, dishwashers, teddy bears) with many of them rushed to market without regard for security.

Night of the Living Malware

Malware programs target these vulnerable systems to create zombie armies of infected computers that work together to feed on sites. The most recent and well known is the Murai botnet, the code of which was released as open source and has since spawned a plethora of derivations. That's right; you heard me. They’re multiplying, evolving, and getting smarter like a creature out of a bad horror movie.

How bad is it? Projections as of 2016 suggested that 35% of all internet traffic consisted of malicious bots. That's a lot of zombies wandering around looking for your server's brains.

GhostBot in the Machine

Another recent example is GiftGhostBot. This attack came to light in March 2017. Bots are brute forcing the pages that allow customers to check the balance on their gift cards. These bots keep guessing gift card numbers (at an estimated rate of four billion requests per hour) until they get one that has a remaining balance. They can then use that gift code to steal from the gift card holder.

What makes this GiftGhostBot particularly sinister is its sophistication. First, the attack is distributed across multiple compromised devices, servers, and computers—which means there’s no way to track and block these requests by IP. Second, the bots have been set up to use over 740 different user agent profiles, meaning they masquerade as different browsers and operating systems to confuse attempts to filter out their traffic. Vendors might add CAPTCHAs or completely remove these pages to remediate the issue. This is just another example of the exponential scale and complexity of attacks that have shifted the conversation towards security.

What You Can Do

  1. Your best defense is keeping your systems up-to-date. Apply security updates to all technology in your ecosystem in a timely manner (including websites, servers, computers, employee mobile devices, etc.).
  2. Be sure to spend the time to review all new features and components of your digital products with an eye for potential vulnerabilities. Always overestimate the lengths someone would go.
  3. When in doubt, engage a knowledgeable specialist to help review your security configuration.

Trend #2: Are You a Robot? – Identifying Friend From Foe

If you’re thinking this is all about the rise of the machines, you might (or might not) be happy to hear that humans still play an important role in threatening your business’s security. While botnets have increased the quantity of attacks, the level of sophistication for attacks has also dramatically increased. In some areas, malicious entrepreneurs have even turned to crowdsourcing to enhance automated attacks. Take CAPTCHA as an example. When those annoying pictures were too much for some bots to circumvent, unscrupulous companies paid real people to fill them out. Bots passed the CAPTCHAs back to humans whose answers were fed back to the bots so they could proceed with their attack.

Invisible ReCAPTCHA

This resulted in concerns with the CAPTCHA as a solution for determining bot from human. While still used, it was understood that this solution is not 100% effective. Recently, however, Google updated their reCAPTCHA service with their new Invisible reCAPTCHA. Maybe you’ve seen this: It’s a simple checkbox that says “I am not a robot.” Because so much information on your behavior has been compiled by Google, it can compare your digital fingerprints and activity against its vast repository of analytics to determine if you’re a real person. Or that’s the theory anyway; the new service has just rolled out and we're excited to see how it matures.

Mollom

Mollom is another service we recommend, specifically for Drupal projects. It takes form submissions on your site and checks the content to see if it looks like bot-generated content. If it does, the content is flagged. This technique analyzes content to protect against spam, relying on the consolidation of massive amounts of examples to understand how to proceed.

What You Can Do

  1. You can do is realize that identifying bots is not as straight-forward as it seems. They have gotten very good at pretending to look like real users performing real actions on your site.
  2. Shift your thinking to a place where you assume that hackers and spammers are probably smarter (or at least more persistent) than you. Look at each element of your digital products as a place where a bot might pretend to be a human and consider what they might be able to do.
  3. Layer different preventative techniques. Don't assume that one fix is enough and have a contingency plan for is a bot does get past your defenses.

Trend #3: Moving to SSL

Another major trend for 2017 will be the push for secure socket layer (SSL or HTTPS) traffic for everything. This has been an important shift for security in the last few years. Previously, SSL was only considered important for highly sensitive data, but a few things have pushed us into a world where regular HTTP traffic is considered unsecure.

Man in the Middle

First, a number of tools have come out that make watching the traffic of someone else on your network very easy to do. This allows a person to see the sites you are visiting and even steal your username and password. This is generally referred to as a man-in-the-middle attack resulting in session hijacking. Traffic over HTTPS helps to protect against that because your browser and the server are essentially communicating via a secret language that only they can understand.

Man on the Side

Second, browsers pulling in content over regular HTTP can't 100% confirm where the content they’re displaying came from. There have been a few complicated attacks over the past few years where malware was sent to site visitors instead of the assets they were expecting. This is generally referred to as a man-on-the-side attack. The attempted attack on GitHub in 2015 is an example of this. Moving towards HTTPS traffic gives the browser certainty that the content it received is the one it was expecting.

Pushing the Transition

If you’re thinking all of that sounds scary, you're not alone. Google agrees and has started to roll out changes to the Chrome browser—you've probably noticed that grayed out "not secure" message near the URL. Additionally, if you log in to a site over regular HTTP, you may also notice a red "not secure" message. This is meant to push websites towards SSL, and it’s only the start. Google has announced additional plans to clearly mark all traffic as not secure going forward.

What You Can Do

  1. Work with your hosting provider or website developer to purchase an SSL certificate from a reputable vendor.
  2. Have those same partners review your SSL configuration to confirm that you’re using strong protocols and ciphers that have not been deemed to be compromised.
  3. You may also need to review your site to confirm that you don't have any mixed content errors, which is when HTTPS pages are referencing insecure HTTP resources.
  4. While you're at it, complete a full review of your server configuration.
  5. A full penetration test or security scan may also be a good investment.

How Sandstorm Can Help

This is just the start of the conversation and we've only covered a few topics. Whether you’re moving your current website to SSL or want to ensure your new website is developed with the latest security in mind, we utilize the technology and techniques that make sure you’re protected.

This blog was posted by on April 13.
Sean Fuller

About the Author

Sean Fuller

As Technology Director, Sean is a hands-on developer and technical lead on projects. He works with design and strategist teams from kick off through launch to plan, design and execute technical solutions for client projects. 

THIS FILE WAS POSTED UNDER: 
this file was posted under: 
Sandy
Building a Website RFP needs these essential elements

Having trouble putting into words what you are looking to accomplish with your website? Not sure how to get all of your web development agencies aligned with your goals and objectives?

Writing a request for a proposal (RFP) is a challenging process if you don’t know where to start. By taking a moment now to think about your organization and your users’ wants and needs, you’ll save time later and increase the possibility of attracting the best agency to deliver success.

We can help! By following the website RFP response template below, you’ll have a clear strategy and a solid start for your next initiative:

 1. Brief Overview of the Project
Describe your current website situation or desired campaign and a description of what your investment will entail.

 2. Project Goals and Objectives
Define the motivation for your project. Why are you making this investment (i.e. expanded services, growth, new target audience, lead generation, attract job candidates)? What do you hope to accomplish? List your objectives.

3. Current Web Statistics
Include relevant web analytics such as top content, goal conversions, traffic sources, bounce rates, keyword phrases driving traffic, social referrals, mobile traffic, etc.

4. Technical Requirements
Are you integrating with any existing systems? List them. Do you require a specific programming language (e.g. .php or .net)? How is hosting currently handled?

5. Usability Requirements
How many different user groups do you have, and who are they? Are you interested in conducting usability testing? How about user research or developing a persona? 

6. Functional Requirements
What features and functionality do you need on your site? Some needs might include:

  • Secure user/password
  • Contact forms or dynamic forms
  • File uploading option
  • User account management
  • Social media integrations and social sharing
  • Database development
  • Video integrations
  • Member dashboards
  • Content management system (Drupal, Kentico, Wordpress, etc.)
  • E-commerce
  • Newsletter sign up
  • White paper lead capture
  • Blogs
  • 3rd party API integrations (LMS, AMS, HubSpot, Salesforce, etc)

7. Content Requirements
Approximately how many pages are on your current site? Do you have a content strategy? Who is going to be responsible for writing or editing your content? How will your social media channels be integrated?

8. Mobile Requirements
We only build websites that respond to your user’s device (i.e. mobile, tablet, desktop) – so we have that covered. Do you have any other special mobile needs that we should be aware of? 

9. Budget
Has your budget been set and approved? What is the range?

10. Timeline
What is your ideal project completion date? What is driving that time (i.e. trade show, new product launch, leadership change, board of directors, it should have happened last year)?


Ready to rock?

This website RFP response template can be the perfect tool to align all stakeholders on the essential building blocks for your project. It ensures you have a solid, thoughtful, and organized plan to guide your chosen agency, too.

A little upfront thinking and decision-making goes a long way in constructing an optimal site experience or campaign. You’ll be the rock star whose project launches on time, within scope, and under budget.

[Once you’ve completed all these steps, please send it to us. Sandstorm might be the right partner for your new project.]

This blog was posted by Sandy on April 3.
Sandy Marsico, Founder & CEO

About the Author

Sandy Marsico

Sandy Marsico is the founder & CEO of Sandstorm®, a digital brand experience agency that turns consumer insights into engaging user experiences through our unique blend of data science, brand strategy, UX and enterprise-level technology.

Dubai skyline, user experience, UX, IA, information architecture

I recently had the incredible opportunity to travel to Dubai. It’s a city of extremes: intense 120° F heat, malls with skiing and diving—with tiger sharks—and architectural feats beyond my wildest imagination. Out of all these wonders, what impressed me the most was the ever-evolving infrastructure of this bustling, technologically advanced city.

In Dubai, the roads change constantly to account for all of the new construction. In fact, they change so frequently that residents and taxi drivers say they often run into a dead end or end up trapped on a road that has changed overnight. GPS isn’t just used for convenience in Dubai, it’s used for survival.

A website’s information architecture is a lot like a city’s infrastructure: as you add new information, you need to create new navigation. If you’re constantly changing where you place information and how customers navigate your website, your users will be just as lost as drivers in Dubai.

A common method to improve the user experience (or UX) of a digital space is to mimic a real world pattern. For example, e-commerce mimics a grocery store: you typically have a shopping cart, you add to the shopping cart, and then you go through the checkout process.

The challenge comes when you start building and adding on to the original experience. While Dubai’s original city center is pretty easy to navigate, as the city grew at a rapid pace the new roads ignored the original conventions. Often—to accommodate new construction—roads had to be shifted and changed, causing friction and confusion among drivers. When designing your website, it’s imperative that you account for how it may evolve in the future and avoid foreseeable challenges as your company grows.

Sandstorm has a dedicated team of UX design specialists—including designers, architects and researchers—who help clients build websites that utilize information architecture best practices and provide cutting-edge user experiences. 

This blog was posted by on August 29.
Safina Lavji

About the Author

Safina Lavji

As a UX Architect, Safina actively empathizes with users to bridge the gap between user needs and what the client delivers. 

Ensono, branding, tech, mainframe, brand strategy, content strategy, marketing strategy, web development

Machines possessing hopes and dreams is a classic theme explored in science fiction. Sandstorm® explored this theme when Acxiom IT restructured their organization and needed a rebrand to reflect their new position as a tech company that dreams of the future.

Acxiom IT recently became a standalone infrastructure management services business, which required a new name and brand strategy to set them apart from their former parent company. Sandstorm® was hired to guide the 46-year-old business as they developed a new corporate identity. The result: the Ensono brand and a vision for the future.

Sandstorm®'s first step was diligent research. We examined the client's history, needs, behaviors and desires to understand where they've been and devised a marketing strategy to help them reach where they wanted to go. In speaking with their senior leadership, it became clear that they wanted to position themselves as a solution that meets the needs of the present and the future. Although they offered industry-leading mainframe solutions, Ensono needed help representing themselves as a company that develops and innovates for the future.

With renewed focus on addressing current client needs while engineering solutions for the demands of tomorrow, we turned to creating a new name. Sandstorm® went international while exploring the concepts of progress and dreaming: "enso" is a Zen concept that refers to strength and creativity, and "in sogno" is an Italian expression meaning "in dreams." By merging these words and concepts together, Ensono, or the company that dreams, was created. This idea of inventive and adaptable thinking followed through the positioning statement, key messages, content marketing tactics, and digital marketing strategies.

Sandstorm® assisted Ensono with their brand launch and website development and has continued to partner with them on many projects including: collateral materials, promotional video, product campaigns, corporate signage, and assisting with the interior design of their new office space.

If you are dreaming of a new marketing strategy, Sandstorm can make it a reality.  

 

This blog was posted by on August 4.
joshua sovell

About the Author

Joshua Sovell

As the Marketing Manager Joshua is in charge of crafting the Sandstorm narrative via compelling blog content and community engagement.

Consider your options when comparing Content Management Systems

[This is second post of a series on choosing a CMS. Check out Part 1, and learn about the importance of your goals and requirements in the process]

Now that you have a solid set of requirements for your content management system (CMS), you can start to explore some different options. To narrow the conversation, it's sometimes helpful to consider them as a balance between simplicity versus flexibility.

5 approaches from simple to flexible

1: No development needed

Starting on one side, you'll find the most simple subscription-based solutions that require no development and minimal setup. As an example, think of a blogging site for which you just need to create an account. The options are limited. It doesn't give you much more than a running list of posts that you can create and edit. Google Blogger and Tumblr are examples. While some border on being social media more than CMS, they are in fact services that allow you to manage your content.

2: Simple and customizable

Moving up from there, you have simple frameworks that provide a medium amount of customization. This can be anything from services like SquareSpace to platforms like Ghost and Wordpress. These are designed to get you up and running quickly, but also allow you to heavily customize your site.

At this level, you can sometimes add basic online stores. You can create a unique look and feel. With something like Wordpress, you can even add some custom functionality. Eventually when dealing with options in this category you'll find that you're trying to do things for which the framework just wasn't built, so you'll move closer to flexibility.

3: Scalable and flexible solutions

The next level up are the more scalable and flexible solutions. Options like Drupal, SiteCore or AdobeCQ are in this category. While they are very different frameworks, they all have some basic preconceived notions about how content should be managed and structured. These are solutions that get you quickly up and going, but they are also intended for heavy customization. Advanced custom functionality can be added on top of them. Some can even be extended to the point where they are more than just a website and terms like "web application" start to emerge.

They are meant to be fast to deploy because much of the structure of how to manage your content has already been determined. However, this ease of deployment and development can sometimes come with the penalty of rigidity. Once you start to stray outside of their assumptions about how content should be managed, things can start to get messy. It's like strapping a howitzer on a sports car. Sure, we can get it to mostly work, but it just wasn't designed to do that.

4: Frameworks for fully custom sites

At the far extreme you find frameworks for custom-built applications that allow for advanced integrations, workflows, relationships and functionality. These are true development frameworks that allow you to build your own CMS or web application. Laravel and Django are two examples that fit in this category. They make sense when basic management of content is a secondary requirement, trumped by custom functionality. Or perhaps the structure of the content is unique enough that trying to get it to fit into some of the options in the previous category would not be ideal.

The primary benefit is that your application is faster because it was built to do exactly what you want. The primary downside is that it may cost more to build because you have more custom code and less community-tested extensions that effortlessly drop into your new site.

5: From the ground up

Of course out at the furthest edge you'll find the "from the ground up" option. This would be to pick a language and build a completely custom solution, without taking advantage of any frameworks. There are reasons that you'd do this, but if you're looking for a CMS, you're probably better off considering one of the many frameworks that exist today.

Proprietary versus Open Source

One of the key decisions is to consider when choosing a CMS whether you want to go with one that is proprietary software versus one that is open-source.

Proprietary

Proprietary software brings licensing fees and/or ongoing hosting fees. These fees are often in addition to the work required to design, configure, customize and host your site. Solutions like SquareSpace, SiteCore, AdobeCQ and others are businesses that provide a service in order to make money.

For some of these, the costs can get quite high (the average AdobeCQ license can run into hundreds of thousands of dollars). This can be fine if the CMS fits your needs. After all, part of what you're theoretically purchasing is the peace-of mind that if something goes wrong, that vendor will be there to help.

Open Source

In contrast, open-source software is free to download and use. Solutions like Wordpress, Drupal, Django and Laravel are all built by a community of developers and released under open licenses. Generally you want to look for a knowledgeable partner who you feel confident can properly build your CMS solution using one of these frameworks.

Final considerations

Budget

A final step is to consider your budget. You can make strategic decisions to create a CMS-based site with a small budget or invest heavily in some items to ensure your site covers the full extent of your needs.

Maintaining your site after launch

A final cost consideration is ongoing maintenance and support. If you are considering a proprietary solution, be sure to budget for the ongoing licensing fees. You should also double check that these fees cover ongoing upgrades and security fixes.

If you are considering an open source solution, be sure to set aside some of your budget to have your developer perform security updates and proactive maintenance. In either case, consider also setting aside some budget for support requests – minor feature requests and other changes to how the site functions. Properly considering your ongoing maintenance and support costs will help you to finalize the amount you have to build your CMS.

Making your final CMS decision

With the term CMS covering such a wide range of digital platforms, it's no wonder that many feel overwhelmed when choosing one. Defining your goals and requirements can help you to navigate your options. We've found that walking through these steps is a great way to reduce apprehension, provide clarity and deliver a solid final product. We hope you find them useful also.

[If you enjoyed this post, read Part 1: Goals and Requirements]

This blog was posted by on July 30.
Sean Fuller

About the Author

Sean Fuller

As Technology Director, Sean is a hands-on developer and technical lead on projects. He works with design and strategist teams from kick off through launch to plan, design and execute technical solutions for client projects. 

How to Compare Content Management Systems - Goals and Requirements

Deciding which Content Management System (CMS) to use can be a daunting task. It can be difficult to sort through the plethora of irrelevant recommendations and confusing information to find the best solution. Many of our clients come to us with a rough sense of what they want, but need help making the final recommendation.

How to compare CMS?

Comparing Content Management Systems is challenging because it means different things to different people. The phrase has evolved to cover a range of web frameworks and applications. It is a broad term that covers any program which facilitates content creation and updates (usually on the web). On top of that, many popular CMS options are highly customizable – two sites built on the same framework can look very different. 

Going beyond the simple editing of an organization's "About Us" page, modern websites demand a great flexibility in how they handle content. They often need different types of content, each one requiring specific workflows or relationships aimed at solving various goals. For example, consider the differences between a blog post, an event listing, and a product detail page. Each one has unique data associated with it. Each one is organized in different ways. Being able to handle unique types of content while still providing a consistent interface is an important part of any CMS.

A CMS often has other advanced functionality. They pull content in from other systems. Some integrate with different authentication systems. Some have an online stores. Others allow a community of users to login and participate in some way. Still others might pull in raw data from one source to display it to users in a completely new way. These are all managing different kinds of content at some level. 

Create Goals

Not every site needs every possible option. So, what does it your site need? It's good to get back to your goals and requirements. Your website has needs that are just as unique as your organization. A needs-based assessment can help to focus your requirements and narrow down the search.

Start by defining your goals. Create a list of what you want to achieve with this new CMS. Starting with your goals will help to focus your efforts.

  • What problems are you looking to solve? 
  • Are you looking to increase your brand perception as part of this project? 
  • Is increased membership or sales a primary goal? 
  • If you have a current website, what is it not doing well? 
  • How will your CMS need to support your organization? 

Identify and prioritize your requirements

Once you have a good list, start writing a list of requirements. Some will just require a quick rephrase of a stated goal. Others will lead to a whole new list of items. For example, if your goal is to publish your events calendar online, but your events are currently managed in a different system, integration with that system is a potential requirement. 

Next start to prioritize these requirements. Rank your requirements from must-haves to nice-to-haves. This exercise helps you make the most informed decisions as you start to build your budget. Some items might need to come in a second phase after the first version of the site launches. 

Eliminate some options from the start

Understanding your organization's technical requirements can also help to eliminate some options. For example, if your IT infrastructure requires you to use .Net, then a Ruby, Python or PHP-based solution (like Drupal) may not be possible. More and more these restrictions are no longer a problem with modern hosting options, but it's one of the first questions to ask.

[Continue to Part 2: Consider Your Options]

This blog was posted by on July 24.
Sean Fuller

About the Author

Sean Fuller

As Technology Director, Sean is a hands-on developer and technical lead on projects. He works with design and strategist teams from kick off through launch to plan, design and execute technical solutions for client projects. 

Chicago Web Development Firm Attends Drupal MidCamp

Sandstorm is proud to once again be involved in Drupal MidCamp. MidCamp (also known as the Midwest Drupal Camp) is an annual event held in Chicago that brings together people who use, develop, design, and support Drupal. This year’s MidCamp will be March 19-22, 2015 at the UIC Student Center East.

Sandstorm is a bronze sponsor this year, and we’ve got web developers, strategists, and web designers attending. Last year, I had the pleasure of speaking about user research techniques, which was a blast. This year I'm looking forward to mingling with regional Drupal developers and attending sessions on Drupal 8, "headless" Drupal, and automated testing.We're also on the look out for another solid Front End Developer here at Sandstorm. If that's you, get in touch.

You don't have to be a developer to get something out of MidCamp. There are plenty of promising sessions for people new to Drupal and project managers working with the CMS. We hope to see you there, and have some fun!

This blog was posted by on March 13, 2015.
Michael Hartman

About the Author

Michael Hartman

As Sandstorm's Technology and Usability Director, Michael leads our developers and usability researchers in creating web sites and applications—both desktop and mobile—that embody our favorite blend: intuitive user experience and dynamic Drupal development.

Why do you need a website maintenance plan for your Drupal website?

Congratulations on launching your new Drupal website. You can now rest assured that you never have to think about it again. It will automatically generate revenue and keep itself running for decades to come. Pat yourself on the back and have a drink. Your website is complete.

Well... this might not be entirely true.

In reality your website is never really finished. Just like with a car or home, things degrade over time. Your website is no different and you need to have a website maintenance plan.

What is website maintenance?

It is the process of keeping your website up to date and running smoothly. It involves applying security patches, monitoring web server performance, and maintaining your code base. This is on top of maintaining your content, products and/or users. You gotta do that, too. Major reasons to have a maintenance plan include security, performance, backups, and other considerations.

Security

Hackers are always looking for ways to compromise websites through new techniques or insecure code. It’s critical your website remains as secure as possible. This often involves applying security patches or software upgrades both at the code and server levels. One advantage to open source software like Drupal, is the community of developers finding security holes and contributing patches.

This is also a double edged sword. Once hackers identify a security hole, they can exploit it by targeting unmaintained sites. You are running a huge risk if you’re running a Drupal site and not keeping up with Drupal core and module security upgrades.

Performance

Performance affects the amount of time it takes for your website to load for a user on their device. This includes time to complete transactions like adding a product to a cart or submitting a form. Good website performance is good usability. Users will abandon a poorly performing website never to return. It’s also good for search engine optimization (SEO).

We include performance testing and tweaking as part of the launch process. Yet, performance can degrade over time as code, content, or the server environment changes. Perhaps your site’s traffic has increased and now requires more resources to meet user needs. Wouldn’t that be great? It is great if you’re monitoring your traffic, server performance, and page load times so you can ramp up to meet the demand.

Backups

Another component of a good website maintenance strategy is a solid backup and restore plan. Most web hosts keep some level of back ups and will either restore your site as part of your hosting package or for a fee.

While this provides a safety net, they usually only keep a short window of backups. You may need to restore your site to an earlier point than your host has kept. Or you may need to restore to a point since your host’s last backup. A defined backup strategy allows you to quickly bring your site back online whatever the case may be.

Other considerations

Broken Links
Each website page links to internal pages and external websites. These links can change over time as content expires and changes or as sites get redesigned. Keeping an eye on broken links and updating or adding redirects when urls change should be part of your maintenance plan. Broken links are detrimental to your SEO.

Web forms
It’s a good practice to test and confirm that each of your web forms are working as expected, this may include contact us, event registration, and newsletter signup forms. Hopefully you’re seeing regular submissions, but it’s possible another update affected these forms. We like to confirm everything is still working after applying other updates to a site.

Development and staging environments
When implementing development updates, you should avoid deploying new code and patches to your live website. It’s important to have a separate deveopment environment for developing and testing new features and security updates. You use a staging environment to review and confirm these updates before releasing them on your live website.

The value of maintenance

The cost of website maintenance outweighs the cost of fixing problems caused by a lack of maintenance. A website maintenance plan is an added level of insurance against security and server-related issues that can cause grief and lost revenue. At the end of the day, a well-maintained site is another component of a great user experience.

Need help with Drupal website maintenance? Get in touch.

This blog was posted by on February 20.
Michael Hartman

About the Author

Michael Hartman

As Sandstorm's Technology and Usability Director, Michael leads our developers and usability researchers in creating web sites and applications—both desktop and mobile—that embody our favorite blend: intuitive user experience and dynamic Drupal development.

Sandy
Chicago Web Development Firm, Mobile and Tablet Development

At Sandstorm, our in-house, senior-level team of web developers have successfully built websites and data-driven web applications that other web development firms said weren't possible. We push technology in new ways, build custom code when necessary, and leverage existing code when it makes the most sense. And in their spare time, our web development team improves on already existing technologies; they contribute to Drupal, develop new interface layers for our clients so administrators have a better experience updating their own sites, and spend hundreds of hours on learning and training to stay in front of the constant changes in web development.

Our web development, usability, and UX design teams work together... every day
Having a close-knit web development team, usability team, and UX design team in-house allows us to develop a synergy that solves problems, encourages creative thinking, and explores new ideas to improve the user experience.

Our agile methodology and SCRUM framework
Sandstorm’s web development process is built on Agile principles and the SCRUM framework. In Agile, a cross-functional team of business stakeholders, designers, and developers work together on a daily basis to define, prioritize, develop, and test key system functionality, releasing complete product features frequently in stages. Utilizing the SCRUM framework, we prioritize and divide the requirements into 2 to 4 week sprints. Our team meets daily to discuss progress and identify risks. At the end of each sprint, the included functionality is considered done and ready for release. Release reviews are conducted with the client throughout the process to gain sign off and feedback.

We like this approach because we can better respond to changing priorities and requirements. It helps our clients more closely manage their budgets and make informed decisions about the value of features and functionality.

Content Management Systems we develop in: Drupal (.php), Kentico (.net), and Wordpress (.php)

This blog was posted by Sandy on January 5.
Sandy Marsico, Founder & CEO

About the Author

Sandy Marsico

Sandy Marsico is the founder & CEO of Sandstorm®, a digital brand experience agency that turns consumer insights into engaging user experiences through our unique blend of data science, brand strategy, UX and enterprise-level technology.

THIS FILE WAS POSTED UNDER: 
this file was posted under: 

Pages