Case Study: Auditing Ageing Websites

Earlier this year, a large company reached out to us regarding security issues across their ageing WordPress (WP) sites.

Earlier this year, a large company reached out to us regarding security issues across their ageing WordPress (WP) sites.

Aside from the large amounts of bot traffic adding spam, their sites were also slow and difficult to maintain.

Maintenance Issues

Long-term website maintenance is tricky, and in this case, many problems could have been avoided if they hadn’t been allowed to accumulate over time.

How well a site ages and its longevity, depends on a lot of factors including:

  • How well the site was initially built
  • Whether the theme is custom or pre-made
  • If the developers are actively maintaining the theme
  • If the original developers are still involved
  • The number of themes and plugins installed and whether they are working well together
  • The types of powerful plugins in use (e.g., multilingual plugins, WooCommerce)
  • Who is responsible for ongoing maintenance and technical debt

These were all questions that came up during this audit and without the proper groundwork in place, the site wasn’t ageing well.

Security Issues

Bots are attracted to anything that collects visitor data, such as checkouts and forms. In this case, the security issues were caused by outdated plugins because maintenance was sporadic and the site had a lot of redundant plugins that couldn’t be updated without breaking the entire site.

The Original Theme

The original theme had been coded 5 years before and was not maintained by the original developers. It was difficult for the current team and their lack of experience to maintain the coding standards originally in place when the theme was first coded.

There were a few major dependencies in the theme that couldn’t be updated by the team as they would break the site. This is common as sites age when themes are dependent on third-party plugins and code that hasn’t been maintained.

Takeaway: Proactive maintenance extends the life of your site.

Team Management

The team responsible for maintaining the sites were junior developers and they had no lead developer for code review or bringing them up to the standard necessary to maintain the sites well.

There were dependencies in the theme that needed updating but were also breaking changes. This highlights the importance of having a lead developer in a team. Someone needs to say ‘ok let’s get this done’, push the update button on a staging site, and be confident that they can fix any issues that come up or suggest a better way to remove the offending dependency entirely.

Takeaway: If you have a team of developers, make sure there’s at least one experienced lead.

We recommended that the team should be brought up to modern-day coding standards and implemented code review as well as weekly meetups where we dived into best practices so they could maintain the sites better in the future.

Project Conclusion

This project required a multitude of skills including auditing and assessing the risks found on the current sites. It also included coordinating with different groups within the company and training the current team to manage the sites better in the future.

Being an outsider can also make it easier to bring up the issues found, however in a large company it can be difficult for them to pivot and fix the issues.

Takeaway: Frequent smaller audits and updates are better than big infrequent ones.

All-in-all it was an interesting project and very enjoyable working with junior devs and other teams to improve the sites.

Lisa Karvonen

Author Info: Lisa Karvonen

Lissu is a full-stack web developer who started working in WordPress in 2003. Since then she has coded plugins, themes, and applications for companies and organizations in both WordPress and Multisite and other PHP/MySQL applications.

She started developing the WP-Ensure platform in 2017 as a response to customer site attacks and has been steadily improving and growing the company and platform since then.

She’s originally from Scotland but lives in Finland with her husband, son, two dogs, two cats, and a reef tank.

Quick Security Audit

Our quick website security audit instantly checks for common issues and delivers a detailed report to your inbox. No hassle, just clear insights.

Services We Love

Regional and Language Options

We store your website in London to ensure privacy, speed and security.

Choose your region and language below:

U.S.A.

The national flag of the United States.

UK

The Union Jack.

Finland

The Finnish national flag.