Website monitoring is a process that allows administrators and security experts to get real-time alerts relating to your website’s security and performance. WordPress website monitoring provides information on the state of your website’s security, traffic, speed, uptime and much more. It’s a helpful tool for maintaining website function, as well as understanding where your website is performing well, and pinpointing areas where it could be improved.
How Do You Monitor a Website?
Website monitoring combines tools (including WordPress plugins and web-based monitoring software) and a notification system to create a mostly automated structure for regularly checking a website’s performance. For example, Google Analytics may be used to monitor traffic levels, while an uptime monitor can be used to alert technicians if a website is offline for more than a given threshold of time (for example, more than 2 minutes).
Ideally, website monitoring is something that runs in the background, notifying technicians of relevant updates, changes, and issues, usually without the direct participation of website owners or users. The web expert in charge of the monitoring processes will receive periodic alerts via email, instant messaging, or sometimes SMS, such as when updates are available or when a security issue is detected. In this way, website monitoring serves as constant background maintenance that’s generally invisible to you and your customers, but keeps things running smoothly for both.
Monitoring tends to be split into two major categories: security monitoring, and performance monitoring.
Website Security Monitoring
Security monitoring is just monitoring. It sets up a framework by which technicians can find out immediately if something is wrong, and take relevant actions to suit the issue in question. It’s simple, but proper security monitoring lets you ensure that your website isn’t experiencing an active security issue for an extended period of time.
Website Performance Monitoring
Performance monitoring has to do with things like checking how fast the website is loading and noting any outages. It also has to do with responding to certain types of errors and issues such as broken links or mobility issues. These are not “security” issues per se, but they are often precursors to or symptoms of security issues. Monitoring for these kinds of precursors can help prevent minor hiccups from developing into more serious vulnerabilities.
Why is Website Monitoring Important? (17 Examples)
Monitoring can be set up to generate alerts and notifications relating to security issues such as:
- Password strength for admins and key users
- WordPress core, plugin, and theme updates
- Server software versions and updates
- Backup logs and errors
- Registrar renewals and changes
- DNS changes
- Backlists and spam lists
- Unauthorized file and folder changes
- Malware and viruses
- Status of server resources (storage space, RAM, CPU)
- DDoS attacks and other external threats
Monitoring can also be used to gauge and report performance factors such as:
- Page loading speed
- Significant spikes or drops in traffic
- 404 errors and broken links
- Mobile usability
- Google penalties
Password Strength of Admins and Key Users
In WordPress websites, admins have the freedom to change their password. Not all sites have strict policies in place to demand “strong” passwords. Enabling a technician to see password changes and audit the strength of admin passwords makes it easier to keep login information secure.
WordPress Core, Plugin and Theme Updates
WordPress releases updates periodically — sometimes multiple times in a single week. The same is true for the plugins and themes your site uses (though these updates tend to be less frequent). Being notified of WordPress updates allows you to take action and ensure your site is running the latest versions. A good security team also sets up updates to notify them if a plugin is removed from the WordPress Plugin Repository. This is critical because it lets a web expert know when a plugin is no longer supported or has failed to comply with WordPress’ standards. When this happens, you know it’s time to switch to a more secure plugin.
Server Software Versions and Updates
Not all web hosts are created or managed equally. There are no regulators inspecting web host facilities or ensuring they comply with a specific “building code”. It’s critical to have monitoring in place to let you know if your web host is using an old version of PHP or if they’re allowing for unsecure versions of encryption software to run on their server. Without this, you will have no idea how good a job your web host is doing at maintaining their infrastructure.
Backup Logs and Errors
It’s vital to take regular backups of your website so that you can restore your website to a working state in the event of a major issue. If you’re not doing this, stop reading and email your web company or web host now and ask them to set this up. Once it is set up, a good technician will receive notifications from the backup system letting them know that: a) backups have been taken, and b) they are complete with no errors.
Registrar Renewals and Changes
Your registrar is the place where you bought your domain, URL, or web address (for example: wordzite.com). It’s not common for a company to forget to renew its domain, but it does happen, such as in cases where a key individual has left a company and the renewal gets lost in the shuffle. Having third-party monitoring in place to ensure the domain is renewed and no unauthorized changes are made to the domain is critical to avoid a major website outage, and potential lost revenues.
The DNS for your website is a technical switchboard that tells the entire internet where your company email resides, and what IP address to send your website traffic to. You normally only need to change your DNS setting if you are changing web hosts or mail servers. You may also change or add DNS settings to support various third-party applications such as a CRM or ERP. It’s important to identify and take action against unauthorized or unscheduled changes to the DNS, as these could be an indication of a major breach or human error.
Blacklists and Spam Lists
Occasionally, an email will be hacked or start receiving a large amount of spam. Besides being annoying, a hack or significant spam uptick can lead to an entire domain being flagged as a spammer or blacklisted. If this happens, website users will be presented with an ugly and unwelcoming security warning from Google Chrome and other browsers when they navigate to your site. If the issue persists for an extended period of time, it can result in a drop in Google rankings, and a loss of traffic, leads, and ultimately, sales for a business.
It’s invaluable that your web technician is notified immediately if your domain is added to a blacklist, as they can then work toward having it removed from that list. (WordZite does not offer email security, but we can recommend an expert if this is something your company requires.)
Unauthorized File and Folder Changes
One of the classic actions that hackers take once they gain access to a site is to try to make changes or additions to the files and folders on a website. Monitoring is one key ingredient to addressing this issue. A good website security operation will include a monitoring service that alerts technicians if any unauthorized changes are made to the code or structure of a site. A technician can then take steps to prevent a hacker from gaining further access.
Malware and Viruses
It goes without saying that nobody wants to have a virus or malware operating on their site. Regular scans followed by a log and proper notifications are critical to ensuring that there is no malicious code endangering your website or its users.
If your server runs out of storage space or doesn’t have enough memory or CPU processing power, your site could be slow or go offline. While this is more of a performance issue, it relates directly to the next point about DDoS attacks. It’s imperative to have a monitoring service in place that notifies you if you are reaching a certain threshold. You’ll want to be warned when you have 5% storage space left — rather than be told that you’ve run out completely.
A Distributed Denial of Service (DDoS) attack occurs when a very large volume of traffic hits the server from multiple locations around the world, all at the same time. This type of attack is coordinated, deliberate, unnatural, and designed to take a site offline or expose other vulnerabilities that can be exploited. We always recommend that monitoring is in place to notify web technicians of server resources as well as large spikes in traffic. This allows technicians to take action. Using a CDN such as CloudFlare and having a good firewall in place also helps technicians prevent DDoS attacks, and properly respond to a threat or incident.
99% uptime sounds pretty good, but when you apply that figure to real time, it actually means your website is going to experience a combined total of more than 3 days of downtime — every year. Every website goes down at some point for some users. Yes, even Google and Amazon, both of which have 99.999% uptime targets. It’s not unusual for a WordPress website to go down for a minute or two occasionally, such as when updates are pushed through. But any more downtime than that could be indicative of an issue which needs to be investigated and resolved. With performance monitoring, a security expert can immediately be notified if such an issue arises, and they can often fix the issue before it becomes a detriment to your business, or suggest ways the website or hosting environment could be improved.
Load time or Speed
Studies have shown that the ideal load time for a web page is under 3 seconds. Abandon rates increase dramatically when a site takes longer than 3 seconds to load, especially on mobile devices. Monitoring for load time is critical to ensuring your site is not losing opportunities from users who just can’t wait those extra few seconds for slow pages to load.
Traffic Spikes or Drop-offs
Every website has a normal pattern of traffic it experiences based on the days of the week and times of day that users visit the site. Very large jumps in traffic could be good — or they could be an indication that something is going wrong. Basic traffic monitoring is always advisable.
Broken Links and 404 Errors
Poorly managed websites are plagued with broken links and users hitting dead ends (otherwise known as 404 errors). These are not security issues in and of themselves. That said, they can sometimes be indicative of a security issue if the cause is not identified. Monitoring for these kinds of errors is relatively easy — it’s worth setting up and resolving broken links wherever possible.
Mobile web usage is increasing. Making sure your website is free from any of the above issues is critical — not just for desktop users on a fiber connection, or those within your own office. A fast, well-performing mobile website is vital for reaching existing customers and leads.
Google is constantly scanning websites, often using AI bots called “spiders” to find various errors and issues and report on them in Google Analytics and Search Console. Some issues that spiders will notice are related to SEO and search rankings — the domain of SEO experts. But Google also reports on other issues relating to performance and security issues. Alerts from Google products serve as a useful supplementary source of information about your website’s performance and security.
For most businesses, a website is an important tool for connecting with existing customers and attracting new ones. Because of this, it’s vital to ensure that the website is not only performing at maximum efficiency, but that it’s secure.
Without website monitoring, how would you know if your site went down for a period of time? You might only find out when you start receiving customer complaints. With website monitoring, the cause of the unexpected downtime can be identified and fixed within minutes.
Likewise, without monitoring, how do you know if your site is loading quickly? Is it being dragged down by outdated themes and plugins? Are certain mobile users unable to load your site? Without monitoring for these factors, you might never know — and that could cost your business hundreds of thousands of dollars in lost revenue.
WordZite’s monitoring and website security plans include various monitoring services, performed by technicians that know how to respond in the event of an issue. This allows you to remain focused on your business, with the added peace of mind that your website is firing on all cylinders.
Book a WordZite security audit to get a detailed report of your website’s current security and performance.