New to the community? Start here

[Automate] Monthly Website Updates

0

Hi guys, please can we request the option for Monthly updates. This is because clients across all agencies generally have a monthly retainer and are not necessarily updated on a weekly basis.

Updating weekly essentially incurs repetitive testing which is unnecessary and time consuming. Hoping you can help us with support on this as we are certain others will frustrated with the current settings also.

Best regards Big Gun Team

Fri, 28 May 2021 14:58:19
More The Hub discussions
The Hub
  • Tony G
    • Mr. LetsFixTheWorld

    Hmm, I strongly disagree with the premise here. To be clear, sure, I think it’s important to be able to get updates on whatever schedule you prefer. But I question the reasoning for this request.

    A monthly retainer is intended to secure pre-payment for future services, so that you don’t get screwed for services that you’ve already provided. There’s no implication that you only provide services once per month.

    A website that is only updated once per month is potentially subject to security issues for a period of 30 days. I’m no fan of updating immediately after an update is available (for reasons discussed elsewhere in this thread) but I believe updates should be made in a more discerning manner. If a client’s site gets abused and it turns out the patch to prevent such abuse was available weeks ago, how might you explain not having that security update in place earlier? I’m guessing there is a clause in your ToS that indemnifies you against such a condition, and that your clients don’t really understand the ramifications. (Sorry for being harsh but this is serious stuff.)

    Perhaps this leads to a subtlety that is not being discussed: It’s OK if a site isn’t updated with “the latest and greatest” features for a plugin. We all know (or should know ;) ) the pain of testing a site for regressions after plugin updates, and I respect that such testing takes time, which apparently prompted this request. The issue is that we don’t know what kinds of updates we’re missing if we wait a month. Are they new features? Simple patches? Or more importantly, are they security updates? I’d suggest that if there is a way to identify security updates that the site admin should get an email that a security update is available but that it is not scheduled to be installed. The admin (or service bureau in this case) can then make an informed decision about patching now or according to normal schedule.

    I don’t recall – maybe we do get a notice when an update is available but it’s not being loaded. Compare this to the notices that I’m sure we get when updates have been applied. Unfortunately some developers aren’t explicit about whether an update is for security or otherwise. That’s an industry thing that we can’t solve here. My point is only to point out that we should have better metrics to understand what is available for our systems as well as the history of what’s been done. I believe I’ve mentioned something like this in relation to Defender, but we’ve seen no related changes there.

    Somewhat bluntly, but respectfully,
    T