Blog post

4 Steps That Clients and Agencies Can Take to Avoid Scope Creep

Scope creep can be insidious. Little extra pieces add up until a project barely resembles its original brief. The price tag changes too, but not in the good way.

Most advice about scope creep is aimed around managing clients. The problem is that it’s not always the client’s fault. Don’t get me wrong, clients often do ask for more than was originally agreed. But it can be a case of the developer misunderstanding what was asked for. Or, in their zest to create the perfect website or app, they end up putting in more time than is necessary.

Ultimately, it’s up to us as the agency to make sure that scope creep doesn’t get out of hand, but clients have a role to play too. In this article I want to outline four steps you can take to ensure that your developer doesn’t do more than expected and how you, as a client, can be certain that you’re communicating clearly.

  1. Agree on scope inclusions and exclusions from the get-go

This sounds obvious but, as with so many things, the trick is in proper application. Having a developer say that they understand your specifications over the phone is different from them agreeing to a clear, well-defined scope document. Ask them to structure their working processes so that this step is included. And make sure you let them know it’s how you work from the start of your relationship.

In a similar vein, you want to make sure you’re kept updated at all stages of the development process. If a developer has misunderstood the terms of the initial brief, or if you decide on a different approach halfway through, changes can be incorporated with a minimum of wasted time and resources.

  1. Understand how frills contribute to scope creep

The motivation to add frills stems from the belief that clients will be pleased when developers add extras. Research has shown this isn’t true. Not only are developers doing themselves a disservice by going beyond the call of duty, they’re not actually adding to your satisfaction as a client. As long as you’re updated, keeping the first tip in mind, catching this should not be a problem.

The other side of this approach involves asking your developer to be proactive about offering extras for a cost. Doing so puts you in a position of power. It communicates that you’re not willing to pay for extra unwanted work whilst also showing that you’re open to suggestions that are in the interest of the project.

  1. Agencies should be proactive about pointing out issues

Speaking as a developer, one of the worst forms of scope creep is when a client asks for an entire project to be redone despite it meeting the agreed-upon specs. Developers and agencies are understandably hesitant to contradict their clients. Because of this, it’s important that a developer or agency is OK with pointing out issues. This goes hand-in-hand with agreed upon scope.

The reason that clients come to us is because we’re the experts. In the vast majority of cases, at least. Their wants are often little more than generalities – security, quick web hosting, high-converting design.

It’s my job to decipher what’s going on in a client’s head, offer what’s genuinely available and iron out their poor ideas…all before they see the final product and realise their mistakes. By ensuring that a developer is proactive about offering criticism, you’ll reduce the likelihood of getting an enterprise solution when a minimum viable product (MVP) is what you really wanted.

  1. Look for a structure in which communication is applied

As I’ve already mentioned, it’s normal for developers to feel worried about upsetting clients. But it’s up to them to make sure that they’re offering constructive criticism and feedback in a spirit of professionalism and dependability. Before engaging a developer, make sure that they have an established framework around how they intend a project to develop and what mechanisms for avoiding scope creep are included.

Michael Gerber, author of the entrepreneurial classic The E-Myth, said that the reason that people loved McDonald’s is because they knew exactly what they were getting every time. Asking for a solid structure around the way your developer works you’ll be of benefit to both you and them.

If you’re interested in website or app development, or need to consult somebody on either of those topics, please don’t hesitate to get in touch. And don’t worry, all of our services our scope-creep-proof.

Blog post

5 Simple Ways to Prevent Your Site From Being Hacked

I’m always amazed when people don’t take steps to ensure the security of their website. Hacking happens to other people. It’s never my site that’s in danger.

The stats, however, tell a different story.

37,000 websites are hacked every day. You can see the daily number in real-time at Internet Live Stats. As I write this, the number is just over 54,000. And it’s barely the afternoon!

The reality is that by taking a few simple steps you can protect your site from hackers. Here are five easily-implementable ways to improve your site’s security.

  1. Keep your content management system (CMS) up-to-date

This step is first and foremost. You should keep your CMS, plugins, operating system and any other software kept on your server up to date. Website software, particularly when it’s developed for Linux, uses open-source code. This means that all the code is available for hackers to scrutinize.

By ensuring that you have the latest version, you’re essentially putting yourself one step ahead of the hackers. CMSs like WordPress will automatically ask you if you want to install the latest software and security patches, and updating is usually a simple matter of clicking a button.

We recently had a client’s website get hacked a week after the 4.7.2 version was released. They were still on version 4.7.1 which had some exploits. It’s a simple thing to stay on top of, which is why we offer maintenance packages.

  1. Get an SSL certificate

This is important for preventing hackers from stealing the data that your customers give to you. An SSL certificate will enable the encryption of all the data that is exchanged between your server and your site visitors’ browsers.

Getting an SSL certificate is easy but the process of updating a site from http to https can be quite complex, with a number of potential pitfalls. It’s always worth bringing in a developer to deal with a full migration.

  1. Use strong passwords and usernames

Despite the obviousness of this advice, you would be amazed at how many people still use simple passwords and generic usernames for all aspects of their sites. Simple login details for your CMS are one thing, but if you’re using common passwords and usernames like “admin” for databases and webmail accounts then you’re asking for trouble.

Third-party tools, like Lastpass, can be tremendously useful for improving password security. They will generate and save login details, allowing you to access them quickly whenever you need, by automatically populating login forms.

  1. Guard against SQL injections and cross-site scripting (XSS)

SQL injections are one of the oldest weapons in the hacker arsenal. SQL is the language used to query databases. Whenever you log in to a password-protected area of a website, you are essentially asking that site’s database to confirm that your password grants you access.

By taking advantage of badly designed web forms, hackers are able to gain entry to your databases. Security measures, like the use of parameterized queries, tend to involve tightening the number of queries that a database will respond to.

Cross-site scripting works on a somewhat similar principle, but uses web forms to install JavaScript onto your site which then runs in your visitors’ browsers. If, for example, you run an unmoderated internet forum, a hacker could create a post that includes Javascript that asks for users’ information. As with SQL injections, protection involves restricting the ability of hackers to input malicious code.

  1. Use website scanning software like SiteLock

In the same way that you scan your home computer, it’s important to regularly check your server for viruses and malware. Shared hosting and managed VPSs will tend to have scanning software installed, or offer inclusion of a scanning service like SiteLock for an extra cost. It’s always worth checking what the options are.

What should you do next?

Website security isn’t a simple topic. Companies with bigger sites, especially those that deal with large amounts of data, are best-advised to seek the advice of a professional developer. We can handle all of this for you, head over to our capabilities to learn more, and get in touch with us today.

Blog post

5 Key Questions to Ask Before Choosing A Web Host

Travel back ten years and you would find that most small businesses didn’t have a website. Nowadays, twenty minutes of downtime is a cause for major concern, let alone actually having a site!

If you’re picking a web host for the first time, or changing your current provider, there are five key questions to keep in mind or discuss with your developer.

A little forethought now can pay huge dividends later down the line. Just consider, for example, that you discover that a host isn’t up to scratch. In order to switch, you’re looking at the transfer of thousands of files, several databases, potentially hours downtime and re-installation of any site software.

1. Do you need shared or dedicated hosting?

Most web hosting packages can be divided into two camps: those with dedicated and those with shared servers. A server is essentially a computer that stores all of the information about your website. People are able to access that information through their web browsers.

Shared servers tend to be inexpensive but have numerous drawbacks. Because you’re sharing computer space with other websites, you only have limited access to resources. Dedicated servers, which are on the other end of the spectrum, allow you complete control of available server space, bandwidth, webmail accounts etc.

Virtual private servers (VPS) exist as a midpoint between shared and dedicated servers. They provide the best of both worlds: dedicated resources without the cost of maintaining a dedicated server. For most business, they are ideal. Digital Bird, for example, makes use of VPSs for the majority of clients.

2. Can you scale with this hosting company?

Some web hosts cater to small business exclusively. Others tailor their packages to meet the needs of large enterprises. Different hosts have different solutions and you should consider them in the context of your business.

A startup expecting significant future growth, for example, will benefit from choosing a host that can streamline the process of upgrading to larger amounts of server space. A small accountancy firm, on the other hand, will likely have no need for enterprise-level services.

3. How reliable is technical support?

There are two factors to consider here. The first is whether or not a hosting company has a good in-house technical team that’s available 24/7 and that can be reached via your preferred means of communication in your language. Direct communication channels, like phone and live chat, are preferable because they enable you to get in touch with a specialist immediately.

The second is whether or not you want specialised advice regarding the type of website you will be hosting. Some hosting companies, for example, specialise in WordPress sites, whilst others have in-depth experience with eCommerce portals.

4. How robust are security features?

Robust and effective security features are particularly vital if you’re conducting transactions or collecting sensitive data through your site. SSL encryption, which will encrypt the data being sent to your server. is a must. A reliable firewall is another necessity.

It’s also important to check how often backups are carried out. Any good web host will provide them regularly. At Digital Bird, for example, sites are backed up daily, and this is a good benchmark by which to evaluate hosts.

5. Are there any hidden add-ons?

Not all hosts are upfront about which services aren’t included in their packages. As providers strive to offer the cheapest prices, certain features inevitably get pushed aside. They’ll snag you with a cheap introductory offer then charge you more for email accounts, domain privacy, and software installation

One of the big issues that businesses face is in regards to bandwidth. Bandwidth is important because it refers to the amount of traffic that your site can deal with. Make sure you check how much it’s going to cost you if you occasionally go over your allotment. That way, an article on The New York Times and the subsequent short-term spike in traffic, won’t break the bank!

If you would like to discuss any of these questions with a developer at Digital Bird, please don’t hesitate to get in touch. Head over to our capabilities to learn more. We have a wealth of experience and can discuss exactly what you need from a web host.