Some very popular websites
learned the hard way
this past weekend that placing third-party code in your website’s pages is a liability.

SiteMeter, a widely-used “counter and statistics tracker,” made some changes to its “backend system” that made it impossible for visitors using certain versions of Internet Explorer to load pages containing the SiteMeter code.

SiteMeter has since resolved the issue and in a blog post, explained the situation and apologized. That probably, however, didn’t do much to quell the anger of webmasters using SiteMeter.

The SiteMeter problem highlights the fact that when you place third-party code in your website’s pages, you are potentially making your website’s operation wholly-dependent on a third-party.

A simple “backend” change made by a third-party whose JavaScript code you use on your pages, for instance, can render your website unusable to a large percentage of your visitors, as it did for SiteMeter users.

While some focus on the way companies like SiteMeter respond to incidents like this, pragmatic webmasters will always take control of their own fate and make decisions that reduce their vulnerability.

Unfortunately, this is a difficult task when it comes to third-party code because it’s hard not to use third-party code on your website today. For instance, most of my clients use at least one service like SiteMeter or Google Analytics.

But you can take steps to mitigate your risk of falling victim to a SiteMeter-like problem.

Here are some tips:

  • Don’t use any third-party code that absolutely isn’t needed. While some types of services (like analytics) are often too expensive to bring in-house, avoid using third-party services that you don’t need when they require you to put code in your website’s pages. I see a lot of websites that are making use of cutsie “widgets” that are superfluous. That’s risky and you need to recognize the risks.
  • Compare different services. If you need some solution that requires you to place third-party code in your website’s pages, compare the services that provide that solution. Have any experienced major problems in the past? What are the policies of each? Don’t hesitate to contact the services and ask them how they maintain the integrity of their code and what testing they do before rolling out new code.
  • Consider free versus paid. While SiteMeter does have a premium service in addition to its free service, a lot of webmasters prefer to use free services for obvious reasons.

    Yet a worthwhile piece of advice that my attorney relayed to me is this – when you have paid a third-party to provide a service, you have a better ability to recover damages in the case that the third-party fails to deliver or harms you because of some negligent act. I’m not litigious but if your business depends on your website, you don’t want to be dependent upon third-parties that have no real legal obligations to you.

  • Monitor your website. While automatically catching errors generated by buggy JavaScripts can be difficult, you should be monitoring your website (see my post on monitoring services) and conceivably, there are ways to develop monitoring systems that detect such errors if the investment in time and effort is worth it for you.