Offshoring, crowd sourcing and the unspoken cost folly

Preface: I am writing this piece from the perspective of someone who has dealt with offshoring/crowd sourcing (CS) from multiple angles – as a business who has had to pick up the pieces for others, as someone who knows people in companies using it to save money, and as a business who has lost clients to it. This is not to say that it’s all bad, I know those that have had very good experiences.

I could also be accused of providing off shore services myself, having worked for clients in the US, UK and EU. Of course there’s a slight difference of being recommended by clients/friends, and actively seeking….

TL/DR Summery:

Off shoring/crowd funding can work but from my experiences, there are unspoken pitfalls…

Is it legit? A.k.a is the site you have just paid for really above board? Is everything that needs to be licensed, licensed and trustworthy?? Do you know and do you know how to find out?

What does this do? A.k.a Do you know what you’ve been given and where to look if it breaks?

Best Practices… what practices? Site & directory security, SEO and plugin auditing? Not been done? Guess what, it needs to be and that is time. Time = money and if you’ve paid less, then you’ll get… less.

Is it really cost effective? Less really does often equal more, especially when you have to redo, fix or complete what’s been done.

Being accountable? Who, me? Who do you call when it goes wrong? Only got an email? Is their name really John Smith?

The nasty. And yes, there are horror stories.

Got more questions? It’s all in the article below…

Offshoring. The act of finding a supplier, usually in the East, in the lure of saving money. Be it for a website, documentation, coding or any number of things, the rise of the ‘crowd source economy’ and the easily accessible online marketplace’s where it ultimately about the cheapest quote, has changed they way many businesses think about sourcing skills for project work. The idea of more bang for the buck, especially where many local ‘shops’ are pricing themselves far above what the work’s worth is, understandably, very tempting. But what are the real costs? Is it as simple, and cost effective, as everyone has been led to believe, or are there pitfalls few speak about?

When it comes to websites, one needs to understand that they are made up of moving parts and in the case of WordPress, those parts can often provide critical functions. If, as a client, you are not across the way the system works, you are likely to be in for some rude surprises six months down the track when you are out on your own and things start going a bit skewif. …

Is it legit, a.k.a is the site you have just paid for really above board?

Licensing is a major issue with much of the CS work I have had to take over. Be it the commercial theme used to build the site, or commercial plugins employed to provide functionality, I have come across (though agency projects no less) websites with ‘illegal’ plugins installed that provide core functionality to the build. I use the term ‘illegal’ to describe any legitimate commercial plugin that has dubious, at best, licensing attached.

Unbeknownst to many, commercial additions to WordPress based on less than legit, or non renewed/renewable licenses are rendered useless when they require updating – which in the WordPress ecosystem can be quite often. What happens to your site when 1. This does happen and 2. You don’t know it’s happening?

What does this do? A.k.a Do you know what you’ve been given?

Another highly common trait are undocumented builds. Without record of what custom changes have been made, what plugins have been employed and what, if any, third party services have been hooked, the owners of a website are completely in the dark at handover. If something breaks, unless the original developer can be contacted (which sometimes they can’t), the process to diagnose and repair the situation can often be lengthy and costly.

In instances where commercial themes are used as the starting point (more on this in another post!) undocumented changes can be disastrous. I have worked with several sites affected like this so badly the best, and most cost effective, course of action was to rebuild the site! Worse still are sites where undocumented custom code has been employed to achieve a particular function; when the code no longer plays nicely with the latest release of WordPress the site starts to fall apart.

Best Practices… what practices?

Just because someone can build you a pretty looking website, it does not mean they are going to provide you with what is best practice; sadly this is more often the norm than not. As with everything, there are right ways to do things and then there are wrong ways. Websites are no different and if the price is ‘cheaper’, the chances are that best practices are going out the window because time is money and ‘cheaper’ means less time.

What are we talking about?

I have worked on sites over the years where to save money plugins, the little applications that extend the core of WordPress, have been of the free variety (that’s when they have not been of the illegal sort). Every good developer will always use commercial options where it’s a core function – it’s not cheap but it’s safe, but most will use a mix of commercial and free (or freemium) plugins, adhering to vigorous vetting processes to determine reliability and long term safety. Researching plugins though can take time and you need to know what to look for. More often than not in the case of CS builds, I have found there to be little, or no, vetting and a free plugin will have been installed just because it seems it will ‘do the job’. What you can end up with is a site built on unknown quantities which as I have seen, can have costly outcomes both in terms of functionality and security.

Best practices also includes security, both within WordPress and at the directory level. Anyone can throw up a WordPress site but how many will have spent the hours researching, developing and implementing best practice security? A recent site we took over, while built relatively well (it had undocumented commercial plugins they could not explain to the owner) had zero security in play, meaning the site was wide open to hacking and brute force attacks. Without a core security protocol backing up your site, it remains wide open to malicious operators.

And let’s not forget ‘on page’ SEO. Installing a SEO plugin is not SEO, it’s installing a plugin. Setting up SEO properly is a time consuming process with multiple on and offsite components. As a result, the vast majority of sites I have had to service have zero SEO value, and without SEO work, your new shiny site is unknown to search engines.

Is it really cost effective? Less really does often equal more.

The fallacy of the CS provider is that as a client you will save money, especially when the job has been underquoted. To upper management the cost savings on paper always looks good but what is never accounted for is the time needed to be spent ‘fixing’, or finishing, what comes back. Sloppy art working, disastrous writing (I have had to correct copy that was barely English), plan documentation riddled with mistakes, the list goes on from business acquaintances with experience in the CS world. If you take into account what I have mentioned so far, the medium term cost where you have to pay to fix or complete quickly adds up to the same, if not more more, than having had it done ‘locally’ to begin with.

While I have lost clients to the allure of cheap, I have picked up more when things turn out less than ideal.

Being accountable? Who, me?

This one’s something never considered until it needs to be. What happens when things don’t go quite right? If things do not go to plan, it’s very easy for a CS provider to go ‘dark’, especially when the final money’s parted hands. With no jurisdiction, as a business you are left high and dry when your provider vanishes into the ether. With often no more than an email to go on, you have no security and the ratings system on sites like Fiverr are dubious at best. Having set up an account as an experiment, I can attest security and identity checks they have are non existent beyond verifying my gmail account; the ease of which you can close an account and create another is disturbing to say the least.

A website is a long term proposition and today can be the initial face or your business to customers and clients. Unless you are are committed to learning the ins and outs and running it 100% yourself, there needs to be a trusted and accountable relationship. Can you do that with someone only at the end of an email and ultimately in it for the short term?

The nasty. And yes, there are horror stories.

The best horror story to date came from an agency client that hired an offshore developer to build their corporate website (…!). After a protracted ordeal, the provider decided not finish the project and demanded payment in full in order to do so. Naturally, with nothing delivered, or even half finished and well over time budget, the project was re- sourced locally (!!). But that was not the end of the story…

For the next year, the developer in question not only stalked the owner of the agency online but attempted to hack, sometimes successfully, every online asset the agency had, including email.

Then there are the tales of websites that I have had to ‘save’ after malware was injected into the site right after offshore providers completed the project…

…

Everything mentioned above comes from my own personal experiences, or from people I know; and the incidences are increasing. That’s not to say all off-shoring/crowd sourcing is bad, it’s not and I know people that have very good experiences. For many businesses, I also can not fault the notion of at least entertaining the idea – I have a hard time coming to terms some local quotes given the scope of work. The reality though is while off shoring/crowdsourcing has provided what seems like an open, easy and cheap market, it also bypasses many of the established practices that ensure robust end products and accountability that come from doing it ‘the old way’.

When it comes to your business assets, is saving some money really worth the potential complications and inherent risk? But maybe playing pot luck seems like more fun?