There are many questions you can ask when selecting a developer to build your website. Are you compatible with them? Do you like their portfolio? Do they have good references? There are, however, some non-obvious questions that you should also ask before making the final selection. Here are 3 that I recommend you ask any potential web developer before hiring them.

What is the biggest website you have ever developed?

You need to know that the developer you are hiring has developed a website around the size of yours and knows how to make sure the site stays ?performant?. (Performant is a word developers made up to say ?runs fast?. If we all said ?runs fast?, we think you may not need us because you understand things.)

How do they deal with scalability of websites your size? Do they have experience scaling a website both up and down to handle seasonal traffic? Do they know how to build websites that are fast even under load?

You need to make sure your developer has previously built something of the same size as your site. You need to know that they have already faced the problems your website will run into and have answers at the ready for them.

Action Item:

Ask any potential developer for 3 websites that they have built around the same size as yours. Then, after you have left them, put each of them through this URL:

http://www.webpagetest.org/

A Pagespeed score lower than 80 is is a red-flag.

Where will you host my website?

I am assuming you are allowing your web developer to choose the hosting platform for your site. If you are managing this yourself, skip to #3.

It is important to know where your site is being hosted. Many web develoeprs have hosting agreements with hosting companies and will put your website on a server with hundreds of other websites. This isn’t necessarily bad, as long as you know it. It doesn’t make sense to dedicate an entire server to a small site, especially for personal blogs or small businesses.

However, some developers will stick with their hosting provider, even if it isn’t the right solution for all websites, simply because it is what they know. Many small business sites are better served on a Virtual Private Server than shared hosting. If your website will be doing ecommerce then you need to make sure that the server that is handing the transaction is PCI compliant[1], most web servers are not. You need to make sure that your website will have the resources it needs and not be at the mercy of other sites.

Action Item:

Ask any potential web developer for three websites hosted with three different hosting partners or on 3 separate servers. If they can’t provide that then it is a red-flag because it means that your site will most likely be one of hundreds on a common server.

What will you do to secure my website?

Security is very important these days and should be something that you discuss with any potential web developer. You need to make sure that your developer understands the importance of security and has a plan to keep your site safe.

The best security is layered. It starts with good, secure, and audited code. If your web developer is building on top of an open source platform like WordPress or Drupal, you don’t need to worry about the code being audited. Large open source projects have large communities behind them. As long as your developer keeps their sites up to date,? you will be reasonably protected. If however, the code that will be running your website was written by the developer, ask for proof that it has been audited by an outside vendor in the last twelve months.

The next layer of security is software: making sure all applications running on the server are regularly patched and up to date. Many servers are compromised not because of the code that the developer wrote but because a vulnerability exists in one of the many, many programs it takes to run a modern day website.

The final layer of security is a firewall. Your website should be run on a server behind a firewall. These days many servers have firewall software installed on them, and in many cases that will suffice. The firewall should be properly configured, though, to only let traffic into those applications that you are actively using. For instance, if all your server does is serve web pages then the firewall should block all traffic except for web traffic. If your developer stares at you blankly when you ask this question, and they can’t produce a system administrator who handles this for them, it is a serious red-flag.

Action Item:

If your site will be built on top of WordPress or Drupal, or any other open source project, ask your developer to pull the site up in a browser, view the source and show you the version number. Most modern day packages put the version number in the comments somewhere. As an alternative, they can log into the site as an administrator and show you the version number. Most modern web applications show the current version number on the administration pages. Then, when you are away from them, research that package and find the latest version number. Unless the version numbers have changed in the very near past, they should match. If they do not, that is a red flag that should not be ignored.

Wrapping it up

There is no ?silver bullet? question that will ensure that you hire the right developer. Even if they pass all of your tests, things could still go wrong. However, there are questions that need to be asked beyond the obvious one to help you make the decision. I’ve given you three here to get you started.

[1] Payment Card Industry (PCI) standards. If you are storing and processing credit cards on your website, you must have a PCI compliant server. http://www.pcicomplianceguide.org/

About the Author:CalEvans is a professional programmer, writer and speaker. His passion in life is helping people do great things with technology. His latest book is AvoidingaGoatRodeo:Howtogetwhatyouwantwhenhiringadevelopertobuildyourwebsitewhich does just that.