Technical Website Due Diligence

Technical Website Due Diligence

This following guest post is written by Mauro Chojrin. Mauro works as a consultant and technical trainer, and is the CEO of Leeway, an IT consulting company.

What exactly are you buying when you buy a website?

When you buy a website you are in fact taking ownership of a few things:

  • A domain name (Or perhaps several)
  • A brand
  • Some pieces of content (Photos, texts, etc…)
  • A user/visitor base
  • A piece of software powering this all

There’s a bunch of verifications that can be done from the outside (Like looking at the WhoIs history, Establishment Claims and other concerns addressed in this post), but there’s a lot to be said about the last piece of the puzzle: the software powering this all.

If you can’t run some verifications on the software, it’s very hard to answer questions such as:

  • How costly will it be to update this website to fit my plans?
  • Will it even be possible to update?
  • How long will it take?
  • What kind of help will I need to pull this through?

It’s like buying a used car without even pulling up the hood and looking inside of it. Would you make such a purchase?

What’s to be checked?

First of all, you need to know the different ways in which a website can be built. The list is, of course, huge, but I’ll keep it simple to make my point. I’d say there are three classes of websites you can find out there:

  • Based on someone’s platform (e.g. Shopify stores)
  • Based on an established standard (e.g. WordPress sites)
  • Completely built from scratch

In the first case, there’s really nothing for you to do. Your technical risk here is pretty low (together with your action margin but that’s a different story). The only advice I’d give you here is to watch out for not being too comfortable playing in someone else’s backyard.

The second case presents a low to medium technical risk. What happens here is that there’s a possibility that the original tool has been customized in some weird way that could make it hard to improve upon (Not very common but can definitely happen).

One way to check for that would be to get a fresh copy of the version the site says it’s running and compare the files with the actual site code… it can be a little messy, but it will certainly save you from some trouble.

Basically, if you can check that the used version is up to date you don’t have much to worry about.

If this is not the case though… things can get pretty messed up.

Ideally, you want to have your site run the latest version available. In order to do that you’ll have to run through the migrations that are in place (At least to get to a version that can be supported by the hosting you’re moving the site into).

Now the third scenario is where the fun is (at least for me :)).

When you find yourself in position to buy a site like this (SaaS usually fall in this category but are by no means the only website type that can), you definitely want to pay special attention to a few traits. I’ll list them in descending order of importance and then give a few pointers about why I ordered them this way:

  1. What’s the basic technology behind it? (What programming language is the code written in)
    1. Is it using any kind of framework?
  2. How well is the code documented?
  3. What technology is being used for data storage?
  4. What dependencies with third-party services are in place?
    1. How well are those dependencies isolated from the core?
  5. How complex is the overall infrastructure?

Let’s dig a little deeper into each one.

What’s the basic technology behind the platform?

This is probably the most important technical check you can run. The same piece of software can be built using a big array of different programming languages. You probably heard of PHP, Java, C# or Python, but that’s just the tip of a very big iceberg. There are almost limitless possibilities to this. Of course, as in every other industry, and even though there’s controversy around which language is THE most used, the consensus is around PHP, Java, JavaScript, Python, .Net and Ruby being at the top of that list, so… if the platform is built upon any of these technologies there’s less of a chance finding developers to support its growth will become a major bottleneck.

How do you tell which language the site is built upon?

There’s really little you can do from the outside (Meaning, without reading the actual code). In the case of PHP (My personal field of expertise), one simple way to determine that is by looking at the URL. If you find something like, then there’s no doubt that PHP is involved (It may not be the only technology used, but it’s a start). Unluckily, the URL not showing .php doesn’t automatically mean the site isn’t powered by it (As a matter of fact, it’s a very good security practice to hide this kind of information from the outside).

So… if you really want to make sure, you need to get your hands on the actual code.

Once you got access to it it’s really easy to tell what language is being used, if it’s PHP the file names will end with .php, if it’s Python they’ll end with .py, if Ruby it will be .rb if you see filenames ending with .java you’re looking at Java code and so on.

This should be your first red flag. If you can’t map the source code to any of this popular languages, you may find it hard to evolve the software with any team other than the original.

Then there’s the question of version. Bear in mind that a programming language is also a piece of software (Technicalities aside) so, as any other software piece, it evolves over time, meaning new tools are made available to programmers in order to make their job more efficient, but, at the same time, some tools are removed.

You want to make sure the system is ideally built using the last stable version of the language, or at least not a really old one.

For instance, at the time of this writing PHP’s recommended version is 7.1 (7.2 is about to come out).

Many websites are still using 5.6 (Two versions behind) which is not terrible, but certainly is less than optimal.

Now the real trouble comes when you find a website built using PHP 4. This version is so old that even language developers are not supporting it anymore (Meaning it’s vulnerable to all sort of threats) and quite frankly, it’s hard to get developers on board to use such an outdated tool.

I’m not currently using any other language, so I’m not so updated on the look of the landscape for them, but I know for sure similar things must happen.

And now the big question… how can you tell which language version is being used?

Well… this is a tricky one. What you’re looking for here are pieces of code written using old methodologies (Especially those that have been removed from the language moving forward, has many articles on how to upgrade a piece of software written in an older version that can give you hints) or, better yet, uses of language constructs that were only made available in a particular language version.

Is it using any kind of framework?

A framework is a very handy tool for developers of any language. It’s a toolbox that sits on top of the language and provides out-of-box basic functionality.

So the first thing you want to check (after you know which language the system is built upon) is whether the code is written using a framework or not.

This is usually easy to do. Basically by looking at the main file. It usually contains some reference to the framework being used (If there’s one in place).

The risk of the application not using a framework (or using a custom one for that matters) is that there’s probably little to no documentation available (meaning the learning curve will be steep for new developers joining the team) and it’s very likely that the code base quality is not too high (Standard frameworks are developed and maintained by large developer communities which usually means fewer bugs since there are significantly more eyes on the code).

Within the PHP scenario, there are plenty of candidates, but the strongest are:

  • Laravel
  • CodeIgniter
  • Symfony
  • ZendFramework
  • Yii

In order to actually map the framework being used you need to read through the code (Probably a couple of files will do) looking for a reference to a framework. If you find it, it’s a good idea to check what the community around the framework looks like (You definitely don’t want to be backed by a ghost community like it happened to me when I had to maintain an application built using Limonade PHP, notice how the latest update to the project was done over two years ago… bad sign).

How well is the code documented?

Code documentation is often the most undervalued asset in software development. Very few developers want to be involved in it’s production but, at the same time, they wish the code was better documented when they have to return to it…

But what exactly is it? There’s basically two kinds of documentation:

  1. End-user (Like manuals, FAQs, etc…)
  2. Technical

The one that we’re looking for here is the latter. What you want to have is a set of documents that can guide a new developer through the implementation complexities and at the same time be a reference for existing team members for how to fix common problems quickly.

It doesn’t really matter the length or the format of the documentation (I personally prefer something like a Wiki system where every developer can make contributions, but that’s totally personal).

What’s important is that the documentation is accurate and updated.

How do you check that? Again, this is more art than science, but you can get a very quick feeling of how good (or actually bad) the documentation is by simply reading through a couple of random documents and trying to follow them.

You will immediately notice whether the writing is clear and if it’s up to date with the actual code.

What technology is used for data storage?

Nowadays, almost every website stores some kind of data (Mostly information about their users or their content).

There are many different tools that can be used to accomplish that, and the selection is neither trivial nor simple.

The basic principle is the same as before: when in doubt, fail in favor of the most popular technology.

I’ve been involved in several projects that used the cool new technology where the system requirements clearly dictated otherwise and getting out of that situation was nothing like a walk in the park.

The problem with brand new technologies (Sometimes referred to as bleeding-edge) is that they’re usually poorly documented and, because they’re so new, not too many people have experience with them, so getting help when you’re stuck can be tricky.

This off course depends on the expectations you have for your site. It’s ok to try new things when the stakes are low (That’s the only way we could ever move forward, right?), but if you’re looking at the main software for your business you want to be a little more conservative.

What dependencies with third party services are in place?

Fairly complex websites usually depend on third-party services to perform certain tasks. The most common is email sending and tracking.

There are some excellent vendors out there that make it extremely easy for a small development team to leverage these high-quality services and build them into their own applications.

But the flip side of this is that by using these services you’re actually creating a dependency on a piece of software that you don’t control.

There’s nothing inherently wrong with that… if you know how to protect yourself from updates that could be game changers for your application, which brings me to the next question…

How well are those dependencies isolated from the code?

This is probably the most technical of the checks I’ve been talking about so far, and in order to assess this, you need a mid to high level of technical expertise in the particular tools upon which the website is built.

What you want to make sure is that no external service is used directly by the website.

How complex is the overall infrastructure?

A regular website has a fairly simple infrastructure:

  • A web server
  • A database server
  • An application server

Which, depending on traffic and concurrency can well be fit into one single computer (physical or virtual) and thus be easy to keep up with.

As the application complexity and usage grows, infrastructure tends to expand as well (There might be a need for extra servers, load balancers, etc…).

The most complex the infrastructure is, the higher the maintenance costs and the risk of failure.

As a general rule, I’d say that if the infrastructure is far from the standard, the help of an expert is useful (Not only in determining the cost of maintaining it as is, but also the possibility of reducing it without losing quality).

In conclusion

The whole idea behind these checks is to determine:

  • How flexible the software is
  • How experienced will a technical team need to be in order to take over
  • How hard will it be to bring new technical resources ready to put their hands in and tweak or upgrade the site

That should give you an idea of what you’re getting into by investing on this website. The fact that all the red flags are raised doesn’t immediately mean it’s a bad investment of course if you can purchase it at a bargain price and have the technical resources to fix all those issues it could be a great opportunity, but it’s important that you don’t get any false expectations.

Is it worth going through all this trouble?

Going back to the used car analogy… if you don’t know your way around cars you better have a trusted mechanic by your side when you’re evaluating that shiny used car.

Failing to do so can put you in a very uncomfortable situation. I should know… I’ve been there myself (With the car, not the website!).

 Have any questions? Find me on Linkedin or post a comment below!


Amazon FBA Buyer & Seller Case Study

Amazon FBA Buyer & Seller Case Study

I’m joined today by both Alan Peterson and Kurt Hansen, the buyer and seller of an Amazon FBA business that was sold on Flippa for $82,500 via Buy-it-Now.

This private label FBA personal care products business has 6 total products with a 4.7-star average review. The business generated $32,000 profit over the trailing twelve months and included the Amazon Seller Central Store, Amazon Vendor Central Store, and $25k of inventory at cost.


Changes to Flippa’s Reserve Met Functionality

Changes to Flippa’s Reserve Met Functionality

Starting October 31, 2017, Flippa will be changing the way the reserve met functionality works.

For the reserve to be met, there must be one bid placed.

In the past, auctions were considered to have reserve met whenever the reserve price matched the auction price, regardless if the auction had any bids or not. So if an auction had a $15,000 starting price and a $15,000 reserve price, this would highlight the price in green, indicating that the reserve has been met.

This is no longer the case.

For an auction to be considered as reserve met, it must now meet two criteria: First, the auction price must be equal to, or greater than, the reserve price of the auction, and secondly, there must be 1 bid or more. Auctions that do not meet this criteria will no longer be featured in the reserve met section of Flippa.

This is a small change, that we hope will have a big impact on how auctions are viewed by our users.

Have any questions on the upcoming change? Send us a quick email here.

Flippa Broker Badge

Flippa Broker Badge

Flippa Broker Badge

Between the premium sellers and super sellers, you may start seeing a new sheriff, err, badge in town.

Over the past couple months, Flippa has partnered with a handful of brokerages to provide highly curated listings to the marketplace. Brokered listings are unique, in that each listing has undergone a thorough due diligence check by the broker.

As a broker, you have the opportunity to fully customize your listings and work directly with our team to ensure a smooth and successful sale process.

With that, any broker that we’re working with now has the new badge. Here’s what it looks like:

How Does One Qualify for the Broker Badge?

First and foremost, to get the broker badge, you must own or operate a brokerage.

Second, you’ll need to agree to a certain set of performance and quality expectations. The two biggest things that brokers will have to do is to perform a comprehensive due diligence check on every asset, and also list every online business asset they are representing, for sale.

If you’re interested in being a broker on our platform, you can fill out the form here, and we’ll get back to you!

Perks of Being a Broker on Flippa

So what’s in it for the brokers?

For starters, brokers who partner with us will see decreased success fees on all their assets listed and each listing will receive the Editor’s Choice stamp. On top of that, brokers can expect free promotional upgrades, including homepage upgrades and inclusion in our online business newsletter, which reaches nearly 400,000 active Flippa users

Additionally, brokers will have a dedicated contact at Flippa, who is available to help out at any time.

Looking Forward

Our goal is to become the way the world buys and sells online business, and brokerages play a huge part in helping us move forward with our vision.

Get started! Fill out our form and we’ll get back to you: Flippa Broker Partnership – Expression of Interest Form

Have any questions? Drop a comment below!

Flippa Profile Interview: DomainMagnate with Michael Bereslavsky

Flippa Profile Interview: DomainMagnate with Michael Bereslavsky

I’m joined here by Michael Bereslavsky, a web entrepreneur, investor and Flippa Super Seller with $282,810 over 38 transactions and a 100% positive rating. Michael and I discuss his experience with buying and selling websites, his recent $165k sale via Flippa, advanced tips for buyers and sellers on Flippa, and his other businesses.

Tell us about your background as web entrepreneur.

Even early in life I knew that I wanted to be an entrepreneur, I loved numbers and finances, and was always fascinated with businesses and wanted to learn how they operated, what made them successful and how they could be improved and optimized. I studied Computer Science at the Technion – Israel Institute of Technology, where I had a few student jobs, but was fortunate to discover the potential of the internet for entrepreneurship early on.

Around 2004-2005 I first learned that you could start a business online with minimal investment and I was hooked! I read everything I could find online and quickly started building websites, learning about SEO and organic traffic, and experimenting with adsense and affiliate marketing. After some initial successes, I decided to reinvest the extra income into buying some more established websites that I could improve and grow further. Later on, I was able to sell some of these websites for a profit.

As the business grew I decided to turn it into a career and founded Domain Magnate in 2008 to focus full time on buying and selling established websites and premium domain names. We’ve since completed hundreds of deals with millions of dollars in value.

You’re one of the biggest users on Flippa, with a 100% positive feedback rating from 38 transaction and $282,000 TTV. What brought you to Flippa originally and why do you still use Flippa?

I was using The SitePoint marketplace since 2005, before it was rebranded as Flippa, and was fortunate to be among the first Flippa users when it was launched.

Most of our sales and purchases are currently done privately, through the network of buyers and sellers I’ve built over the years, but I also still use Flippa often for both buying and selling, as there are no other websites and domain names marketplaces that can rival Flippa’s scale and reach

You just completed your largest sale yet, $165,000, by selling the site Can you tell us about the website, the sale, and what you did to achieve such a high sale price? and (which was included in the flippa sale) are two amazon affiliate websites that focus on selling various products one would need to grow cannabis at home. Most sales are for specialized led lights that are used for growing. The sites feature review articles and in-depth guides that drive organic traffic from Google. Due to superb content and carefully planned on page SEO, as well as a few quality links, they are able to rank very well in google for highly competitive keywords, and drive targeted traffic which translates to sales.

I acquired the website in February 2017. The previous owner was interested in selling, but he didn’t have good stats. In the previous months the revenue ranged between around $1K and $5K per month as he was trying different monetization methods and the google analytics data was missing.

That didn’t deter my interest in it, because it had high quality content and good backlink profile in a profitable niche. I expected that I’d be able to increase revenue by improving monetization, and updating the site further with more content. Upon carrying out my due diligence, verifying the data, and interviewing the seller I was able to confirm my initial assessment that led to us agreeing on a deal in a short space of time.

After about 5 months I managed to increase the revenue to $8K per month, but I didn’t have as much interest in it as before, so the website wasn’t growing and started to get neglected due to other projects. I decided it would be best to sell it to someone who can take it to the next level, to allow me to reinvest in other properties.

I first offered it through our list to some of our frequent buyers, but the offers were lower than expected due to the niche. Flippa was the obvious choice for the sale due to its unprecedented reach and a large number of buyers from different industries. I was able to find a good buyer, who took a serious interest in the website and I’m confident that he’ll be able to grow it further.

We agreed on a price, processed the deal via Flippa escrow, signed a contract and handled the transfer. All went smoothly. After the sale I provided some training for the buyer and his employee to learn how to manage it successfully and grow further. I also always make it a point to follow up with my buyers to see how they are doing with the website, and if they have any questions or issues. We’ve had multiple skype calls and email exchanges after to make sure the websites are being properly monetized and maintained.

How many current sites do you maintain in your portfolio?

I have over 100 websites, but most are passive and do not require much input. We also have a small team to help update them.

What type of sites have you managed? Do you have a certain niche or business model you prefer?

I prefer websites that are more passive and easier to maintain. Mostly content websites with organic Google traffic, as they are easier to manage and easier to sell due to high interest among buyers. However, lately also focusing on SaaS and e-commerce websites as well.

In addition to websites, you have also sold quite a few domains on Flippa. As a seller, what’s the difference between domains and websites? Do you prefer one or the other?

I’ve been active in domaining since about 2007, mostly focusing on the more liquid short and 1 word .com domain names. In past years my focus shifted more towards websites, but I’m still active in the community, maintain a portfolio of premium domains, visit industry events and sometimes speak at conferences.

I bought and sold a few domains and portfolios via Flippa. These transactions are generally faster, simpler and less time consuming, however with reselling domain names the profit margins are usually a lot lower than with websites. I think Flippa is a great place for listing your domain portfolio, or for finding a specific domain name for your next venture.

You’ve had some experience working alongside our account management team. Can you tell me what that’s like and if they were helpful throughout the sale process?

I had a lot of help from my account manager, [Colton Moffitt], on this sale. He was instrumental in providing assistance, upgrades, speeding up the regular listing process, reaching out to potential buyers and helping carry out the transaction. It was definitely very beneficial and I would highly recommend the Flippa’s management services.

For sellers out there who are interested in selling their websites, what advice would you give them?

This is what I generally recommend to anyone interested in selling their online business:

  1. Start preparing upfront, at least 3 full months ahead before you plan to sell. Make sure to setup google analytics and other tracking software. Set up unique channels and tracking ids for your website in the affiliate and advertiser accounts. Get your finances in order and optimize profit, reduce unnecessary expenses, so you can show comprehensive data to potential buyers.
  2. If you know some website buyers, or your competitors who might be interested in purchasing your business, it’s always worthwhile to contact them first to check if you might be able to sell directly, or just see what they can offer.
  3. Always use a reputable escrow service, like Flippa escrow, or, unless you’ve done business before, or trust the other party.
  4. Prepare a very detailed Flippa listing. Be sure to explain the business operation, finances, include all the screenshots, try to have visual proofs for all your numbers. Use Flippa tools to verify GA and Adsense, and make a video for showing your revenues. For a higher revenue website utilize Flippa’s managed listing services or account managers.
  5. If your website makes substantial revenue buy Flippa upgrades for more visibility. The more people see your auction, the more bids you have, the higher price you can usually get.
  6. Promptly answer all comments and questions, and update your listing with new screenshots.
  7. If a bidder has no activity on Flippa yet and no feedbacks, no connected social profiles, you can contact them to ask for some extra information, to make sure they are a serious buyer. Sometimes new buyers change their mind, or simply do not have the funds available, so it’s best to check before approving a potentially winning bid.
  8. Provide good after sale support, keep up with the buyer to help grow the website further.

In addition to selling websites, you’re also a pretty prolific buyer. Tell us about your buying process (due diligence, payments, etc) and any tips you can give others looking to buy an online business.

At we focus on providing quick business liquidation service for online businesses. Most of our purchases generally take just 1-3 days. We save people time, as most other venues have lengthy listing and waiting periods.

My due diligence relies a lot on experience and also involves verifying stats, interviewing and researching the seller and site’s history, and evaluating risks.

My main advice to new website investors would be to

  1. Start small, do not risk most of your money on your first purchase. Set a budget range and stick to it.
  2. Learn and understand the risks associated with the type of website you plan to buy, and how to maintain it.
  3. Look for an advantage. Go after the type of deals that help you utilize your experience, expertise, interests, connections, analytical skills, or other areas where you excel, in order to increase your chances for success.
  4. Do your due diligence, verify everything you can, but also trust your gut!
  5. Instead of negotiating over price, it’s often more prudent to get better sale terms and after sale support

What other projects are you working on at the moment?

Lately I’m also focusing more on investing in and advising startups, as I believe that’s where my skills can be best applied to have the maximum effect.

I strongly believe in the blockchain technology and smart contracts, and expect they will play a much more significant role in the near future. We are already seeing major financial institutions, technology companies and even governments  investing more in research and development of decentralized blockchain based systems. They provide substantial benefits and optimizations compared to the current centralized systems in many industries.

I am also passionate about internet privacy and security, and recently joined the team as an adviser and early investor. It’s a new startup by an established VPN company that aims to build a P2P decentralized VPN network on the Ethereum blockchain. Privatix will enable Internet users to sell their unused bandwidth and get paid in cryptocurrency, while helping bring much higher degree of security and anonymity for its users.

Why did you decide to join Privatix and what are they currently working on?

The Privatix team have a proven record of achieving fantastic results, testament to their many years working together. The team have built a popular VPN network and other profitable applications. It completed its pre-ICO round of contributions in just 3 minutes with a $500K cap and is currently raising funds via an Initial Coin Offering by selling its tokens that will later be used for services in its network.

There is strong interest among investors, and a community of fans backing and contributing to the project. I believe the company is in a great position to implement the peer to peer VPN service, which will greatly improve online privacy, security and reduce Internet censorship.

How can our readers learn more about your projects or get in touch with you?

You are welcome to watch my Flippa listings, reach out via email or follow on Twitter, Facebook, Linkedin.