WordPress is the most popular Content Management System, or CMS, with over half the CMS market. That’s a pretty good endorsement for it, but it also means it’s a bigger target for hackers. Because of this, updating your WordPress website is just as important for site functionality & security as updating your Windows computer.
WordPress Maintenance Schedule
A couple of additional items which are one-time items:
24/7 Uptime Monitoring
Your website needs to be up & running and available to your customers 24/7. The only way to know for certain if your website is up and running is to monitor it.
A simple way to monitor if your website is up & running is to use a monitoring service like Uptime Robot. Their basic free plan allows you to monitor your site at 5 minute intervals and have them email you if your website has a problem.
Your website is only as good as your latest backup.
Website backups are probably the single most critical item for you to make sure is done. And not all hosting companies even offer backups, let alone handle them automatically or on demand. Some of the quality managed WordPress hosting companies do include regular backups with easy backup restore.
In addition to having your host backing up your website daily (and especially if your host doesn’t), you’ll want a 3rd party service that stores your backups off-site. UpdraftPlus is one plugin solution that will do this for you on a set schedule— but they will not provide the storage for the backups. You’ll need something like Google Drive or Dropbox to store the files.
While Updraft can restore files from a backup under normal circumstances, there are times that isn’t possible. For those you’ll need an emergency plan and a WordPress professional who knows what they are doing to handle it.
Do you know if your website is has been hacked?
In a lot of cases when a website is hacked the hacker does NOT deface the website. In fact all they may do is add a small JS snippet to your website footer which only triggers on a small number of visitors. Why would they do this? Simple, they want the hack to go unnoticed for as long as possible, and they want to infect as many people as they can.
Sucuri has a free malware scanner which does a good job of detecting a number of types of malware, but it can’t detect everything (because it’s just scanning your website as a visitor would). Due to that, it’s important to have a website scanner with full access to your website scanning regularly.
And you don’t just want to scan for malware, you want to check for known vulnerabilities, blacklist status, website errors and out-of-date software. For this we recommend iThemes Security Pro.
There are three main areas that you need to check:
- WordPress version
Most frequently, new versions will be available for your plugins.
When to Update
I generally recommend setting a time each week to check on your site. It’s kinda like taking out the trash, it doesn’t take long, and it prevents some smelly problems.
If weekly is really killing you, monthly works pretty well too for simple sites. Any less often than that and you’ll probably be forgetting too much of what goes on.
Before you Update
Before you update, you should always make sure that you have a backup of your website (and can restore it if needed). Rarely does anything go wrong, but better safe than sorry.
If this already is sounding daunting, check out our Maintenance services.
Updating from Plugins Screen
Checking & Updating 3rd Party Plugins
Worry-Free WordPress Benefit: 24/7 Monitoring, Updates, Security Scans, and Backups
For clients who are signed up for our Worry-Free WordPress Care Plans we handle all of this. Your website is monitored 24/7 for uptime including monitoring your website’s SSL status. We also scan your website daily for known vulnerabilities, blacklist status, out-of-date software, and malware.
Comment Spam Cleanout
Your website’s database can easily become filled with excess junk over time. Just like your desk if you don’t regularly clean it up.
There are several ways you can clean out your website’s database.
- Periodically cleaning your website database with a plugin like WP Optimize.
- Periodically cleaning your website database with a service like ManageWP’s optimization widget to clean out spam, post revisions, and database overhead.
- Periodically as part of your website speed optimization using a plugin like Breeze or WP Rocket.
404 Checks / Broken Link Fixes
Broken links are when you have a link that goes to a 404 not found page, or non-existent servers, etc. Basically, it’s a link that when you click it doesn’t go anywhere useful. Unfortunately, they are a nightmare to find without a broken link finding tool.
Google (and other search engines) really hate broken links. Too many broken links and you run the risk of losing your search engine rankings.
A tool like Dead Link Checker will analyze all the links on your site and give you a report of any failed tests. You can then go relink these items to relevant content.
The faster your website loads, the happier your visitors and search engines will be with it. I recommend periodically checking your website’s loading time using services like Pingdom, GTmetrix, and Google’s PageSpeed Insights. I always recommend using several different services to check your website as they will vary in the data they report.
Your goal should be a website that normally loads in under 2 seconds.
Periodically you should do a security audit of your website.
- Check the security logs of your security plugin
- Review the settings of your security plugin
- Review the users on your website to see if any need to be removed
- Check your website’s blacklist status and website reputation with major anti-virus software vendors
Verify website email working
Let’s be honest, most people have no idea if their website email is working or if it has a good deliverability score.
The first thing you should do is give your email a test using a service like Mail Tester to see if your website is actually delivering email. If it’s not or it has a low deliverability score, then I recommend you check out my article on how to fix your website email for good.
Verify contact forms working
If you aren’t getting regular contact form submissions there could be three reasons:
- Form works fine, but no one is filling it out.
- Form is broken and you are missing form fills.
- Form is being filled out and you aren’t getting the emails.
First thing you should do is grab a device where you aren’t logged into your website (I like to grab my phone) and send yourself a contact form! I particularly like to use my phone (with wifi turned off) so that I can test to make sure that mobile works as well. If it fills and you get the contact form, then you’re good to go! If not, you’ll need to dig into it.
Second thing you should make sure is that contact forms are being stored to your website’s database. This can be using a plugin which stores it (like Gravity Forms, Forminator, Contact Form 7 Database Addon, etc) or with an SMTP plugin that stores all emails from your website. Personally, I like redundancy and storing it in both.
Third, if the forms are going through fine but you aren’t getting the email, read the above on testing and fixing your website email.
At least once a year you should review your website’s plugins and themes to make sure that you still need all of it.
Plugins get discontinued, and better plugins come out, and sometimes the functionality of a plugin even gets incorporated into the core of WordPress. It’s important to review all of your plugins to make sure they are still supported and their functionality is still needed.
SSL certificate check
Does your website have an SSL? If the answer is no, then you should get one. Many hosting companies offer a basic certificate for free, and Namecheap has very inexpensive ones ($5/year) if your hosting doesn’t provide them for free. Unless you are running a decent sized eCommerce business, there generally isn’t a reason to pay for more expensive SSLs.
If you do have an SSL, you should check to make sure it is configured properly using a service like Why No Padlock. You should also keep track of the renewal date and make sure that your hosting is either auto-renewing it or you are updating it at renewal time. There are also services which monitor your SSL for issues and send you alerts about upcoming renewals.
If you have any paid themes or plugins on your website (or third party scripts to paid services) then you’ll want to keep a spreadsheet of when those items come up for renewal and make sure that you have up to date licenses for them. Depending on the theme or plugin, it may or may NOT tell you when it needs to updated if it comes from a third party.
Worry-Free WordPress Benefit: Free Licenses
For clients who are signed up for our Worry-Free WordPress Care Plans we track their premium licenses and remind them about updates needed. We also provide free licenses for a number of popular WordPress plugins. In some cases, the amount of free licenses alone makes up the cost of the their Worry-Free WordPress care plan.
This is a bit like spring cleaning for your website. About once a year it’s a good practice to do a content review of your website. Go through all of your website’s content: blog posts, pages, and any other custom post types you have. Make sure that your content is still needed, and if it’s not, then remove it and set a 301 redirect to the appropriate location.
PHP is the software that powers WordPress. Just like your operating system, PHP releases a new major version about every year, and with most hosting companies you need to either manually set your site to use the current version or you need to request your hosting update you to the new version.
Worry-Free WordPress Benefit: PHP checking
For clients who are signed up for our Worry-Free WordPress Care Plans we track PHP versions for all of our websites and either update it automatically for you; or instruct you on what you need to request of your hosting company.
Verify all logins
Many people only try to login to their various service providers when there is a problem. Unfortunately, if they haven’t logged in lately, this can be a big problem.
In fact, people have lost their entire domains (websites, email, everything) because they hadn’t logged in and updated their contact information. It took 75 days to get their domain back, and they were lucky to even get it back.
So, at least every year you should make sure to log into all of the following and make sure that all of your contact information is up to date:
- Registrar – this is where you registered the domain. Make sure your account info (name, email, phone, credit card) is up to date as well as making sure that your domain registration info is up to date.
- Nameservers – if this is different from your registrar
- Website hosting – this is where your website is hosted
- Email hosting – this is your admin login for your email hosting where you can manage email accounts, and update credit card info.
- Any other domain related services you have
Review website emergency plan
We all hope that nothing goes wrong with a website, but sometimes things do go wrong. Sometimes it’s the white screen of death, sometimes it’s PHP errors, sometimes it’s plugins, sometimes it’s your website’s hosting itself. It’s important to have an emergency plan in place.
For some things (like 503 errors) your hosting company can usually fix them. And depending on that company, that could be 5 minutes or a couple of days. But, for things like plugin errors, or software settings you are likely on your own for resolving them. That’s the time it pays to have a WordPress developer on retainer to turn to when things don’t go right.
Many people don’t think about their website copyright info, but it’s important to have on your website. Your copyright info should consist of:
- the copyright symbol ©, the word “Copyright”, or both
- the year of publication – this can either be the current year for regularly updated websites or can be a year range (ie: original website launch year to current year)
- the name of the copyright owner
A common example is: © 2020 Company Name.
In fact, many WordPress themes automatically put in the copyright symbol, current year, and name of website.
When a website visitor lands on a URL that doesn’t exist your 404 page is triggered. This could happen because you changed a URL or it could happen because they just made a typo. It’s important to have a 404 page that gives your website visitor somewhere to go so they don’t just leave.
Proper SEO tool setup
Many people just install an SEO tool and then forget about it, without ever configuring it properly. Mostly, because they don’t have any idea how to configure it properly. It’s important that you follow the directions for your SEO tool and get it configured properly the first time.