Websites require constant maintenance.
You cannot install and configure a site and then not worrying about it for many years because this can lead to serious problems: failure, bad indexing, even legal issues.
The following is a checklist which refers mainly to the maintenance of a self-hosted WordPress blog, but with some adaptation can also be used for other CMS.
These are the activities to do as soon as possible if you have never done any WordPress maintenance.
Remember to periodically backup your site and database.
You can do this through different methods: from the control panel of your hosting, with the appropriate plugin, via FTP or phpMyAdmin.
If you do not have any technical knowledge, you can easily solve the backup problem, by installing a specific plugin (explained below in the article).
Save your data in a safe place (not on the server where your site is located, for example).
Backup is essential, because during upgrade and maintenance, many things can go wrong, and if you are not skilled enough, the only way to resolve it quickly is by returning to the starting position by restoring the backup.
Tip: Make sure to keep multiple backups in diverse locations. Also, maintain 3-4 different periods of time versions of the backup.
Be sure to always upgrade to the latest version:
IMPORTANT NOTE: If you have not followed the guidelines of WordPress, and you have modified core files, or standard themes without creating child ones, or else, you have changed the code of the plugins, with the update you will lose your changes (learn more at WordPress.org about child-parent theme relationships).
For any online business, security is indeed one of the most important aspects to take care of.
So install, activate and configure your favorite security plugin. The best ones are:
- iThemes security
Choose one and stick with it, because if you are going to install more than one of these security plugins on your blog, they can go in conflict and weigh down the site.
If you are not able to configure them or you do not know to interpret the results, you should consider requesting the professional assistance of some experts (for example by choosing a Sucuri plan here: Sucuri antimalware service. Or any other similar service).
If the plugin (and your knowledge) permits it, you can even think about making a hardening of your site (you have to know what you do otherwise you can cause problems).
Ensure that FTP, control panel and WordPress passwords are safe enough, which means including:
- Letters and numbers, if possible symbols
- Upper and lower case
- At least 16 characters, not used anywhere else
Do not use “qwerty” or “123456” as your password. You may be smiling right now, but many people still use these.still use these.
If you need a free and safe password generator tool, Norton has a good one.
Cleaning is an essential process to eliminate possible points of attack.
The fewer themes and plugins you have, the less chance of exposing your site to vulnerabilities, so keep only the ones you need and deactivate and delete the others.
This activity is necessary because even if disabled, themes and plugins can be used to conduct attacks, so keeping them over time without updating means being exposed to risks without any benefits.
To eliminate the ones you don’t need just make sure they are disabled, so then you can proceed to remove them via WordPress dashboard or FTP.
It’s also important to:
- Eliminate test areas or clones
- Delete zip files, temporary files, huge log files, old backups, etc.
The slimmer the site, the easier and faster will be the backup.
Renewal of Licenses for Plugins and Themes
Some themes and plugins require you to pay a subscription, which must be renewed when expired, in order to receive updates.
Verify that the admin users are only those actually required. Remove the admin role to those who do not need it.
Make sure there are no unwanted users: if there are (and you are in doubt on what do), instead of a deletion, just select the “no role for this user” option.
Check also for any malware users or spammers. In this case, delete them immediately.
It’s a good practice to ask users with elevated privileges to use secure passwords.
These activities are vital and cannot be done manually. So think about automated tools.
Using plugins to automate the backup process will save you from any error or omission.
Some hosting providers already ensure the backup service.
Do not use plugins that save the data on the site itself: they are useless and will make it heavier.
Use professional plugins that store backups on external servers.
The best are:
- Updraft Plus
You should always check if your site is online.
There are several tools to help you in this matter and the most popular ones are:
These websites offer a reliable service for free or at reasonable prices.
Also in this case, sometimes they offer hosting services included in their packages.
Tasks Needed When You Receive Notification
These activities are vital and must be carried out without delay as soon as you receive a notification:
- WordPress security update
- Plugins security update
- Themes security update
- Checking after reported activities of spam or malware
- Verification after specific reports of your visitors or site users
- Control after security notifications by plugins or antimalware services
To do weekly or monthly:
- Control of log files
- Check functioning of contact forms
- Check functioning of comments
- Checking and fixing broken links (you can use “Broken link checker“. A note: this plugin can be heavy for your server. You may want to disable it without deleting it as soon as you are done with the checking task. Many hosting providers can suspend or even terminate your account if you use too many server resources)
- Check the mobile version of your site (use Mobile-Friendly Test tool by Google)
- Control the following sections of your site (either on a desktop and on mobile): home, categories, archives, search results, error pages, single posts, single pages
- Check these areas of the pages (either on a desktop or on mobile): header, menu, content, sidebar, footer.
The maintenance of a WordPress site is important, especially for the safety aspect.
You cannot forget it, even if you do not update the site with new content, because also in this case it is necessary to worry about regular maintenance ( daily new vulnerabilities are discovered).
I hope this small guide will help you secure your website and regularize the process of maintenance.
Are you following already all the steps mentioned in the post?
What plugins or services are you using?
Please don’t forget to share the content, if you found it useful.