The truth is that not everyone is comfortable with the technical areas involved in WordPress maintenance. If you are a business owner, you’re probably always busy doing what you love doing; which is running your business.
So often important tasks get neglected because you are either time poor or they get relegated to the too hard basket. The problem is that hackers love unattended WordPress websites because to them they are like ‘honey to a bee’.
WordPress Maintenance – Preventive Care of Your Investment
WordPress is powering around 25% of the websites on the internet and a high percentage of these are already infected with malware unbeknown to the site owners. Why? Because for whatever reason, many website owners are unaware that their websites requires regular maintenance for the life of the website.
So what follows is a short introduction to WordPress maintenance and preventative care for small businesses. Much more could be written about, but for now…let’s just dip our toes into the ocean.
Backup Your WordPress Website
How many times have you heard someone say ‘If only I had backed it up’?
Backups are your insurance in case something goes wrong. We don’t need them often but the day you do, you’ll give a huge sigh of relief.
SOME SIMPLE BACKUP RULES:
- Always backup your site’s database before you upgrade WordPress Core
- Set your backup schedule according to how often you update your site
- Whether you decide to use your web hosts backup service or WP backup plugin – DO NOT keep backup files on your web server.
- Try to keep three backups in three different locations
- Backup plugins will allow you to send backups to your PC or Cloud services, such as Google Drive, Dropbox, or Amazon S3
- If your site does not have a current backup, make this a priority today
Keep WordPress Software Up to Date
To keep your site secure, it is vital that you keep the software (WordPress Core, Theme and Plugins) up to date. Due to the popularity of WordPress, it attracts a lot of attention from malicious people who actively look for any vulnerabilities that appear in the software.
WordPress Core, themes and plugins are frequently updated for security reasons, so it’s imperative that your WordPress maintenance includes updating these items as soon as you can. The longer they are left unattended, the higher the risk that something malicious will get there before you.
UPDATING WORDPRESS CORE
- Keeping WordPress up to date will reduce your chances of being hacked. Update ASAP.
- Some web hosts will do this automatically. Check if yours does, or can do it for you.
ALWAYS BACK UP FIRST
Try not to panic or be lulled into a false sense of security because it’s so easy to update with a click of a button.
- Keep them up to date once you’ve installed them
- Always take time to consider the consequences carefully. Not all updates are guaranteed go according to plan and sometimes they can cause unexpected problems. (in case there are major changes, check the release notes before you update)
- Delete any plugins that you’re not using – They are unnecessary security targets and items to update
- Check with your developer if you are not sure what a particular plugin does before removing it.
ALWAYS BACK UP FIRST
Prevention is better than cure
- When your theme update becomes available, install as soon as you can
- Proceed if your theme files have NOT been modified or is using a Child Theme.
- Caution – If your theme files were modified directly, an update could OVERWRITE all the customisations that have been made. So check with your developer to see whether your theme can actually handle an update.
- Delete themes not being used – They are unnecessary security targets and items to update.
ALWAYS BACK UP FIRST
Better safe than sorry
The WordPress database accumulates data from plugins, themes, pages, post and comments. A lot of junk data called ‘overhead’ also accumulates and slows down the database over time. Clean the database every few months to keep it running smoothly and quickly.
ALWAYS BACK UP FIRST
At the risk of sounding like a broken record…backup your database first before cleaning.
Find and fix 404 errors – Broken Links
Most of us have come across a 404 not found error’ that appears when a page cannot be found by the browser. Google will penalise you for offering your visitors a poor user experience, by relegating your website’s SEO ranking. So be sure to include finding broken links in your WordPress maintenance, if ranking high in search engine results is a priority for your business.
- Google Search Console will allow you to check for any Crawl errors.
- Screaming Frog is a free SEO tool that allows you to check for broken.
- Broken Link Checker is a WordPress plugin that checks for broken links.
Once you’ve identified the broken links in your site, you just need to either go to the relevant pages to update, redirect or remove the link.
Secure Your WordPress Site
You may not realise it, but your site is under constant attack by malicious software crawling the internet looking for any opportunity to ruin your day.
HOW TO LOOK FOR ANYTHING SUSPICIOUS
Head over to the Sucuri Free Malware & Security Scanner and enter your URL. It will check your website for all known malware, your sites’ blacklisting status, any website errors, and reveal any out-of-date software.
KEEP UP TO DATE
At the risk of sounding like a broken record, updating software is the essential security practice in WordPress maintenance.
There are some great security plugins that will help you keep your site secure. Popular ones include:
USE STRONG USERNAMES & PASSWORDS
Always change the default ‘admin’ username, because this will create one more hurdle for any malicious hacker.
Yes I know, you tired of being told about strong passwords and using a different one for every site, but else can you say if it’s the best advice?
Use a Password Manager to create strong passwords for you and remember each one that you create, so that you don’t have to remember anything. LastPass, Roboform, and 1Password are all excellent options to try out.
You can also enable WordPress two-factor authentication through the use of plugins, such as iThemes Security Pro, which adds another layer of login security.
USE SSL CERTIFICATES
SSL (Secure Sockets Layer) technology encrypts data transferred between a web server and your browser. SSL is typically used in eCommerce, where sensitive data is handled all the time, but you can use SSL to add extra protection for any kind of website.
When you purchase an SSL certificate and install it on your server, you will see the appearance of the familiar padlock icon in the address bar of your browser. You will see that the unsecured HTTP protocol previously in your website URL, has changed to the more secure HTTPS protocol.
In additional to improving site security, SSL will also boost your websites’ SEO, because Google now gives websites with SSL Certificates a higher ranking in their search results.
All looks a bit too much...don't have the time?
One thing you definitely want to avoid is putting off WordPress maintenance until a disaster arises. So if WordPress maintenance looks too big for you to handle, get a WordPress Health Check to bring your site back up to date and on track.