So often important tasks get neglected because you are either time poor or they get relegated to the too hard basket. The problem is that hackers love unattended WordPress websites because to them they are like ‘honey to a bee’.
WordPress Maintenance – Preventive Care of Your Investment
WordPress is powering around 25% of the websites on the internet and a high percentage of these are already infected with malware unbeknown to the site owners. Why? Because for whatever reason, many website owners are unaware that their websites requires regular maintenance for the life of the website.
So what follows is a short introduction to WordPress maintenance and preventative care for small businesses. Much more could be written about, but for now…let’s just dip our toes into the ocean.
Backup Your WordPress Website
How many times have you heard someone say ‘If only I had backed it up’?
SOME SIMPLE BACKUP RULES:
- IAlways backup your site’s database before you upgrade WordPress Core
- ISet your backup schedule according to how often you update your site
- IWhether you decide to use your web hosts backup service or WP backup plugin - DO NOT keep backup files on your web server.
- ITry to keep three backups in three different locations
- IBackup plugins will allow you to send backups to your PC or Cloud services, such as Google Drive, Dropbox, or Amazon S3
- IIf your site does not have a current backup, make this a priority today
Keep WordPress Software Up to Date
WordPress Core, themes and plugins are frequently updated for security reasons, so it’s imperative that your WordPress maintenance includes updating these items as soon as you can. The longer they are left unattended, the higher the risk that something malicious will get there before you.
UPDATING WORDPRESS CORE
- IKeeping WordPress up to date will reduce your chances of being hacked. Update ASAP.
- ISome web hosts will do this automatically. Check if yours does, or can do it for you.
ALWAYS BACK UP FIRST
UPDATING PLUGINS
- IKeep them up to date once you’ve installed them
- IAlways take time to consider the consequences carefully. Not all updates are guaranteed go according to plan and sometimes they can cause unexpected problems. (in case there are major changes, check the release notes before you update)
- IDelete any plugins that you’re not using - They are unnecessary security targets and items to update
- ICheck with your developer if you are not sure what a particular plugin does before removing it
UPDATING THEMES
- IWhen your theme update becomes available, install as soon as you can
- IProceed if your theme files have NOT been modified or is using a Child Theme.
- ICaution - If your theme files were modified directly, an update could OVERWRITE all the customisations that have been made. So check with your developer to see whether your theme can actually handle an update.
- IDelete themes not being used - They are unnecessary security targets and items to update.
Database Maintenance
How Do I Optimise The Database?
You can maintain your database directly from Cpanel (using phpMyAdmin) or you can use a WP plugin like WP-DB Manager, WP-Sweep or WP Optimize to delete those old revisions and drafts from the WP Admin area.
The WordPress database accumulates data from plugins, themes, pages, post and comments. A lot of junk data called ‘overhead’ also accumulates and slows down the database over time. Clean the database every few months to keep it running smoothly and quickly.
ALWAYS BACK UP FIRST
Find and fix 404 errors – Broken Links
Most of us have come across a 404 not found error’ that appears when a page cannot be found by the browser. Google will penalise you for offering your visitors a poor user experience, by relegating your website’s SEO ranking. So be sure to include finding broken links in your WordPress maintenance, if ranking high in search engine results is a priority for your business.
- Google Search Console will allow you to check for any Crawl errors.
- Screaming Frog is a free SEO tool that allows you to check for broken.
- Broken Link Checker is a WordPress plugin that checks for broken links.
Once you’ve identified the broken links in your site, you just need to either go to the relevant pages to update, redirect or remove the link.
Secure Your WordPress Site
Your site is under constant attack by malicious software crawling the internet looking for any opportunity to ruin your day.
HOW TO LOOK FOR ANYTHING SUSPICIOUS
Head over to the Sucuri Free website security check & malware scanner and enter your URL. It will check your website for all known malware, your sites’ blacklisting status, any website errors, and reveal any out-of-date software.
At the risk of sounding like a broken record, updating software is the essential security practice in WordPress maintenance.
There are some great security plugins that will help you keep your site secure. Popular ones include:
- WordFence – Free (has a Pro option)
- iThemes Security – Free (has a Pro option)
- Sucuri Security – Free (has Pro Option)
USE STRONG USERNAMES & PASSWORDS
Always change the default ‘admin’ username, because this will create one more hurdle for any malicious hacker.
Yes I know, you tired of being told about strong passwords and using a different one for every site, but else can you say if it’s the best advice?
Use a Password Manager to create strong passwords for you and remember each one that you create, so that you don’t have to remember anything. LastPass, Roboform, and 1Password are all excellent options to try out.
You can also enable WordPress two-factor authentication through the use of plugins, such as iThemes Security Pro, which adds another layer of login security.
USE SSL CERTIFICATES
SSL (Secure Sockets Layer) technology encrypts data transferred between a web server and your browser. SSL is typically used in eCommerce, where sensitive data is handled all the time, but you can use SSL to add extra protection for any kind of website.
When you purchase an SSL certificate and install it on your server, you will see the appearance of the familiar padlock icon in the address bar of your browser. You will see that the unsecured HTTP protocol previously in your website URL, has changed to the more secure HTTPS protocol.
In additional to improving site security, SSL will also boost your websites’ SEO, because Google now gives websites with SSL Certificates a higher ranking in their search results.
All looks a bit too much?
You want to avoid is putting off your website maintenance until a disaster arises. So if WordPress maintenance looks too big for you to handle, seriously consider taking up a maintenance which costs less than a cup of coffee per day.