WordPress Maintenance – Our 12 Point Checklist
Managing a WordPress website can take time a lot of time out of your day to keep it maintained and healthy. Are you doing any of these 12 important things for your WordPress website?
Oops! We could not locate your form.
Managing a WordPress website can take time a lot of time out of your day to keep it maintained and healthy. Are you doing any of these 12 important things for your WordPress website?
Update: This post was first written in October 2017, but received a full refresh in May 2022 and again in June 2023 to keep it current and useful.
A website requires some regular TLC to keep it ticking. As expectations for website performance continue to grow and evolve, it is important to keep your website in line with these.
Here are 12 important things to do to keep your WordPress website running smoothly.
WordPress is a constantly evolving CMS platform. This is due to its open-source nature and the huge community constantly working on improving it. Which includes adding new features, ensuring bugs are fixed, keeping it secure, and much more.
Keeping your website updated with the most recent version of WordPress Core gives you access to all of these improvements, security patches, bug fixes, and features.
Leaving your website sat on an old version can lead to security vulnerabilities, deprecated functionality, and plugin incompatibility issues.
All updates should be preceded by a backup, and ideally tested on a staging site first (a private clone of your site on a separate server). This is to ensure the update doesn’t break anything or cause any clashes with plugins.
Did you know there are over 60,000 plugins available for WordPress?
Not all are created equally, and some don’t receive regular updates and patching. This can leave them open to vulnerabilities and hacks. Always measure up the necessity of a plugin. Ensure it is trusted and well-maintained before adding it to your website.
Other more reliable plugins get regular updates and patches, and it’s very important to keep these up-to-date. This will keep you protected from the risks of out-of-date versions leaving you vulnerable to hackers, who might have found exploits in these older outdated versions. The patches and updates are there to improve security, close vulnerabilities, and improve performance.
It’s strongly recommended to check frequently for any new plugin releases. Check their compatibility with your other plugins as well as the latest stable release of WordPress. Don’t forget to also check any plugins that are not installed through the WordPress Plugin Directory, as you may not receive notifications on your site for these.
Also monitor for plugin vulnerabilities that may have been found, as this will let you know if they need urgent updates to patch. There are a number of security tools and services that can help with this.
We use Patchstack as part of our stack to do this.
Keeping on top of this will reduce the chances of letting in the bad guys, and fix any bugs with the plugins.
As with WordPress Core, a backup of your site should be done first. Ideally all plugin updates should first be tested in a staging environment to ensure updating on your live site won’t cause any problems.
Did you know that for every 1 second delay in page load time, conversion rates decrease by up to 7%?
So that’s fewer sales or leads to your business!
We live in busy times. People don’t have the time or patience to be waiting for a slow page to load, and will just go elsewhere if it takes too long. Fast-loading pages also provide a far better user experience.
As such, it’s important to do everything we can to reduce page load times, by optimising how your website loads.
See for yourself by entering your website into the following page speed test tools: Google Page Speed, GT Metrix, Pingdom.
One thing to keep in mind is not to become too concerned if your score is not 100. In some cases depending on what 3rd party scripts are loading it may not be possible.
Optimisation is an ongoing task and should be regularly reviewed. Even small changes or additions can impact performance. Every little improvement can add up to significant gains.
Applicable to both mobile and desktop experience, the page experience update which incorporated Core Web Vitals by Google is one of the many signals Google use to decide which pages appear in the SERP.
You should aim for a passing score for Core Web Vitals, which can be seen with Lighthouse, Google’s Page Speed Insights, and GTMetrix. The 3 areas covered by Core Web Vitals are:
These are in addition to the existing page experience signals, which are:
As with page load optimisation, this should be reviewed regularly and you can monitor the Core Web Vitals report in Google Search Console.
You probably spend lots of time finding the right images for your blog posts and pages. You hopefully spend time resizing them ready for posting, so you’re not uploading needlessly large image files.
However, your fantastic images could still be an issue. Having lots of images, large images, or videos can massively slow down your website if not further optimised. This could be deterring visitors from viewing all of your content because pages take too long to load.
Use an image compression tool to compress your images when you upload them. This can drastically reduce the toll they have on page speed. They can reduce the image file sizes without sacrificing the quality of your existing images and everything you upload moving forward.
Also consider serving next-generation image formats like WebP, which are far less weighty and preserve quality. Most browsers now support WebP.
Make sure anyone uploading images to your website is preparing them first, by ensuring they are the correct size and ratio. Make this part of a process that also includes proper image optimisation for SEO and it will save you a lot of work in the long run.
Have you run your own test on your important enquiry forms, or tested the sales order process? When was the last sale or lead? Are users still getting that email when they download your guide or sign up to your newsletter? Is your stockist search still working correctly?
With the multitude of devices that can access your website, along with required updates to run, some things can break!
We recommend as a minimum that you regularly test your main website features and functionality. For example:
In the past few years security threats have risen drastically with websites being attacked and hijacked all around the world.
Don’t think you have to be a big brand name to get attacked.
Your website could provide the bad guys with the ability to run scripts and malicious code for them without you even knowing!
So it’s a good idea to protect yourself by choosing a good host that has a secure infrastructure and protection, by using a WAF (Web Application Firewall), as well as running regular scans for infectious files (yes, it is starting to sound like your old windows computer with Norton Antivirus or McAfee.)
Some great 3rd party security solutions and firewall providers we recommend are:
You can quickly check if your site is currently protected or if it has been hacked, using Sucuri’s free SiteCheck tool.
If your website is not protected by an SSL certificate, it will be flagged as NOT SECURE by Google Chrome and other browsers. If you still see HTTP rather than HTTPS in the address bar on your website, or no little locked padlock symbol beside it, then it’s likely you have no SSL or it has expired.
Don’t have an SSL? Then the first thing to do would be speak to your current website host, as they may have suitable solutions to offer which will be compatible with their setup.
Alternatively, depending on the level of cover you require, you can obtain them from many 3rd party companies such as:
As you may be aware, WordPress has many premium paid plugins.
The companies and developers that release these plugins spend further time and resources ensuring compatibility and security threats are overcome, by releasing regular updates.
To benefit from these updates a regular payment is required (normally an annual or monthly payment). Ensure you keep on top of this as if payments lapse, so will the plugin, and outdated plugins can be problematic for functionality and security.
Websites go down, they get problems and sometimes the quickest method of recovery to minimise any further downtime is to restore a website backup.
Some example cases of a website going down could be from:
We recommend:
Time and time again we hear that WordPress backups are safe, stored on the server. But what happens if the server fails?
You should store your backups on a different server to the one your website lives on.
At Impact we use Updraft Plus (a backup plugin) to schedule routine website backups, and then transfer the backups to a third party storage platform like Amazon S3.
Here are a few of the great tools that you can use to backup and restore your website:
Speak to your website host as it may be an option they can provide with less hassle.
As newer versions of PHP are released, older versions lose support and become less secure. Web hosts have to deploy the latest versions to their servers to maintain a secure service with optimised performance. This can have a knock-on effect on hosted sites if their codebase isn’t compatible with the PHP version of the server.
For security, make sure your website is on a server with a supported version of PHP. Your website host should manage this.
For older sites, in particular, this may initially require a bit of development work first, to polish the codebase and ensure its compatibility. This will save anything breaking when it is moved to the latest PHP version.
On occasion when completing the tasks set out above, things may not go to plan or require further investigation or development. It can also be very time-consuming to stay on top of everything in-house.
If this is the case, who do you have on hand to assist you with additional support?
We recommend having a WordPress Support & Maintenance company on hand for those sticky issues, and to take the weight off your shoulders, so you can focus on the other projects you’re probably managing at the same time.
If in doubt, give Impact a shout! If you struggle to get help or don’t have the time to keep on top of updates and maintenance then feel free to give Impact a shout on 020 3355 8747 (9 am – 5 pm Mon – Fri) or drop us a message.
The Impact Media team help our clients save multiple hours per week by:
See how both Tollring and Automation Logic witnessed immediate performance improvements and the benefits of an experienced support agency partner on our case studies page.
WordPress Core is the out of the box version of the WordPress CMS that you install when building a WordPress website. It encompasses all of the files that make up the base or core version of WordPress.