WordPress, themes, and plugins are constantly revised by their respective developers to fix bugs; add new features; and refine usability. But staying on top of these plugin updates isn’t enough. Your WordPress maintenance plan should also include security hardening; WordPress support; downtime monitoring; daily backups; and more.
Symptoms of a Poorly Maintained WordPress Website
Most small businesses turn their attention to driving traffic to their new website immediately after it launches. They employ search engine optimization (SEO) techniques; write blog posts; begin social networking; advertise; and more.
Months later, the unexpected happens…
- A visitor sees a malware warning when visiting the site, or
- A visitor clicks “submit” to make a purchase and nothing happens, or
- A visitor clicks to watch a video and it doesn’t play, or
- The home page is so slow that nobody waits for it to download, or
- Somebody updates a plugin and the entire site goes down
These are just a handful of the many issues I’ve personally resolved for clients— all of which could have been prevented and/or detected much sooner, had they adopted a good maintenance plan.
The Elements of a Good WordPress Maintenance Plan
A well-rounded WordPress maintenance plan should include the following:
- Security monitoring and hardening (to fight against malware and hackers)
- WordPress Support (to diagnose and troubleshoot potential issues; handle emergencies; or even to serve as a mentor)
- Downtime monitoring (to know exactly when your website goes offline)
- Daily backups (for disaster recovery)
- Frequent WordPress, theme, and plugin updates (for security and bug fixes)
Security Monitoring and Hardening
Until you monitor your website for suspicious activity, ignorance is bliss. But like it or not— WordPress is a target for hackers. That’s primarily because of WordPress’ gigantic market share, and the sheer quantity of poorly maintained websites.
One of the most popular points of entry for a hacker is via a vulnerable plugin. That’s another reason why frequent, proactive plugin updates are essential. You should also avoid using plugins that are no longer supported and/or from non-reputable developers. I prefer to use commercial (i.e., not free) plugins whenever possible.
Brute Force Attacks
Beware of brute-force attacks. That’s when a hacker tries to guess your username and password to gain access to your WordPress dashboard. If you’re not monitoring for brute-force attacks, you’ll have no idea they are occurring— until you get hacked! That’s why monitoring is such an important part of your maintenance plan.
WordPress itself (referred to as WordPress Core) is also subject to vulnerabilities. That’s why WordPress security updates are issued at least several times a year.
Everybody needs a WordPress handyman at some point.
Who will you contact if your website goes down? What if it becomes infected with malware? What will you do when your website stops working properly? There are many reasons why you’ll need occasional help with your WordPress site.
If your website is not monitored 24/7 for downtime, you’ll have no idea when, how long, or how frequently it goes offline. Excessive downtime is one of the first indicators that it’s time to move to another hosting company.
Fresh backups insure against accidents and malice. They make it easier (i.e., faster and cheaper) to recover from a mistake; a buggy software update; or even a malware infection.
A proper backup plan should include both— your WordPress database and files, and they should not be stored in the same location as your website. Furthermore, they should be easy to restore; and each should be scanned for malware.
WordPress Core, Theme, and Plugin Updates
Obviously, your WordPress maintenance plan should include frequent WordPress core, theme, and/or plugin updates.
But ironically, each update has the potential to cause your website to behave erratically— from minor glitches, to a completely downed website.
Therefore, be sure to:
- Update WordPress, themes, and/or plugins as needed— typically every 3 to 4 weeks, or sooner when a major security vulnerability has been found/fixed;
- Test the updates in a test (aka “staging”) environment first— not on your live site;
- Make backups before every update;
- Be prepared to immediately revert to a previous version of your website in the event something goes wrong
Putting It All Together
Proper WordPress maintenance requires a considerable amount of time and technical knowledge. If you want to do this yourself, you must be proactive and prepared to handle the unexpected— such as a downed and/or hacked site.
If you do not have the technical expertise and/or your time is better spent doing something else, you’ll want to outsource to a service provider such as WPSimplifyd.
Why I Launched WPSimplifyd
Nearly a decade ago, I began designing and developing custom websites exclusively with WordPress. Months after I handed the websites over to my clients, I discovered that updates and backups were not being made. Or, in some cases, clients were updating plugins on a live site— with no backups, and no idea what to do if the site went down.
After helping a client with a hacked website, I realized security monitoring and hardening would be at least as important as plugin updates and backups.
I began offering my WordPress maintenance service through Oddo Design, and eventually launched WPSimplifyd— a U.S.-based WordPress maintenance service by yours truly.