In this post, I describe the series of essential tasks that I include in maintaining my clients’ sites. I perform these tasks routinely at the end of each month. It’s really important to keep your WordPress site updated so that it runs smoothly and is protected from hackers. WordPress software, themes, and plugins are in a constant state of change: new features are added; bugs are fixed; security holes are plugged. Without regular updating, your site becomes vulnerable to hackers who feast on security flaws. With a maintenance plan, your site is “immunized” and functions at an optimal level.
Occasionally, something urgent will pop up that I need to address before the scheduled date. A client may request a particular change or feature. There may be security issues or plugins that no longer work or plugin conflicts. For the most part, though, maintenance is about consistency and monitoring.
Routine Monthly Maintenance
1. Backup Site
Before doing any updates, back up the site (both the database and the files). There are several plugins that make easy work of this. Most are free and offer a paid version for upgraded and additional features (like scheduled and/or incremental backups). The ones that I recommend are:
- All in One WP Migration – free and $.
- Backup Buddy – $. My primary tool.
- Duplicator – free and $. My second favorite tool. Sometimes Backup Buddy doesn’t work well on a site, so I’ll use Duplicator instead.
- Updraft Plus – free and $.
- WP DB Migrate (for database only) – free and $.
Download the backups to your computer or a remote/cloud backup area.
Log into your WordPress site. If there are updates to be made, you’ll see an “Updates” link in the main navigation (left sidebar). The red bubble adjacent to it indicates the number of updates. The toolbar at the top of each window also contains this same link (two circular arrows). Click on either link. You’ll be brought to a page that lists everything that needs updating. There are also links devoted solely to updates for plugins and themes. Both have the red bubble with a number inside. But, I prefer to get to the list for everything.
NOTE: if a plugin has been abandoned (not updated by its developer in 1-2 years), it poses a security risk and should be replaced.
NOTE: create child themes to ensure that your customizations are safeguarded when the parent theme is updated. See details in my post Why and How You Create WordPress Child Themes.
Click “Select All” at the top of the plugins section, then click the “Update Plugins” button. WordPress will do the updates automatically. You could, if you prefer, select one or a few items at a time. When that section is done, look at the site on the front-end and make sure everything is working correctly.
After verifying that all is well, move on to the themes section. Repeat the process of selecting all, clicking the “Update” button, and checking the front-end when the updates are completed. Updating WordPress will be the last step in any update sequence.
3. Check Scanning Alerts
Unusual Activity and Malware
I use the Wordfence plugin to monitor the site. It’s configured to scan regularly to detect any unusual activity, such as attacks on the site (searches for vulnerabilities, login attempts, brute force), suspicious and unknown files, changes in repository files, and malicious content (malware). When something is flagged, you have options to repair, delete, or ignore the file.
Backup Buddy also detects malware. If I’ve installed this plugin on a site, I check its results as an additional precaution. Navigate to its Diagnostics section and select the “Malware Scan” tab.
Comment spam is inevitable with WordPress. Too much spam will hurt your site’s reputation, affect the site’s search engine ranking, and possibly inject harmful code. Preventing spam should be a priority.
The best place to begin is in the discussion area of your website: Settings > Discussion.
- Other comment settings: require users to fill in the fields for their name and email
- Enable comment moderation in 2 sections:
• Email me whenever (a) Anyone posts a comment; (b) A comment is held for moderation
• Before a comment appears (a) Comment must be manually approved; (b) Comment author must have a previously approved comment
Nonetheless, some spam will leak through these settings. So, it’s useful to use a spam filter. These plugins will mark the offending comment as spam. Depending on the options you select, the comment will either be immediately discarded or placed in the spam folder. There are two plugins that I recommend:
Each month, check the spam folder and empty it.
Problems You May Encounter
By doing each section separately, you’ll be able to see any problems as they arise. Sometimes, a plugin has an incompatible bit of code and will not behave well. Or a theme will be wonky after an update. Maybe the newest WordPress doesn’t work correctly with a plugin. This is why you want to back up the site and have access to the backup files. You may need to return a plugin and/or theme to its previous state.
Reverting Back to a Previous State
To revert back to a previous state, you’ll need access to your webhost’s server. You can then upload the plugin (or theme or WordPress application) file(s) saved in the backup. There are 2 ways to access the server:
- Log into your webhost account and navigate to the File Directory. Usually, this is via the cPanel.
- Log into your webhost’s ftp server. Login credentials to the ftp server are through the webhost account. Sometimes, it’s a quicker method to upload files than going through the File Directory.
You might also need to restore the previous database. With Backup Buddy, use the importbuddy.php script to restore the database. Otherwise, follow these instructions for manually restoring the database:
- Log into your web host account and navigate to the cPanel.
- COPY THE CURRENT DATABASE (as a precaution, we’ll copy the current db before deleting it):
- Go to phpMyAdmin. Select the database for the site, then select all of the tables (“Check all”). Click “EXPORT”. Use Custom options so you can save the SQL database as a .zip archive (“Save output to a file > Compression: zipped”).
- DELETE THE CURRENT DATABASE:
- Select all of the tables again, then click “Drop“.
- IMPORT THE PREVIOUS DATABASE:
- Click on the “IMPORT” tab.
- In the “File to import” area: click “Choose File” button and select the previous database file that you saved before doing any updates.
Database Cleanup and Optimization
The WordPress database is where all of the content is stored. Over the course of a year, a lot of data accumulates, which can slow down the site. Clearing out unnecessary data will keep things running smoothly.
- WP-Sweep – to clean up revisions, auto-drafts, deleted comments/spam, various kinds of meta, and many other fragments of data that may no longer be needed.
- Simple Revisions Delete – provides more control in deleting post/page revisions
Google Analytics and Search Console
Google Analytics is a tool for gathering a wealth of information about your website. Reviewing it periodically will give you insights into:
- content (landing page, page/post views, engagement, etc.)
- bounce rate
- user demographics (location, gender, age, interests, etc.)
- user technology (browser, device, OS, screen size, etc.)
The Search Console focuses on search engine results and site traffic. Sitemap submission, keyword queries, and site speed are among its many features. Google will send alerts about any pages/posts with issues ranging from type that is too small to read on mobile to indexing to security issues. Following up on these alerts will ensure that the site remains in good standing with Google and its search engines.
Run Google Chrome’s Lighthouse tool for an in-depth audit on performance, accessibility, best practices implementation, and SEO. It is one of the many features of Developer Tools. You can choose Desktop or Mobile for each analysis. The report will highlight any problematic areas. It offers a great guide on remedies for improving site performance.
Developer tools > Lighthouse tab
KEYBOARD SHORTCUT = CMMD-OPTION-i (Mac) / CNTRL-ALT-i (PC)
If you prefer learning by watching, check out my video tutorial that shows you the essentials of my WordPress maintenance plan.