ASK Design Blog

Designer | Artist | Teacher

    • WordPress Maintenance – The Essentials

    by Leave a Comment

    Immunization

    In this post, I describe the series of essential tasks that I include in maintaining my clients’ sites. I perform these tasks routinely at the end of each month. It’s really important to keep your WordPress site updated so that it runs smoothly and is protected from hackers. WordPress software, themes, and plugins are in a constant state of change: new features are added; bugs are fixed; security holes are plugged. Without regular updating, your site becomes vulnerable to hackers who feast on security flaws. With a maintenance plan, your site is “immunized” and functions at an optimal level.

    Occasionally, something urgent will pop up that I need to address before the scheduled date. A client may request a particular change or feature. There may be security issues or plugins that no longer work or plugin conflicts. For the most part, though, maintenance is about consistency and monitoring.

    Routine Monthly Maintenance

    1. Backup Site

    Before doing any updates, back up the site (both the database and the files). There are several plugins that make easy work of this. Most are free and offer a paid version for upgraded and additional features (like scheduled and/or incremental backups). The ones that I recommend are:

    Download the backups to your computer or a remote/cloud backup area.

    2. Updates

    Update Indicators

    Log into your WordPress site. If there are updates to be made, you’ll see an “Updates” link in the main navigation (left sidebar). The red bubble adjacent to it indicates the number of updates. The toolbar at the top of each window also contains this same link (two circular arrows). Click on either link. You’ll be brought to a page that lists everything that needs updating. There are also links devoted solely to updates for plugins and themes. Both have the red bubble with a number inside. But, I prefer to get to the list for everything.

    WP update notifications
    WP updates list - full
    Update Sequence:
    1. Plugins
      NOTE: if a plugin has been abandoned (not updated by its developer in 1-2 years), it poses a security risk and should be replaced.
    2. Themes
      NOTE: create child themes to ensure that your customizations are safeguarded when the parent theme is updated. See details in my post Why and How You Create WordPress Child Themes.
    3. WordPress

    Click “Select All” at the top of the plugins section, then click the “Update Plugins” button. WordPress will do the updates automatically. You could, if you prefer, select one or a few items at a time. When that section is done, look at the site on the front-end and make sure everything is working correctly.

    After verifying that all is well, move on to the themes section. Repeat the process of selecting all, clicking the “Update” button, and checking the front-end when the updates are completed. Updating WordPress will be the last step in any update sequence.

    WP updates list - wp

    3. Check Scanning Alerts

    Unusual Activity and Malware

    I use the Wordfence plugin to monitor the site. It’s configured to scan regularly to detect any unusual activity, such as attacks on the site (searches for vulnerabilities, login attempts, brute force), suspicious and unknown files, changes in repository files, and malicious content (malware). When something is flagged, you have options to repair, delete, or ignore the file.

    Backup Buddy also detects malware. If I’ve installed this plugin on a site, I check its results as an additional precaution. Navigate to its Diagnostics section and select the “Malware Scan” tab.

    Spam

    Comment spam is inevitable with WordPress. Too much spam will hurt your site’s reputation, affect the site’s search engine ranking, and possibly inject harmful code. Preventing spam should be a priority.

    The best place to begin is in the discussion area of your website: Settings > Discussion.

    1. Other comment settings: require users to fill in the fields for their name and email
    2. Enable comment moderation in 2 sections:
      Email me whenever (a) Anyone posts a comment; (b) A comment is held for moderation
      Before a comment appears (a) Comment must be manually approved; (b) Comment author must have a previously approved comment
    WP discussion settings

    Nonetheless, some spam will leak through these settings. So, it’s useful to use a spam filter. These plugins will mark the offending comment as spam. Depending on the options you select, the comment will either be immediately discarded or placed in the spam folder. There are two plugins that I recommend:

    Each month, check the spam folder and empty it.

    Problems You May Encounter

    By doing each section separately, you’ll be able to see any problems as they arise. Sometimes, a plugin has an incompatible bit of code and will not behave well. Or a theme will be wonky after an update. Maybe the newest WordPress doesn’t work correctly with a plugin. This is why you want to back up the site and have access to the backup files. You may need to return a plugin and/or theme to its previous state.

    Reverting Back to a Previous State

    To revert back to a previous state, you’ll need access to your webhost’s server. You can then upload the plugin (or theme or WordPress application) file(s) saved in the backup. There are 2 ways to access the server:

    • Log into your webhost account and navigate to the File Directory. Usually, this is via the cPanel.
    • Log into your webhost’s ftp server. Login credentials to the ftp server are through the webhost account. Sometimes, it’s a quicker method to upload files than going through the File Directory.

    You might also need to restore the previous database. With Backup Buddy, use the importbuddy.php script to restore the database. Otherwise, follow these instructions for manually restoring the database:

    1. Log into your web host account and navigate to the cPanel.
    2. COPY THE CURRENT DATABASE (as a precaution, we’ll copy the current db before deleting it):
      • Go to phpMyAdmin. Select the database for the site, then select all of the tables (“Check all”). Click “EXPORT”. Use Custom options so you can save the SQL database as a .zip archive (“Save output to a file > Compression: zipped”).
    1. DELETE THE CURRENT DATABASE:
      • Select all of the tables again, then click “Drop“.
    1. IMPORT THE PREVIOUS DATABASE:
      • Click on the “IMPORT” tab.
      • In the “File to import” area: click “Choose File” button and select the previous database file that you saved before doing any updates.
    Clone a WordPress site - importing the source site exported database
    Import a database.

    Bi-annual Maintenance

    Database Cleanup and Optimization

    The WordPress database is where all of the content is stored. Over the course of a year, a lot of data accumulates, which can slow down the site. Clearing out unnecessary data will keep things running smoothly.

    • WP-Sweep – to clean up revisions, auto-drafts, deleted comments/spam, various kinds of meta, and many other fragments of data that may no longer be needed.
    • Simple Revisions Delete – provides more control in deleting post/page revisions

    Google Analytics and Search Console

    Google Analytics is a tool for gathering a wealth of information about your website. Reviewing it periodically will give you insights into:

    • content (landing page, page/post views, engagement, etc.)
    • SEO
    • bounce rate
    • user demographics (location, gender, age, interests, etc.)
    • user technology (browser, device, OS, screen size, etc.)

    The Search Console focuses on search engine results and site traffic. Sitemap submission, keyword queries, and site speed are among its many features. Google will send alerts about any pages/posts with issues ranging from type that is too small to read on mobile to indexing to security issues. Following up on these alerts will ensure that the site remains in good standing with Google and its search engines.

    Performance Testing

    Run Google Chrome’s Lighthouse tool for an in-depth audit on performance, accessibility, best practices implementation, and SEO. It is one of the many features of Developer Tools. You can choose Desktop or Mobile for each analysis. The report will highlight any problematic areas. It offers a great guide on remedies for improving site performance.

    Developer tools > Lighthouse tab

    KEYBOARD SHORTCUT = CMMD-OPTION-i (Mac) / CNTRL-ALT-i (PC)
    BAA - lighthouse screen

    Video Tutorial

    If you prefer learning by watching, check out my video tutorial that shows you the essentials of my WordPress maintenance plan.

    VIDEO!

    Related Posts

    Migration and Cloning Tools for WordPress Sites
    Manually Clone a WordPress Site in 5 Steps
    Site Migration From WordPress.com to WordPress.org
    Why and How You Create WordPress Child Themes

    Reader Interactions

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Footer

    Subscribe to Mailing List

    Sign up to get periodic updates on Anne's design and art adventures, and receive useful info. via her blog.
    * = required field

    We never share our email list with anyone.

    Contact

    Website
    Email

    Subscribe to RSS Feed

  •  ASK Design Blog

    • Connect and Share

    • Legal

    Privacy Policy
    Cookie Policy