Keeping all of these things working properly together takes some care, some time and some expertise. There are three strategies when it comes to managing the care and maintenance of your modern WordPress website.
- Do nothing and hope for the best – This strategy is akin to never changing the oil in your car and hoping your engine never blows up. You know it will eventually, but you’re either too cheap or too lazy to get it done. This is not our recommended strategy for obvious reasons.
- Manage your website yourself – Infinitely better than strategy #1 if you use the proper tools, have a strict schedule you adhere to and are willing to spend the time and money it takes to purchase the tools and learn the inner workings of WordPress, databases, PHP, CSS and html enough to fix things when they go wrong, and they will go wrong.
- Hire a WordPress professional to manage and care for your website the right way so you can concentrate on your business, knowing your website is in good hands.
For those of you who have chosen to do nothing and hope for the best, I wish you the best of luck…you will need lots of it. My greatest source of new business comes from website owners who were using strategy #1 above and found me in a panic when their website went down. It usually costs them many hundreds of dollars to fix their site, if it can be fixed at all. Sometimes it costs them thousands of dollars because their site has to be re-built entirely.
I am writing this article for those of you who have chosen to manage your website yourself. If you are maintaining and caring for your own WordPress website, here is a breakdown of how to do it right.
- Backups – If you do nothing else, do this one thing properly. Here are the things that backups must do:
- They must backup both the database and all website files.
- They must allow for an easy restore, if needed. Otherwise, you’ll need to hire a professional to restore your site from your backups.
- They must save the backups to a server other than the one your website is hosted on. If the website server goes down and your backups are on that server, you’ll lose your backups too. We save all backups to Amazon S3, but you can also save them to Dropbox, Google Drive or other file storage services.
- The process must be automated. If you are doing this manually, you will forget to do it some days when you’re busy, ill or on vacation.
- It must be done every day.
- Keep backups for at least 30 days. We keep client backups for 90 days, but 30 days should be the bare minimum.
- There are a number of free and premium services and plugins you can use. WP Beginner has a good article on some of the options available.
- Security – Sites get hacked every day. Some sites are targets, like government sites, big corporations and political sites. Most sites get hacked not because they are targeted, but because they have a vulnerability that can be exploited. Outdated versions of WordPress, themes and plugins are the primary culprit.
- Do these three things at least monthly
- Open your browser and navigate to Securi and enter the URL of your website in their free tool. A malware scan will be performed as well as a blacklist status check.
- Do a visual check of your website. Review a decent sample size of pages looking for anything that doesn’t belong like injected text. Check the links on these pages to make sure they are pointing to where they are supposed to point with no unexpected redirects.
- Go to Google and enter this in the search bar: “site:yourdomain.com” which will show results for most of your indexed pages. Look at the meta descriptions in particular. Some of the most common attacks inject a new meta description into your pages and posts.
If everything looks okay after doing these three items, you’re probably in decent shape, but remember, there is no 100% guaranty. I strongly recommend either a third-party security service like Sucuri or a web application firewall like Wordfence Security. We install Wordfence on all of the sites we maintain. Proper configuration is also important. For an in-depth review of security options, view this article at WP Beginner.
- Do these three things at least monthly
- Updates – WordPress updates are regularly released with bug fixes and security patches. Themes and plugin updates are released more often than WordPress for the same reasons. Hackers look for websites with old versions of WordPress, themes and plugins which they can exploit. Keep everything up to date, but make sure you have a verified backup you can restore from before you install any updates. A small hiccup during an update to your Internet service or on the server hosting your website can cause your site to come down. Make sure you can restore it before it breaks. We have a 5-step process whenever we install updates:
- We check the website to make sure it’s working
- We take a new backup manually of the site files and databases
- We install the updates
- We verify all updates installed properly
- We check the website again to make sure it’s working properly.
- Uptime Monitoring – Your site has to be up and running for visitors and potentials customers to see it. Besides, downtime kills revenue, reputation and search engine rankings. Sometimes things go wrong at the hosting company due to an assortment of reasons that will make your site unavailable to visitors. You may have updated a plugin or theme and thought the update went well, when in reality it broke your site and took it down. For these reasons, it’s important to have an automated uptime monitor running in the background that will notify you should your site go down.We monitor uptime every five minutes for our Web Care Plan customers. There are services you can sign up for such as StatusCake, UptimeRobot and SiteUptime.
- The Need for Speed – Google now penalizes websites that are slow, and most visitors have little patience for slow loading pages. For these reasons, fast websites are more important than ever. The problem is with websites being as complex as they are today, needing to load images and query databases, things slow down. It’s important to have a high-quality page caching plugin installed to load your pages fast. We use a premium plugin named WP Rocket, which in tests outperforms any of the free plugins out there. Free plugins available are WP Super Cache and WP Total Cache. Be careful with the free plugins. Configuration is a bit tricky and if configured improperly, they can actually slow your site down.
If you do the things outlined above you’ll probably be in good shape. If this seems like too daunting a task, I strongly recommend hiring a professional on a Web Care maintenance plan. There are plenty of choices out there, including us. Take a look at our WordPress Website Care Plans and let us know if we can help.