American author H.L. Menkin famously wrote, “for every complex problem there is an answer that is clear, simple, and wrong.”
This is definitely applicable to WordPress website maintenance! While using a Content Management System like WordPress cuts down on the expertise needed to manage a website, websites are still incredibly complex.
Yet many of the self-proclaimed guru internet marketers love to shout out platitudes like “it’s so easy,” “it’s so simple,” and “it will only take you a few months,” knowing that statements like these play on people’s basic desires. You don’t hear much about the difficulty involved in owning and maintaining a website from them, do you?
But the fact remains that maintaining your WordPress site involves a certain level of knowledge and skill.
What’s our point?
In this article on WordPress website maintenance and updates we’re going to break down the different maintenance tasks you should perform on your website based on how often you should perform each task. Even if you’re just starting out with WordPress, you’ll have a roadmap to help you keep your website in good working order.
And for the agency owner, WordPress developer, or those running larger WordPress sites, we’ve included some pro tips as well.
By the end of the article, you’ll know the WordPress maintenance tasks you absolutely need to complete on a weekly, monthly and quarterly basis, as well as the tasks that will improve your site’s performance and make it more professional. You don’t have to be a coding expert, but you do have to understand some basic principles.
If you’re a business owner, by the end of this article you’ll be able to assess whether you want to take on this task yourself or within your company, or entrust your WordPress website maintenance to a professional that specializes in WordPress maintenance services.
And as a special bonus, we’re giving out a free WordPress maintenance checklist, so definitely keep reading to the end. We don’t want you to have to make the same mistakes we did in the past as we were learning WordPress. It’s much better to be cool and collected in your WordPress maintenance activities than to learn by pure stress and agony. Let’s make sure that a broken or hacked site never happens to you!
In this guide we’ll cover:
- Why You Need to Update and Maintain WordPress
- Preparing to Update WordPress
- Weekly WordPress Maintenance Tasks
- Monthly WordPress Website Maintenance Tasks
- Quarterly WordPress Maintenance Tasks
- Do You Need a Professional WordPress Maintenance Service?
- WordPress Maintenance Cost Calculator
- Download Our Free WordPress Maintenance Checklist!
Why You Need to Update and Maintain WordPress
Security. Performance. Open Source.
WordPress isn’t a static piece of software that never changes. By now you’re probably aware that even desktop software needs to be updated routinely to continue upgrading the performance of your machine. But why does WordPress need to be constantly maintained?
We can break it down into 3 categories:
- Security – WordPress developers need to stay ahead of the curve with hackers and bad actors. Oftentimes this means rolling out minor “security updates” to WordPress. Once the core WordPress software is updated, individual theme and plugin authors need to update their software, too. A complete timeline of WordPress release dates is available here.
- Performance – WordPress is constantly rolling out new features to make your site run better and keep up with the internet as it changes. While the WordPress community has been somewhat change-resistant when it comes to the basic WordPress software, there has been some huge changes via theme and plugin developers. Some of the better innovations we’ve seen in the last several years include a more visual way of editing sites via the use of page builders, automatic plugin and theme updates, embed technology, CDN support, and deeper integrations with ubiquitous tools like Google Drive and Microsoft Drive, Google Analytics, and more.
- WordPress is Open Source – Because WordPress is open source, it needs to be installed on your own server. While many SaaS (Software as a Service) solutions take care of their own upgrades and maintenance behind the scenes, open source software updates are your responsibility. This also means that updates are not forced on you, and you can pick and choose which updates you want to accept. We recommend you accept all WordPress updates for your website, as this is the way that you stay ahead of hackers and bad actors.
WordPress Horror Stories
Horror Story #1: Foul Language Flub
Back when one of our contractors, Matt, was just starting out with WordPress (and definitely before working with Sayenko Design), he was managing a small WordPress site for a local college club at University of Washington. The owner of the site called him up one day and was suddenly very concerned with the site. This perplexed Matt, as the site owner was usually a little hands-off about the whole project.
“Matt, have you looked at the site recently?” the site owner asked.
“No, but let me pull it up right now,” replied Matt.
“It looks okay to me.”
“Well, try looking again,” responded the site owner.
Matt tried another browser. In the upper left hand corner of the site were words that we cannot repeat, right where the logo should have been.
“___ for f—ing,” it read, and we hope you can interpret the meaning from there.
It was quite a bit of stress and heartache cleaning that one up, to say the least.
What was Matt’s mistake?
He had failed to update WordPress Core.
Horror Story #2: Sayenko Design Saves the Day
We recently took on a WordPress site with a theme that was 8 years old, with outdated plugins, PHP and no backups. When the client tried to update WordPress or plugins the site crashed causing a white screen of death to appear!
Fortunately, that is when they decided to reach out to us.
We went in and took a backup, made a staging copy of the site for testing and went to work.
- We cleaned up the plugins (removing un-necessary and un-used plugins)
- We deleted unused themes
- We upgraded to latest stable version of php 7.4 (the site was using 5.XX that was going to be phased out a month from when they reached out)
What was the client’s mistake? And how do you avoid it?
Waiting this long to run updates is like putting off washing your dishes when you just cooked a big, sticky meal. The longer you wait, the more of a headache you create for yourself. Instead, you should run WordPress updates about once per month to ensure compatibility between themes, plugins, and WordPress core.
Okay, let’s move on for more juicy tips.
Preparing to Update WordPress
Leave yourself extra time if something goes wrong
Many of our readers will view updating WordPress as a necessary evil, like going to the dentist. But you don’t have to view the process with disdain. Instead, updating your site can be quite pleasant and satisfying, like the process of mowing your lawn. But you must prepare your environment for success. Although it may not be your most creative work, you can still have a sense of completion knowing that your site is orderly, safe, and well-managed.
Now that we understand the goal, here are a few tips for how and when to update WordPress:
- Run updates at a time of low-traffic to your website. For most people, updating late in the evening works well, supposing most of their traffic comes in from the same time zone they reside in.
- Leave yourself some extra time if something goes wrong. While most WordPress updates are mundane and routine, it’s not something you want to allot only ten minutes for. While it is possible to update a single site in 10-15 minutes, you’ll want to leave yourself more of a buffer than that. Find a time period of low stress with some flexibility in your schedule.
- Use an optimal desktop setup. You can speed up the process of updating your WordPress site by (a) using a dual-monitor setup and (b) closing any unnecessary browser windows and tabs. If you are using a staging site, make sure your staging site is pulled up in one browser window, and the live site is pulled up in another.And don’t try updating your site on your mobile device. Once your updates are complete, you’ll want to be able to assess the look and feel of your site on multiple screen sizes.
- Know your hosting plan and environment. The type and quality of your WordPress hosting makes a big difference in the website maintenance tasks you must perform. If you use shared hosting (think GoDaddy, Bluehost, Hostgator, etc.), then almost all WordPress maintenance tasks are your responsibility. If you use managed WordPress hosting (think WP Engine, Flywheel, or Kinsta), then some (but not all!) WordPress maintenance tasks will be done by your website host. Managed WordPress hosts will usually take on the responsibility of WordPress core updates, may have excellent caching features (making your favorite WP caching plugin obsolete), and may provide some security and firewall features (meaning you can kiss Wordfence or Sucuri goodbye).
Weekly WordPress Maintenance Tasks
Back back back that site up!
- Run a website backup. If you’re new to WordPress backups, make sure you use a tool that backs up both (a) your website files and (b) your website (MySQL) database. This backup is then bundled into a .zip file.Most website hosting companies offer free backups as part of their hosting plan, so make sure you utilize that backup tool as your first line of defense.In addition, you’ll want to have practiced restoring your website from a backup so you know how to restore your site if a problem ever arises.
Pro tip: Run third party off-site backups. While backups that come from your website host will be most useful as they will be compatible with their website-hosting setup, you’ll also want to have backups stored somewhere beside your website host’s servers.This ensures that if something goes wrong with your website host, you can still have access to a full backup copy of your website.What if there is a billing disagreement with your host and they shut off your site? What happens if your host’s servers are completely destroyed in an accident? Issues like this are not outside the realm of possibility, and it always pays to have a contingency plan.Backing up your site to Cloud Storage like Microsoft Onedrive or Google Drive is acceptable. There are also several WordPress specific management tools that can help with third-party backups, like ManageWP, WPMU Dev and Main WP.
- Respond to website comments. If you’re a frequent blogger, you are likely to have accumulated some comments on your blog within a week’s time. Now is a good time to login to your WordPress dashboard and approve or reject the comments that were held in review.
Pro tip: Use a spam comment filter. If you decide to use the WordPress commenting feature, your site is guaranteed to accumulate spam comments. Installing a plugin to filter out spam will make all the difference in the world!
Here are our top picks to make sure you never have to deal with another spam comment:
Akismet Anti-Spam: Great spam filter (the best for WordPress) but only free for non-profits and personal sites.
Titan Anti-Spam and Security: Originally this plugin only dealt with spam blog comments, but is now useful for all sorts of security tasks. We still recommend Titan primarily for its anti-spam capability.
CleanTalk: Cleantalk is a paid plugin that will filter out not just comment spam, but any type of form spam on your website. If your spam has gotten completely out of control, this is the one we recommend.
Now that we’ve got the weekly tasks down, let’s move on to monthly tasks.
Monthly WordPress Website Maintenance Tasks
Always use a staging site to test your updates!
This is the meat of maintaining your WordPress site, which involves updating WordPress core, WordPress plugins, and WordPress theme updates. Our most important pro-tip comes into play here, which is to always use a staging site to test your updates!
A staging site is a completely separate installation of your website which will reside on a subdomain. This site is password protected and used for testing updates which will then be rolled out on your live site.
The Sayenko design process for how to update WordPress manually goes like this:
- Run a backup of your entire live website prior to performing updates. Even if you just had a backup made one day ago, it’s still important to do this. You never know who has logged into the site and made important content updates.
- Run WordPress Core update on the staging site. To update WordPress core, just find the notification that WordPress is out of date, and click the update button. You will then be redirected to a page which informs you of all the advancements made in the latest release.
Pro tip: If you use a good managed WordPress host, they will most likely be running WordPress core updates for you. This is one advantage of using managed WordPress hosting versus less-expensive shared hosting.
- Update your WordPress plugins on the staging site. This can be as simple as clicking the “update now” button from the plugins page in the WordPress dashboard. If you run any premium plugins, you may need to get an API key from the developer in order for updates to your plugin to be available. Don’t assume that just because there is no notice to update the premium plugin that a new version has not been released. Instead, you’ll want to check on the developer’s website (look for a changelog) to see if new versions of the plugin have been released.
- Update your WordPress themes on the staging site. This can be a simple operation where you go to Appearance >> Themes from the WordPress dashboard and then click the update button. The same rules apply to premium themes as they did for premium plugins. If you are running a premium theme, make sure you have the ability to update the theme from the WordPress dashboard. Usually this involves getting an API key from your theme developer.
- Go to the front end of your staging site and inspect the site visually. The site should look visually the same as when you began the update. You will want to pay special attention to pages where you have plugin functionality embedded via a shortcode, especially if this is one of the plugins you just updated.
- Repeat steps 2-5 on your live site. Now, for many web hosting companies you will have the option to push your staging changes to your live version. But we’re not going to do that.Why? This process involves migrating a large amount of files, and often involves more risk (and causes more heartburn) than simply repeating the same process on the live site. This is especially important for e-commerce sites, where someone may have just made a purchase on the live site. It’s possible to overwrite an order that was just made by pushing changes from staging to live. So to recap, you’re going to update WordPress core, WordPress themes, and WordPress plugins on your live site. Then inspect the site visually to see if you notice any errors or other glaring problems. If everything worked correctly on the staging site, it should work on your live site as well.
- Perform Critical Point Testing. Now go to your live site on the front end and run some tests. A critical point is where an important user action takes place, and you’re going to want to make sure these are still working as expected. Examples of this include a test form submission, test e-commerce order, or test appointment booking.You should test any of these even if the critical point comes from an external piece of software like a CRM form, a separate checkout software (like Paypal or 2Checkout), or a separate booking software (like Calendly). Your website often interacts with these tools, and you want to make sure that the user experience works as expected from beginning to end. Finally, you will want to make sure that your client receives a notification upon submission of the user data for any critical point.
Pro tip: Save WordPress form entries to the WordPress database. If you’re using a WordPress contact form plugin, make sure it saves your form entries to the WordPress database. Some form plugins will only send an email to your email address of choice and do not save the form entry within the backend of WordPress. We believe that having form submissions only delivered to an email address is just asking for problems. The email can get lost, sent to spam, and on some rare occasions is never delivered at all.If you’re looking for a top-quality form plugin that saves entries to the backend, we prefer Gravity Forms.
You’ve now performed all of the “must-do” activities for updating your WordPress site. Now let’s cover some additional monthly tasks that will have your site running even smoother.
- Check Google Analytics for unusual metrics. Here, you’ll want to log in to Google Analytics and look for any big drops in traffic, unusual behavior like a high bounce rate, or fewer conversions than usual. Is there a top performing blog post that suddenly experienced a drop in traffic? Are fewer people making it to the thank you page this month despite more people reaching the contact page? Are people going to the homepage and leaving after only a few seconds? Indicators like this can signal to you that there may be a usability error at the heart of these metrics. Your job is to go back to your site and investigate why this may be the case. What are some possible reasons that something unexpected occurs? Here’s a short list of common culprits:
- The size of your page (in MB) is too large and the page takes forever to load. The most likely reason for this is not downsizing your images for the web. To compound the problem, the huge page is cached in your browser so it loads quickly for you, but not for a new user.
- You didn’t optimize the page for mobile, the fonts are too large, the content bleeds off the page, or something similar.
- Third-party code is not loading or is loading incorrectly.
Pro tip: Check Google Search Console for unusual SEO-related metrics. Most people think only of Google Analytics when they think of checking their analytics data, but Google Search Console can be extremely useful as well. You can examine top performing pages to make sure they are still receiving an abundance of organic clicks, check to make sure all of your website pages are being indexed, and test the usability of your site on mobile. Google Search Console can even send you a handy monthly report on your top performing pages each month.
- Run a Website Speed Test. What if your site is completely functional and secure, but it takes forever to load? It would still be useless to your website visitors. So now that you’ve updated your WordPress site and checked for unusual metrics, you’ll want to run a website speed test. We prefer to run tests using Google Page Speed Insights, but there are several other good tools such as Pingdom Tools. We like Google Page Speed Insights because you get mobile accessibility and best practices suggestions as part of the report. A good benchmark is a fully loaded time under 3 seconds, but this isn’t the only important metric. Here are a few additional benchmarks to try to hit:
- Time to First Byte (TTFB) under 500ms
- Largest Contentful Paint under 2 seconds
- Total file size under 8MB
- Page Caching is enabled
- Gzip compression is enabled
- Avoid Large Layout Shifts
Phew! That’s a lot to take in, but it’s worth the effort. Now let’s look at the tasks that you’ll only need to perform on a quarterly basis.
Quarterly WordPress Maintenance Tasks
- Double Check all Your WordPress Settings for Security Leaks. Problems with your site can arise from how you’ve set up your WordPress install and who has access to the site. Here are a couple things to be aware of:
Check your comment policy – With your “discussion” settings, you can either have your blog comments held for moderation, automatically published, or automatically published if the comment author has a previously approved comment. You can rack up quite a few comments if you automatically approve comments (and also get some sweet Viagra-related comments on your company’s blog…awesome!) so we recommend holding all comments for moderation. In fact, unless your primary audience is consumers it may be wise to turn off your comments entirely by going to:
Settings > Discussion > Automatically close comments on posts older than X days. Then set “X” to zero.
Review all users of your site – Here you will want to go to the “users” section of your WordPress site and see who has access and what their permissions might be. Are there old employees whose access you need to remove? A blog contributor that has a higher access level than they need? Take appropriate action according to your company/organization’s policy.
Enforce strong passwords – Make sure all users are using a strong password by requiring it. Normally, WordPress users can choose to ignore the strong password requirement; however, you can force strong passwords using the Titan Anti-Spam and Security plugin we mentioned earlier. If you’re on a good managed WordPress host like WP Engine, they will enforce strong passwords for you.
Hide WordPress usernames. By default, your WordPress username can be detected by outside users by typing in a certain url that will look up each user.
The specific url looks like this: https://mysite.com/?author=1; https://mysite.com/?author=2;
Instead of returning the username of each user, you can force WordPress to hide this information using the Titan Anti-Spam and Security plugin or the Defender plugin.
Review WordPress User Registration Requirements
Within the “General” settings in the WordPress dashboard there is a tickbox next to “Membership” which reads “Anyone Can Register.” Most website owners will want to make sure this is not checked. Some exceptions include forum and some membership websites.
- Check your Domain Registration Details. To keep your WordPress site running smoothly, you’ll want to make sure your domain name stays active! Make sure you are using a quality domain name registrar and DNS provider such as Hover or Namecheap. Most website owners will want to make sure that their domain name registration is set to auto-renew so you never fail to make a payment, which could result in losing your domain name to the open market. Going along with this, you will want to make sure your payment method is up to date.
Fun fact: Back in 2015 Google failed to renew their domain name and an employee bought the domain for $12. See the article on this website faux-paus from Business Insider. Big oopsy! Make sure this doesn’t happen to you.
- Update Your PHP Version in WordPress. If your host does not update PHP versions for you automatically, you will have to do it on your own. For many web owners, this will be accessed from within their C-Panel backend, but it varies depending on your host. Updating your PHP version will increase the performance of your site, so it is in your best interest to perform this update. As always, you will want to test this update on a staging website before applying it to your live site.
- Run an On-Page SEO Audit of Your Most Important Website Pages. While running a SEO audit does not guarantee good search engine rankings, it may expose some holes in how your pages and articles are structured. In this sense, it is valuable for looking at how well your pages are created from a technical perspective, but is not very useful when examining your creative or strategic SEO efforts. Here are some things to look for in your audit:
- Target keyword is used in your page title; url; meta description, and body copy.
- H1 tag is used only once.
- H2-H6 tags are used appropriately.
- Page is indexed by all major search engines.
- Image file name and alternative text are optimized for SEO.
- Avoid duplicate content.
- Link to important internal pages.
- Link to helpful external resources. Free SEO audit tools are available from Ubersuggest.
- Audit Inactive or Out of Date WordPress plugins. Here, you will want to take a deep dive into your current plugins. Look for inactive plugins that are not in use anymore or are no longer being supported by the developer. Take appropriate action by removing plugins that are no longer supported or are no longer in use. It is easy to miss plugins that have been abandoned as there is no notification given in the WordPress dashboard when this occurs. Your best recourse is to look at how recently the plugin was updated on its WordPress.org page. This page will give an alert if the plugin has not been updated along with the current major releases of WordPress.
Pro tip: Document your WordPress plugins. It is an excellent idea to create a document that outlineswhat each plugin does, what page URLs each plugin is active on, when it was added, and by who. This way it will be much easier to know what to delete or who to speak to if you need more information.
Good gracious, if you’ve made it this far, you may be wondering whether or not you should just foist these tasks on to someone else?
Do You Need a Professional WordPress Maintenance Service?
Cost of a WordPress maintenance service will be negligible in comparison to the money saved by avoiding any potential website errors or downtime.
If you have the time to learn how to perform all of these WordPress maintenance functions, then by all means, develop your skills and update your site yourself! The world will be better for it. However, many business owners and organizations will not have the time or expertise to conduct these routine maintenance tasks, and they can’t afford to have an outage. For many companies, the cost of a WordPress maintenance service will be negligible in comparison to the money saved by avoiding any potential website errors or downtime.
WordPress Maintenance services abound, and you may want to check out our own WordPress Maintenance service. While this article was created as a “how-to guide” for updating WordPress from the site owner perspective, our WordPress hosting and maintenance service includes most of the maintenance items covered above. We take WordPress security and updates seriously, and pride ourselves in treating your WordPress site like it is our own.
Not all WordPress maintenance services are created alike, which is why we’ve created this handy WordPress maintenance calculator to help you determine how much you should expect to pay if you hire a professional. If you are shopping around for a WordPress maintenance service, you’ll want to examine their list of deliverables carefully. For example, one major difference you will see is if WordPress hosting is included in the cost of your WordPress maintenance package or not.
Website Traffic & Storage
Download Our Free WordPress Maintenance Checklist!
Do all of these WordPress maintenance tasks sound overwhelming to you? To make life easier, we’ve organized all our advice into a handy downloadable checklist which you can use over and over again! Download this beast of a checklist, print it out if you like, and update your WordPress site like a pro.