Did you know that WordPress powers 30% of the internet? That is a staggering number and means that 193,200,000+ sites use WordPress as their content management system .
With this many sites utilizing WordPress for their backend, this means that hackers love trying to break into WordPress sites and cause serious damage to these businesses.
This means regular maintenance of your WordPress site has to be a top priority for your business. I have seen far too many sites taken down by hackers simply because they did not keep their site up to date and have the correct plugins installed.
In this post, I will go through each area that is critical to the health of your site and with the worst case scenario, and also give you the tools for you to be able to recover and bring your site up in minutes.
Below is a rundown of WordPress maintenance practices that will help you to ensure that your website is always giving your site visitors a great experience.
As simple as it sounds, this is the most common problem I see with hacked WordPress sites. Having a simple password makes your site super vulnerable to hackers trying to brute force their way in. If they are able to get into your site, they can wreak havoc on your business.
Even if you are still developing your site, you still need to have a strong password for your login. To avoid this from happening, use a strong password and also choose a unique username other than admin.
Don’t know how to make a strong password? There are great tools that allow you to create a strong password and also have it at hand for your convenience. I recommend LastPass, as it has a very convenient extension available for Google Chrome. This tool generates a password which is guaranteed to be very hard to brute-force.
Page Load Speed
Nobody wants to spend a whole day on your website waiting for it to load content that takes forever to open.
If you are running an e-commerce website and your web pages are taking more than three seconds to load, you are likely going to lose potential customers.
Google may even penalize you by pushing your website lower in your search engine rankings. It is imperative to regularly check the speed of your website and ensure that it is fully optimized.
This could be an entire in and of itself, but below are some simple things you can do to improve the speed of your site, even if you are not a developer.
- The first step is to run your page through Google’s Page Speed Insights. This will give you a top-level picture of how fast your page loads and what you can do to make it load faster.
- Optimize your images. In the next section I will cover how to do that with more details.
- Install a caching plugin. Caching your website helps your site load faster for repeat visitors. I use the WP Fastest Cache plugin for the majority of my clients.
- Use a Content Delivery Network to server users around the globe your site faster. This type of technology uses multiple servers across the globe and sends your files to them from the nearest server. I personally use the free version of Cloudflare to do this and they offer a free SSL certificate.
I put this in its own section because it deserves some love and care. I can’t tell you how often I see un-optimized images on client’s sites.
The problem is that uploading a large size image will slow down your site and negatively impact how fast the page loads. The larger the file, the longer it takes for your visitors to see the content on your site.
This is even more critical with how popular mobile traffic is. So how do you optimize an image that is of high quality, but small in file size? Check below to see how I do this for my clients:
- The first thing you need to figure out is the exact size the image needs to be. I do this by loading the page the image is on in Chrome, right clicking on the image and choosing Inspect Element. This will give you the exact dimensions it is displaying on your computer size (I am going to keep this simple and not get into retina images, if you need more information on how to create images for retina devices, check out this great post).
- Open Photoshop and set the width and height.
- Add the image to the new Photoshop file you created (make sure to hold down shift so that the image scales to size).
- Click File > Export > Export As
- Select JPG as the format
- Then set the quality to 60% or 70%. You will need to tweak with the settings a little bit to make the file size as small as possible, but without losing quality.
- Save to your computer.
- Visit http://tinypng.com/ and upload your image (they also have a plugin) and have the site compress the image.
- Save to your computer and then upload to your WordPress website.
Cleaning Up Old Media Files
Temporary and redundant media files is something that can slow your site down and negatively affect the performance of your website.
I recommend going through your Media folder every couple of months and deleting images you are not using.
Make sure to backup your site before you delete anything, as you will want to be able to bring back files that might get deleted on accident.
I will go into more details on how to easily backup your WordPress website so this can be done automatically for you.
Check for Broken Links
If you are running an e-commerce website, broken links can be a nightmare and is crucial to check out for broken links and to fix them immediately. I use this plugin to automatically scan for broken links.
If you are getting a 404 Errors, you can use this plugin to setup a 301 Redirect to redirect the broken links to other related web pages. This helps with SEO and a better user experience of your site.
Download links should also be checked regularly to ensure that your site’s visitors do not end up with errors when trying to download your content.
Checking Functionality of Forms
For e-commerce websites, email opt-ins and contact forms are essential when it comes to generating leads and sales.
I recommend testing all of your forms every couple of months, just to make sure that everything is working as it should be.
Delete Unused Themes and Plugins
Outdated plugins and themes can make your website quite vulnerable to hacking. They can also slow down your website, which would give your site visitors an unpleasant experience.
After basic passwords, this is the next most important task you have to do on your site to improve your website security and enhance its speed; it is imperative to ensure that all unnecessary plugins and unwanted themes are deleted from your WordPress install.
If you have had a WordPress website for a long period of time, then most likely you will have a lot of bloat with useless data in your database such as post revisions, spam comments, trash, metadata, etc.
This type of data stored in your database will increase the size, which will slow down the performance and backups will take more disk space and time to restore.
Cleaning up this outdated and unused data will reduce your WordPress database size, which means quicker backups, faster restoration from a backup and, more importantly, improved database performance.
Below is a video that explains exactly how to do this:
Website security must be at the top of your regular website maintenance checklist.
A regular, comprehensive security check is meant to ensure that your site is free from malware, viruses, and anything that has the potential to compromise your site security or harm your website.
It is also imperative for you to get a weekly report about your server security and any security issues that have been found. This can save you a lot of time and money if something does go wrong.
I personally use the Cerber Plugin for my own sites and my client’s sites. Below are the key features of Cerber:
- Limit login attempts when logging in by IP address or entire subnet.
- Monitors logins made by login forms, XML-RPC requests or auth cookies.
- Permit or restrict access by White IP Access list and Black IP Access List with a single IP, IP range or subnet.
- Create Custom login URL (rename wp-login.php).
- Cerber anti-spam engine for protecting contact and registration forms.
- Automatically detects and moves spam comments to trash or denies them completely.
- Manage multiple WP Cerber instances from one dashboard.
- Two-Factor Authentication for WordPress.
- Logs users, bots, hacker and other suspicious activities.
- Security scanner verifies the integrity of WordPress files, plugins and themes.
- Monitors file changes and new files with email notifications and reports.
- Mobile and email notifications with a set of flexible filters.
- Protects wp-login.php, wp-signup.php and wp-register.php from attacks.
- Hides wp-admin (dashboard) if a visitor isn’t logged in.
- Immediately blocks an intruder IP when attempting to log in with non-existent or prohibited username.
- Restrict user registration or login with a username matching REGEX patterns.
- Restrict access to WP REST API with your own role-based security rules.
- Disable WordPress REST API completely.
- Disable XML-RPC (block access to XML-RPC including Pingbacks and Trackbacks).
- Disable feeds (block access to the RSS, Atom and RDF feeds).
- Restrict access to XML-RPC, REST API and feeds by White IP Access list by an IP address or an IP range.
- Authorized users only mode.
- Block a user account.
- Disable automatic redirection to the hidden login page.
- Stop user enumeration (blocks access to author pages and prevents user data leaks via REST API).
- Proactively blocks IP subnet class C for intruder’s IP.
- Anti-spam: reCAPTCHA to protect WordPress login, register and comment forms.
- reCAPTCHA for WooCommerce & WordPress forms.
- Invisible reCAPTCHA for WordPress comments forms.
- A special Citadel mode for massive brute force attacks.
- Play nice with fail2ban: write failed attempts to the syslog or a custom log file.
- Filter out and inspect activities by IP address, user, username or a particular activity.
- Filter out activities and export them to a CSV file.
- Reporting: get weekly reports to specified email addresses.
- Limit login attempts works on a site/server behind a reverse proxy.
- Be notified via mobile push notifications.
- Trigger and action for the jetFlow.io automation plugin.
- Protection against (DoS) attacks (CVE-2018-6389).
No matter how secure your website is, it is essential to be prepared for the worst case scenario.
If your site crashes, you need to have a backup system in place so that you can restore your website within minutes. Here is how I backup my site and my client’s WordPress site:
- Create a free DropBox account here: https://www.dropbox.com/
- Create a free Updraft Plus account here: https://updraftplus.com/
- Download and install the free Updraft plugin to create automatic backups.
- Choose how often you would like to automatically backup your files and database.
- Select Dropbox for where you would like to store your backups.
Google Analytics Audit
Google Analytics is a powerful analytics platform and it is 100% free. Having accurate data reporting is critical for understanding the health of your website and where you can improve.
Ensuring that your analytics is tracking everything on your site properly is a must for any website. Once your Google Analytics account is setup, you will want to integrate the free Google Analytics plugin to your site so that you can track what is happening on your site.
Done installing Google Analytics? Make sure that you have removed any hardcoded Google Analytics scripts on your site so that there is no duplicated data.
Check for Browser and Device Compatibility
Your visitors are going to be viewing your site on different browsers and devices (desktop, mobile and tablet).
It is critical to test all aspects of your site on the major browsers and device types. This unfortunately is a manual process, but needs to be checked frequently to make sure you do not lose conversions because of cross-browser or device bugs.
If you do have issues, you will most likely need to hire a developer to take care of the issues as quickly as possible.
At the end of the day, performing maintenance your WordPress website is not something you only do once, it is an ongoing, continuous process that requires constant checks. After designing and building a site, there is a lot of work that goes into technical support.
You should never take security for granted, and if you want your business to succeed, you have to make sure that you’re up to date with security and ensuring that your website is working across the board.
There are day-to-day, weekly, and even monthly maintenance procedures that must be done to ensure that the website is secure, fast, and bug-free.
This ensures that your site visitors have the best experience possible and, more importantly, helps you reach your business goals.
This is by no means impossible, and If you are looking for an expert to handle your site’s security for you so that you can focus on what really matters: building and growing your business, we can help you, just reach out to us today, we will be more than happy to help you with your WordPress website maintenance.