Do I really need to be worried about WordPress Maintenance & Security?
To best understand the importance of WordPress Maintenance and Security it’s easiest to use an analogy, who doesn’t love a good analogy? A lot of you have most likely owned at least one vehicle in your lives. For those of you that haven’t, be glad you’ve never had to deal with … vehicle maintenance. For everyone familiar with this concept, you’re aware that without proper maintenance you could very well end up stranded on the side of the road. Staring at the traffic racing past, as you wait on hold for help. Your WordPress website is very much like your personal vehicle. It will take your business to where it needs to be, but without proper maintenance and care, you could end up on the side of the virtual road. Staring at your competitors racing past, while frantically trying to find help.
Just like a vehicle your WordPress website needs continued maintenance to run properly, so it can continue to function and serve you and your clients without issue. Now I’m not talking about oil-changes and replacing engines, WordPress has some very specific maintenance requirements. Maintaining websites can be tedious and technical for most. So let me break down the areas you should be focusing on to keep your baby purring like a kitten.
What should I focus on first?
Website backups are the key ingredient for disaster recovery. While WordPress is a stable platform it is not infallible, especially if you’re not keeping up to date with your WordPress maintenance. Having a full backup of your WordPress website will prevent you from having to start from scratch in the case your website goes down, or gets hacked. While you can store these backups on in WordPress itself, it’s best to have a cloud backup plan in place. These backups are kept offsite so even if your host explodes, your website is safe.
Next to backups, WordPress security should be your #1 concern. The Internet can be a dangerous place. It’s filled with some pretty malicious people that have nothing better to do than make your life, and your clients lives, a lot less pleasant. It’s always recommended to go with a WordPress managed host for your website, such as WPEngine. If switching hosts is not an option for you, plugins can be used to beef up security on your website. Either method you choose, adding an extra layer of security to WordPress is a great step towards protecting your company and it’s brand.
A big part of WordPress maintenance is keeping WordPress and it’s associated plugins and themes up-to-date. This is the best way to ensure a happy, healthy website. Developers release updates for many different reasons. When they detect a security breach; when a core update breaks a part of their plugin functionality; or even if they rebrand and want to show off their cool new logo. Whatever the reason may be, WordPress updates are vital to your websites health. If maintained regularly, updates become easier to perform and can make a night and day difference in your website performance. This can mean the difference between impressing a customer or losing one.
Regular malware scans help uncover any small issues so they can be fixed before becoming a big problem. Think of a malware scan as the check engine light in your vehicle. Your cars computer system detects a problem or irregularity and informs you there’s an issue. You take it to a mechanic for inspection and they either, a) tell you it’s a false positive and you’ve nothing to worry about, or b) confirm you have a problem and that you need to take care of it right away. Malware scans do the exact same thing. Performing regular scans is one of the key aspects in squashing website hacks before they spread.
Just because you might not be using a certain plugin anymore doesn’t mean it can’t cause issues on your website if it’s still hanging around. Disabling a plugin only means your website isn’t actively using the code on the website anymore. But this doesn’t stop that plugin from being accessed by a hacker or adding extra bloat to the size of your site. For these reasons checking for outdated or unused plugins is one of the first things I look for during a security audit of a website. It’s not the end of the world to disable a plugin for awhile if you’re testing out new ones. However, you’ll still want to make sure this plugin is kept up to date until removing it.
A simple solution, yet overlooked by many. Brute-force attacks happen every minute on WordPress websites, and not having a strong password is a recipe for disaster. Set a reminder on your phone or add it to your task list to update your password from time to time. This goes for any password connected to your hosting account and not only WordPress itself. Your hosting login, databases, and most importantly email account passwords, should all be as strong as possible. A great way to make sure your passwords are secure is by using a generator. My personal favourite is LastPass. They also offer a browser extension that will remember all your passwords for you so you don’t have to.
Is that it for WordPress Maintenance?
Well, yes and no. While the above list consists of 6 main aspects of WordPress maintenance and security, there are still many other things you should do to keep your website running in tip-top shape.
It would be pretty silly to expect a human to stay awake and functional 24/7, yet we require our websites do exactly that. With uptime monitoring you’ll be the first to know when your website is offline. No hosting company has an uptime of 100% (if they claim they do, they are lying). Monitoring this metric will ensure you get your website back up and running as fast as possible.
Broken Link Checking
When people click a link on a website, they expect it work. Having broken links on your site not only frustrates customers, it shows a lack of care and attention to your business. Regularly checking your site for broken links will eliminate issues, and could prevent your users from clicking away to your competitors.
Detecting 404 page hits is a very useful tool. While checking for broken links will tell you if your site is linking out to a broken URL, detecting 404 errors will tell you if a user is trying to access a URL on your website that no longer exists. Maybe you had a popular blog post and recently changed the URL, but forgot to forward it. Whatever the case may be, you want to make sure your users are correctly redirected / informed on why they can’t access the page they are looking for.
Security Audits / Site Hardening
Performing a security audit is a great way to discover underlaying security flaws. Do you have an ‘admin’ user on the site? Do you have an SSL installed? Is your PHP version up to date? Finding and locking down (site hardening) these issues will greatly improve your WordPress security.
I’ve run out of gas folks. The above is a comprehensive list of what you should be implementing when it comes to WordPress maintenance and security. If any of this seems daunting — I don’t blame you. Luckily for you I offer all of these services! Having one of my WordPress Maintenance Plans will proactively prevent problems without you needing to lift a finger. This will save your business time and money in the long run. Maintaining websites is tedious and technical, so let me do it for you!