Your website will never be “done.”
The feminist in me does not want to bring up housework, and yet it’s an apt simile so I’m just going to go there. Wouldn’t it be amazing if one’s house only needed cleaning like, once every five years? That’s so not the case.
It’s the same with your website. Plug-ins need to be updated and links checked and security maintained and backups run and offers revamped.
Website maintenance is the unsexy part of running your business. It is one of those things that no one tells you before you create your first website or hire your first website designer.
So I want to make it as easy for you as possible.
What follows is my expert perspective on the ongoing care and feeding of your website.
Why Maintaining Your Website Matters to Your Business
Your website is an asset, just like a house or car. And every asset needs maintaining and regular upkeep to maintain its value!
Don’t make the mistake of assuming that just because your website is “live” and public that nothing can happen to it.
Hackers are a real threat. I’ve seen clients who come to me with DIY sites or sites created by less experienced designers that are wide open to digital security threats, vulnerable to hackers who can erase their entire site content. Or worse.
If the thought of losing all that design and copy, not to mention blog post archives and media files is making you sweat a little—good. And don’t worry, I’ve got your back to prevent something like that from ever happening to you.
A Checklist for WordPress Maintenance and Security
1. Backup your entire site.
- It’s so incredibly important to keep regular backups of your website. Having regular backups of your website means that if you get hacked, you can easily recover. If there is a hardware failure at your hosting company? You can easily recover. If there is a plugin disaster and your settings all get erased? You can easily recover. Your new VA that was so.totally.awesome. and accidentally deleted the next six month’s scheduled posts? You can recover.
- Use a tool like BackupBuddy or UpdraftPlus and save those backups to an offsite location like Amazon AWS, Dropbox, or Stash.
- Backup your WordPress database as regularly as you write new content. The general rule of thumb is to think “how much of my hard work can I afford to lose?” On the flip side, if your site is static in terms of the amount of new content being added you’ll need to do far less backups.
2. Install a security plugin.
- Next you want to always scan for malware and security vulnerabilities. While there are steps and precautions can help lessen the likelihood a site is hacked (for instance keeping your WordPress release up to date) there are no guarantees. If a website is accessible from the web, there is always the possibility it may get hacked. I know, it sucks, but the bad dudes exist and they love to attack poor, unsuspecting sites for no reason other than to inflate their basement-lurking egos. So protect yourself. For reals you need malware monitoring, removal, and prevention!
- I use and recommend both Sucuri Security and iThemes Security plugins. If you install the free versions of both of these plugins, you’ll get some pretty decent security going on.
3. Update WordPress, your plug-ins, and your themes.
- Did you know there are thousands of fabulous folks working diligently to not only combat basement-lurking hacker jerks but also to make your WordPress experience a happier place? Well, there are! Updating your WordPress, plug-ins, and themes means you get the features as soon as they are out, including newer and better security features, bug fixes, and plug-in compatibility.
- You can find out about new WordPress version and plugin compatibility issues here.
4. Delete any unused themes or plug-ins.
- Did your parental unit(s) ever nag you to put away your toys when you were finished playing with them? Same goes for plugins and themes. If you aren’t using them anymore, no need to have them taking up space, time, and potentially causing performance or security issues. Less is more. Uninstall all of your unused plugins and themes for a happy, healthy WordPress website.
- To delete unused themes, navigate to Dashboard > Appearance > Themes. Click “Theme Details” and select “Delete”.
- To delete unused plugins, navigate to Dashboard > Plugins > Installed Plugins. Select “Deactivate” beneath the plugin that you want to delete, and once it is deactivated, click “Delete”; WordPress will ask you to confirm.
5. Check for and repair broken links.
- Part of maintaining a super sexy website is making sure that the user experience is smooth. And part of that experience? Making sure that all of your links take your website viewer where you want them to go.
- I recommend using Google Webmaster (for advanced users), Link Status Pro, or Broken Link Checker.
6. Protect your comments for SPAM.
- A lot of WordPress spam comments will make your WordPress database huge, which slows your site. It’s best to delete spam comments regularly, all in order to keep your WordPress database small, fast, lean and mean.
- But for now? If you haven’t already, install the Akismet plugin (it comes installed automatically with new versions of WordPress, but if it isn’t installed on yours, navigate to PLUGINS > ADD NEW and search for akismet.
- To enable Akismet, go to the Plugins panel and activate the Plugin. You will be prompted to get an API key from Akismet.com after you sign up for a payment plan. It’s free for personal sites and you as you wish for professional sites.
8. Use strong passwords and change them regularly.
- There are lots of misconceptions around what a strong password is and what it isn’t. A good rule of thumb is that your password should be long (10+ characters), complex (totally random, please), and unique (try not to reuse passwords!).
- And, I get it. We have sooo many passwords to manage these days it can get overwhelming to say the least. APPS to the rescue!! I use and recommend password managers like LastPass or Dashlane which can not only generate random STRONG passwords but remember them for you too. bonus.
9. Delete any unused user accounts.
- If you have a VA, guest blogger, copywriter, designer, or anyone else that you want to give access to your website it’s important that every user has the LEAST amount of permission they require to do their job. And once their job is complete? Delete their account, reducing the chance that your website could be hacked when one of their accounts is compromised.
You might be asking: OK, so how often do I need to do all this?
The answer depends somewhat on the volume and content of the site you have. A good rule of thumb that I share with all my clients is once a week (and at the bare minimum, once a month).
By following the steps in this post, you’re well on your way to taking good care of your website like the amazing business asset that it is.