Whether you’re a seasoned webmaster or you’ve just launched your first WordPress website, maintaining your WordPress site is a constant process. If you build a WordPress site without consistently taking care of it, you’ll be opening yourself up for plenty of failures. Developing a proactive schedule and to-do list will help your site grow and be secure.
Similar to checking your car’s engine and oil, WordPress maintenance is a constant process that ensures your most reliable business tool is running at maximum efficiency. This checklist explores 17 essential steps for maintaining your WordPress websites so that they’re properly engaging users and remaining secure.
Table of Contents
- Monthly WordPress Maintenance Checklist
- 1. Backup your website
- 2. Security-related Cleanup
- 3. Update Everything
- 4. Website audit
- 5. Optimize your database
- 6. Run Malware Scans
- 7. Check for broken links
- 8. Create or modify your 404 page
- 9. Search Engine Optimization
- 10. Get notified about downtime
- 11. Perform a visual inspection
- 12. Change all your passwords
- 13. Check and delete spam comments
- 14. Make sure your “About” page is up to date
- 15. Post Regularly
- 16. Test Forms
- 17. Create and update social media profiles
Monthly WordPress Maintenance Checklist
1. Backup your website
Ideally, you’re backing up your WordPress site daily, and chances are you’re already doing so on a regular basis. Nevertheless, it’s imperative to backup your website since you never know when things might go wrong. Backups are like insurance policies – you hope you never have to use them, but when things go wrong, they can be a lifesaver.
Whether it’s a problem with WordPress or the hosting company’s server, having multiple backups keeps everything running smoothly in the event of disaster. Although some hosting sites include backups in their initial plans, it’s always good to utilize other plugins and services to automate the backup process such as Updraft Plus or BackWPup. Sometimes these services stop working without you knowing about it, so it’s recommended that you manually backup your WordPress site every now and then.
Sucuri reported that in 2019, WordPress users were one of the most vulnerable demographics to hackers. As such, you should invest in security plugins for your WordPress sites so that they’re safe from most major threats, such as brute force, comment spam, and DDoS attacks.
With that said, it’d be wise to perform a few additional tasks to make sure your site is fully secured. These tasks include reviewing user lists and removing inactive users, forcing a reset of all passwords, generating new salts, and spam cleanup. In the event your site was compromised, malware removal and site restoration should also be done immediately. WordPress offers a few tactics to harden your site’s security, but it’s always safer to use other plugins and services to up your defenses from sites like Sucuri, Wordfence, and Defender.
3. Update Everything
Regularly updating everything on your site bolsters the security and overall performance of your site. Hackers can easily gain access to your site because of an old version of a WordPress core, theme, or plugin. In fact, Sucuri reported that 49% of WordPress users infected with viruses in 2019 had outdated installations at the time of the attack.
Although it’s a simple process, many users often forget this process and end up compromising their sites to attacks.
Luckily, viewing or managing pending updates on WordPress is relatively simple. WordPress features a built-in system that allows users to view all available updates within their sites by simply accessing Dashboard -> Updates. Install these updates on a staging website to see if it interferes with existing functionalities, then install the updates on the live site. You can set scheduled updates for core, plugins, and themes, so take advantage of these functions to prevent infections from occurring.
Bonus Tip: If you don't want to play Russian Roulette with your WordPress website every time you want to run an update, then it may be worth hiring an unlimited WordPress team. Many of these top providers provide a fixed monthly plan to maintain your WordPress blog and website.
This can be a great economical option when you have multiple websites, or a lot of plugins that require updating. In addition, to general maintenance, you can get additional value out of an Unlimited WordPress team by delegating other common tasks to them. This saves loads of time in development hours. It also enables you to focus on other important aspects of managing your site that only you can do.
4. Website audit
WordPress defines validating your website as, “ensuring that the pages on your website conform to the norms and standards set by various organizations.”
To make sure that you’re properly validating your site, review your code to ensure that it’s up to current standards, test the responsiveness of the design, and test to see if your site is accessible to all users. Repair broken links and anything else that’s essential to user engagement and conversions.
5. Optimize your database
WordPress stores everything in a database – your blog posts, pages, users, comments, tags, and more. Over time that database can start to get overloaded with a lot of unwanted data, like spam comments, drafts, settings from uninstalled but undeleted plugins, and many more.
This creates over-sized backups which makes downloading, uploading, and restoring backups an annoying long process. Worse yet, it can slow down your WordPress site. Slow-loading websites can be detrimental to your site, as the average American attention span is now at about 8 seconds. If your site doesn’t load fast enough, that’s slower site traffic and less conversions being made.
As such, checking and optimizing your WordPress database every month is extremely important. Plugins such as WP-Optimize and WP-Sweep can clean your sites and compress your images and improve loading times. Alternatively, content delivery networks can load a site’s most requested content in edge locations to deliver it to users quicker.
6. Run Malware Scans
As already established, protecting your site from hackers is extremely important. On top keeping regular backups and updating your site, make sure you run malware scans often to up your site’s overall security.
Plugins like Wordfence can run automatic malware scans on your sites, but there are a plethora of other tools that serve the same purpose. Find what works best for your site and keep intruders out of your sites.
This is an often forgotten problem that can have a detrimental effect on a site’s SEO and user experiences. Broken links mean that links rot, and can be incapacitating. Manually checking links, however, can be a real pain. Luckily there are tools and plugins such as Broken Link Checker that makes this process as harmless as possible.
8. Create or modify your 404 page
If you do have broken links on your site, users are usually redirected to a 404 page that tells users that whatever they’re looking for is not available. This means that users were interested in your site, but just got led into a brick wall.
Don’t let these users go – incorporate links, search boxes, and other tools to make your 404 page as welcoming and accommodating as possible. If you’re using the default 404 page, it’s likely uninviting and ugly. Don’t let these conversions go to waste!
9. Search Engine Optimization
Conducting a thorough, in-depth review of your content and SEO strategy is a key step on your WordPress monthly checklist. By using Google Analytics and Google Search Console, you can analyze whether your SEO strategies are working.
Your Google Analytics account lets you assess how your traffic and rankings have been developing over the past few weeks. You can review where your visitors are coming from, what they’re doing on your site, how they’re responding to your content, and which content is receiving the most attention. Likewise, Google Search Console shows you where your site appears in SERPs.
10. Get notified about downtime
It’s not likely that your site is going to be available 100% of the time, it’s a good habit to make sure that they’re up as much as possible. Most providers promise 99.99% up-time, but it’s ultimately your responsibility to ensure that there’s no downtime on your WordPress site.
Every time your site is down you lose a huge amount of potential traffic, leading to decreased conversions. Therefore, it’s imperative that you know when your site goes down so you can bring it back online as soon as possible. Services such as UptimeRobot and Super Monitoring checks if your site is online and notifies you of any downtime.
11. Perform a visual inspection
Checking whether your site is having any issues with layout and formatting across all available platforms is a good habit to get into. You never know how your audience is viewing your content, so it’s a good idea to make sure that your site works on every possible device and browser.
Checking for cross-browser compatibility ensures that your site works on all popular browsers like Chrome, Firefox, Safari, and Internet Explorer. BrowserShots is a reliable cross browser compatibility testing service, as is BrowserStack.
You should also check if your WordPress site fits and adapts to multiple mobile devices, tablets, and other desktop resolutions. You can try doing this manually, or with sites such as Responsive Design Checker.
12. Change all your passwords
Strong passwords are one of the best ways to keep your WordPress sites safe from intrusion, so changing your passwords regularly is a good way to protect your site from brute force and other similar attacks. These passwords can be for your WordPress database, FTP or SSH accounts, or your Dashboard area.
Make sure your passwords have a mix of capitalized letters, symbols, numbers, and other special characters. Alternatively you can use tools like the LastPass Password Generator to generate the strongest passwords possible. Just make sure you jot them down!
13. Check and delete spam comments
For this, you can use tools such as Akismet to automatically sort out spam comments from your comment moderation queue. However, these programs aren’t perfect and can mark valid comments as spam, so it’s recommended that you manually go through the spam list to make sure that this doesn’t happen.
Once you’re done with that step, then you can delete all the spam comments. Make sure you reply to the valid comments that you filtered out, as engaging with your readers is a great way to foster an active relationship with your audience.
14. Make sure your “About” page is up to date
Just as you should keep your plugins and themes up to date, so should your content. Life never stays the same for long, and as you engage with more and more users each month, your site’s information should reflect any changes in your professional or personal life.
Gaining a new reader for a blog is great, until they see that your “About” information doesn’t line up with the content you’re actually producing. Potential conversions might leave your site because they think it’s poorly run or that the blog doesn’t post regularly. Just as you want to keep your resume up to date with everything you’ve accomplished, your “About” page should always reflect the most recent information about you.
15. Post Regularly
If you’re a relatively new blog trying to gain a larger following, posting regularly is simply a must-do. Establishing a regular posting schedule helps bloggers hold themselves accountable while also remaining organized. But quality can sometimes trump quantity. You don’t want a heap of half-hearted junk populating your site. Producing quality content consistently can help you garner a loyal audience while improving your SEO rankings.
16. Test Forms
Forms are a way for your visitors to reach out to you through your site. But don’t just create a form, line it up on your site using a shortcode, then just leave. You should test that form out.
You might notice that your site doesn’t send out mail, at which point you can establish a contact form through plugins such as Gravity Forms. Also, make sure your admin email is up to date, especially after you make changes. Say you move your website to a new domain name but you don’t change the admin email. Suddenly, reaching out to you through email becomes very difficult for visitors. To prevent this from happening, change your admin email in your settings.
While this doesn’t directly affect your WordPress site, it’s still important to treat your social media as an extension of your brand. It’s pretty rare these days to find websites that don’t have social media accounts associated with itself.
You can build your community through platforms such as Facebook, Twitter, and Instagram. By linking them to your WordPress site, you can increase traffic and user engagement. Just as you made sure to update your “About” page, ensure that your information on your social media is just as accurate, and that the links that go to and from those other platforms are functional.
Following a WordPress monthly maintenance checklist such as this will not only keep your site secure and less vulnerable to attacks, it’ll enhance your site’s visibility among search engine users and ultimately improve your conversion rates.