Picture this: Your brand new website just went live (🎉) and you log in to start writing the most epic blog post ever. You’re hit with a notification: 4 plugins need updating!
Hang on, what?
Turns out, publishing your website isn’t a “set it and forget it” type of thing and here’s why:
- WordPress is always being updated. New features are being added to the core files, bugs are getting crushed, and security issues found and getting patched ASAP. This is true of any type of software with an active development team and a large number of users. WordPress wants to stay on top of things and ahead of the curve – right now WordPress powers about 1/3 of the entire internet, which is no small feat.
- When WordPress has updates, your themes and plugins will also. Plugins add functionality to our sites, but most of them are developed and maintained by third-party companies (not WordPress itself) so updates for these are released on their own timeline. Most reputable plugin developers are going to jump on updates that need to be made.
In this fun lil’ post, I want to talk you through DIY WordPress website maintenance and what you actually need to be getting done to make sure your site is staying up to date and as secure as possible.
I know website maintenance isn’t the sexiest of topics, but I promise you that you’ll feel so much better having an understanding of how to maintain your site on your own. Whether you plan to continue to DIY your site maintenance or you just want to get familiar with it in case your maintenance provider decides to take a 6-month vacay to the North Pole, this is going to help you.
If you can DIY your WordPress maintenance, at least you won’t be stuck with security holes and old versions of plugins on your site. 😅
DIY WordPress Website Maintenance 101
There’s basic, bare-minimum WordPress security and maintenance and then there’s some higher-level stuff that we can get into in another post. I definitely don’t want to overwhelm you, so let’s just jump into what you need to know about.
1.) Make a backup of your site every time, without fail
Before you change anything (literally anything) on your website back. that. shit. up.
The absolute last situation you need is to make a change that breaks your site and then you’re stuck with no clean backup and a blank, white screen staring back at you. You do not need that experience in your life, believe me (been there.)
In what situations would I need to restore a backup of my website?
There are a few and they’re all super annoying, but I want you to know about this stuff upfront! By the way, restoring a backup is a lot easier when you actually have a backup to restore. These are some situations where you’ll need a backup:
- Site crash after updates. You updated your plugins and there was a conflict of some sort that caused your site to go down.
- Total or partial loss of data. This can happen if you accidentally delete a file that shouldnt’ve been deleted etc.
- Security issues or suspicious behavior. If you get a notif from your security plugin that files have been changed around or that a suspicious login attempt was successful, you’ll probably want to take a look at your security log and revert to a backup from before that happened.
How often should I back up my site?
So this kinda depends, but because I want to give you an actual answer to this question, I’ll make a recommendation for you based on how much activity you have on your site.
If you don’t update your site a lot and you have low user activity (Comments, sales, support requests, user account updates, etc.) then you can probably get away with one backup per week.
If you update your site regularly and/or have lots of user activity, I recommend running a backup at least once per day.
And if you have a TON of user activity and/or updates, back it up multiple times per day.
Where should I store my website backups?
Wherever you want, really. As long as it’s secure. I store mine in Google Drive as well as in another cloud storage service that my backup plugin utilizes. Some web hosts create regular backups of your site and store them in your hosting account, but you should also have a backup running to a third-party storage solution – so Google Drive, Dropbox, OneDrive, or wherever works for you.
2.) Update your theme and plugins one-by-one
When updates are available for themes and plugins your site uses, you should usually make the updates ASAP. Some of these updates will be fixing security patches, so it’s important to act fast in those cases.
Tip: If you subscribe to the Wordfence newsletter, you’ll get updates when popular plugins have security issues and/or release patches for them.
When you’re updating plugins, themes, and WordPress itself, you should go smallest to largest.
- First, update plugins one-by-one
- Then, update your theme
- Finally, update WordPress if an update is available
The reason you want to update things one-by-one is because sometimes plugin conflicts happen that could break your site. One of the best ways to make sure that this doesn’t happen to you is by staying up to date with the major plugins you use.
For example, I use Elementor on most sites I create, so I’m on the Elementor newsletter and I’m in a couple of Facebook groups for/by Elementor users.
Make sure you back up your site before making any updates!
3.) Remove themes and plugins you don’t use anymore
If you’ve got themes and plugins floating around on your site that you’re not using, deactivate and uninstall them. By keeping them installed, you’re slowing your site down, creating more work for yourself (more updates to run) and creating additional security risks.
Each plugin and theme you install is another potential way for hackers to access your site. This isn’t to say that plugins are a good thing – they’re honestly amazing. But, you need to make sure that you’re updating plugins quickly when updates are available. Many plugin updates are feature-focused, but lots of them are also security patches.
Related reading: 5 Types of WordPress Plugins to use on your Site
4.) Clean up your database
This might sound like a complex maintenance task, but let’s take the easy route here. You can install a WordPress plugin called “WP-Optimize” that will take care of a lot of this for you. I recommend installing it while you’re doing your site maintenance and then uninstalling it when you’re finished. If you forget to uninstall it there’s no harm done, though.
This plugin will help remove old post revisions you’re not using (just make sure you don’t want to revert to any of the old revisions before deleting them) and clearing out old post and comment garbage from your site. Essentially, you’re just cleaning out old junk files you don’t need cluttering up your site database.
5.) Run a security scan with whatever security plugin you’re using and check your security logs
Most security plugins offer a security scan for your site, so run that and take the time to read through the results. Here’s a list of security plugins that are widely used and recommended:
- iThemes Security (I use this one.)
6.) Check for broken links
Got some good news for ya: We can use a free plugin to do this work for us, too! The “Broken Links Checker” plugin is another one that you can temporarily install on your site. Use it to scan your site for broken links. Goes without saying that you want to avoid your site users landing on a 404 page. So checking for broken links is a good use of your time (and thanks to the plugin, won’t take up much of it unless it finds lots of links to fix.)
You can set up the plugin to send you an email whenever it detects a broken link on the site. Or just check the dashboard in the plugin settings when you log in to get maintenance done. Whatever works best for your workflow!
Related reading: Why to Create A Custom 404 Page for your Site
7.) Moderate your comments
Check the comments for annoying, spammy comments left by bots or people. Usually, they are comments left with the purpose of creating links back to the commenter’s website. (That’s an old SEO tactic that doesn’t really work anymore but people are still going ham on it for whatever reason.)
First, go to your comments tab in your WordPress dashboard.
Then, go through any new comments and send spammy ones to the trash. Then delete them.
You’ll get a good amount of spammy comments if you have comment enabled on your site, so don’t think anything is wrong if you’re deleting these on the reg. It’s just part of being on the internet, sadly!
Found this helpful + want to save it? Pin it to Pinterest! 🔽