Simple to install, easy to use, and SEO friendly are some of the reasons you probably chose WordPress as the platform for your website. But if you’re like most casual users, you likely didn’t put any thought into maintenance and upkeep. Unfortunately, without proper care and maintenance, your WordPress site can quickly become a liability. It will become vulnerable to attacks by hackers, your theme may quit working, and you might even be faced with the famous “white screen of death” one day when you visit your site.
You can greatly reduce the risk – and even avoid some of these issues completely – if you follow a simple maintenance routine on all your WordPress websites.
Keep a Current Backup
The first and most important step is to keep a current backup. Don’t rely on your host to do this for you. Their servers can fail as well, so keeping a copy either on your computer or in your Amazon S3 account is preferable, and will allow you to restore your site within hours should you have a problem.
Backing up WordPress is a two-step process. The first is the database, where all your post content, user information, and theme and plugin options are stored. The easiest way to back up your database is to log into your cPanel, click the “Backup” icon, then click the name of the database you want to backup. A copy will be downloaded to your computer. If you don’t know the name of the database, you can find it by opening your wp-config.php file in the site’s root directory.
The next step to backing up WordPress is to grab a copy of all the files and folders on the site. This will include your theme files, your plugin files, and all your media uploads (pictures, videos, etc.). You can do that from within cPanel as well by clicking on File Manager and navigating to the correct folders, then downloading a copy to your computer. You can also download these via FTP if you prefer.
While none of that is difficult or time consuming, it is a manual process that requires you to remember to do it in order for it to work. An easier way is to set up an automated solution such as BackupBuddy, which allows you to schedule backups of both the database and the entire site and to upload them to your Dropbox, Amazon S3, or FTP account.
Keep WordPress, Themes, and Plugins Updated
An out-of-date WordPress installation is an open invitation to a hacker. Once a security vulnerability is discovered in an older version, it’s a simple thing for hackers to search out the sites which have not yet been upgraded just by looking at the readme.html file. If you’re not updating your sites every time WordPress releases a new version, your sites are at serious risk of infection.
The core files (WordPress itself) aren’t the only ones susceptible to attack, though. You also need to be sure you’re keeping all your plugins and themes up to date as well. Unfortunately, not all theme and plugin developers notify users when an update is available, so you might not see that handy little “update automatically” link in your dashboard. What’s worse, themes and plugins that are no longer being actively developed are just abandoned. No notice, no warning, no indication that anything is amiss unless you go hunting for it.
It’s up to you as the site owner/manager to periodically check on all your themes and plugins. You can do that by searching each one out on WordPress.org. You’ll need to check the “last updated” date (should not be more than a few months old), read through the forum posts, and visit the developer’s site to see if there are any known problems. Or you can subscribe to a notification list such as SafeWP.com, where you’ll be notified immediately of any newly discovered vulnerabilities in themes, plugins, and core files.
Check for Broken Links and Remove Comment Spam
Broken links and comment spam might not be dangerous, but they can indicate a problem, and in the case of comment spam, can attract more spammers. You can keep broken links in check by installing the “Broken Link Checker” plugin. It will email you when it finds links that need your attention, whether they appear in comments, in your posts or pages, or in your images. A simple dashboard listing lets you quickly edit or remove the link, or visit the page for further investigation.
Comment spam can be reduced by using a plugin like Akismet or Bad Behavior. Also, in your “discussion” settings, make sure you check the box to require all first-time commenters to be manually approved. You can go one step further and require all comments be approved, but if you have a busy site you might find that a bit time consuming.
Check Search Statistics and Google Webmaster
Often the first indication that something is wrong with your site is a loss of traffic, so make sure you have an analytics package set up on your site. Google Webmaster tools is also helpful, since they’ll report crawl errors and other problems, including malware discovered on your site.
Don’t Just Set it and Forget It
Lastly, make sure you take a peek inside your server files once in a while. We all sometimes install test sites, create a mirror site as a backup, or develop a site on one server only to move it to another later. And then we leave those files on the server just in case we need them later. Don’t just let them sit there. If you’re not going to use them, remove them.
Overwhelmed? Don’t be. Once you get in the habit, maintaining your sites is a simple process that will only take you a few minutes each week. To stay on top of it, download our handy checklist.