DIY WordPress Updating & Maintenance
You’ve got a WordPress website and all’s well and good. But what most don’t realize, it’s not a “set it and forget it” business asset. Like a car, it needs routine maintenance and gas to keep it running smoothly and going places. Because WP is an open source content management system (CMS), meaning freely available & maintained by experts, doesn’t mean that it fixes itself or can be put on autopilot. Each website is a unique combination of plugins, themes, and/or integrations that need love.
Routine maintenance includes cleaning and repairing plugin leaks, built-up database dirt, performance tweaking, theft security enhancements, and the dreaded recovery from a major loss. It’s kind of like comprehensive and collision insurance coverage. Keep reading for 4 point inspection and repair guide to monthly WP maintenance.
Regardless if your business is local, national, and/or global it needs WordPress gas (SEO – search engine optimization) for it to go places (aka, be found by a visitor). SEO is a vast topic and I’ll cover some basics in an upcoming post to help you dip your toe in the SEO ocean.
WP Maintenance Checklist of To Dos
Word of Caution
Before you start your journey into monthly WordPress updating and maintenance consider the impact of the amount of time updating your site can have on your visitors. Even though updating the WP core, theme, and plugins only take seconds each (depending on your server), consider how many visitors hit your site. If your visitor count is low, the chances of it being noticeable are slim to none. But, if you have a lot of visitors you need to give visitors warnings and put up a maintenance page or use a plugin to give time to test and check all is well. With that said, let’s get started.
1. Backup Your Website & Database
This is a must-do first step. If you don’t have a plugin installed to do this step, I recommend UpdraftPlus. Its free version allows you to download your backup to your computer or a remote cloud server like Dropbox, Amazon S3, Drive, etc. You can even set up automated backups if needed. On your administrator WordPress Dashboard navigate to and hover over Settings > UpdraftPlus Backups in the flyout menu and click. To make a backup, just click the Backup Now button. You can change the default settings for:
- What to back up?
- When to back up?
- Where to send your backups? Remote storage on your computer is recommended. The premium version includes the “How” of backups.
Scroll down the page on the same Backups/Restore Tab and click the Uploads > Download to your computer button. The whole process together is this series of steps:
WordPress Dashboard > Settings > UpdraftPlus Backups > Backups/Restore Tab > Backup Now button > Existing Backups section > Uploads > Download to your computer
Your backup is your insurance policy. Should something go wrong during your routine maintenance, first breathe and know all is going to be okay. If you didn’t lose your Dashboard or this plugin, yay, just click the Restore button and follow the steps!!! If you did crash your site, I’ll cover that at the end of this checklist.
2. Update WP Core, Theme, & Plugins
You’ve got your backup on your local machine and/or in some remote storage place, great!
- Turn off caching – whether you have WP-Optimize, LiteSpeed Cache, WP SuperCache, etc., you’ll want to disable this plugin during your updating. This allows you to see if anything breaks instantly. Go to:
WP-Optimize, LiteSpeed Cache, etc > Cache (this may be in the left navigation) > Toggle Off
Don’t forget to come back and toggle it back on when you’re finished. It speeds up load times for visitors.
- Update your theme(s) and plugins – update themes and plugins before doing your WP core. To do this:
Hover over Dashboard > Updates > Plugins section > Check the Select All > Click Update Plugins
- Update your theme(s) – come back to the same update page as above and update your theme.
Hover over Dashboard > Updates > Themes section > Check the Select All > Click Update Theme(s)
Note: You can also perform updates from the Plugins and Appearance > Themes pages.
- Update the WordPress core – navigate back to the same page where you did the plugin updates.
Hover over Dashboard > Updates > An updated version of WordPress is available. section > Click Update Now
- Turn cache back on – Toggle the Enable Cache button to On.
- Check your website – In addition to checking your website, this is a good time to check the following:
- Contact page – for correct/up-to-date email, address, phone, etc. Test the form and confirm it’s still working by sending yourself a message.
- Settings > General – Is your site title, tagline, and site administrator email address still correct? Don’t forget to > Save at the bottom of the page.
- Check comments and spammers – If you have comments enabled, you no doubt have spam. Akismet is good, but it still needs your attention. Even if you have comments and registration turned off, they still manage to insert them into your database. Clean out your Comments by going to your Comments page. Delete any unwanted spammers from your All Users page.
- Other pages, downloads, FAQs, etc. – Here’s a great opportunity to keep your information fresh for your visitors.
- Update your passwords – I recommend changing passwords 3 – 4 times/year. More frequently if you have a shopping site. Go to:
Users > All Users > Select Your Profile > Scroll to Account Management > New Password > Set New Password > Save
If you subscribe to one of eLight’s WP maintenance plans, you’ll receive an email at predefined intervals to quickly change it.
- Back it up again – Okay, so all’s well, time to go and back it up again with your freshly updated site. Keeping an old version might accidentally end up as your backup in an emergency. Oof!
3. WordPress Security
WordPress security is one of the most important tasks in maintaining your website, but also the most overlooked. For this task, I recommend the Security Ninja plugin. Even though it’s incredibly user-friendly, you do have to know a thing or two about web file management, cPanel, etc. They say you don’t, but if you make a mistake you’re likely to get locked out of your WP Admin or set a setting you shouldn’t.
You’ve got your fresh backup on your local machine or some remote storage place, right?
- Change your passwords – just in case you missed it above, I’ll say it again here: change your passwords regularly. If you use the Security Ninja plugin it will check them and let you know if they are strong enough.
- Check your theme(s) – Delete inactive themes. By default, WordPress comes with several. If your WP developer left them, get rid of them except your backup theme. So, you should only have two, your primary and a backup for making major changes to your active theme.
Appearances > Themes > Click on the inactive theme picture > Click Delete (bottom right corner)
Also, check the last time the theme was updated. It’s a serious red flag to use any theme or plugin that hasn’t been updated in over a year. Do a Google search with your theme’s name followed by Changelog or Releases. For example, Avada theme changelog, Astra theme releases.
- Check your plugins – Delete inactive plugins. By default, WordPress comes with Hello Dolly and Akismet. If your WP developer left them and you’re not using them, get rid of them. I delete the ones I only use occasionally as well (eg, Duplicate Page). To do this go to:
Plugins > Scroll down through list looking for “Activate” > Click Delete
The same thing goes here about old or outdated plugins. You can easily check the last date they were updated by going to:
Plugins > Add New > Type the name of the plugin in the search box > “Last Updated” appears at the bottom of each plugin
- Scan For Issues and Malware – You have options here like Security Ninja or BlogVault, but however you choose to do it, just do it. Over 10 million sites a DAY are being attacked. Adding a firewall, changing the WP Address folder, removing the accessible readme file, proper security keys and salts, and on and on will likely keep you out of theft and injection free. The free version of Security Ninja has a 50-point checklist. I highly recommend letting a WP maintenance professional configure your WP security settings/changes. If you’re using Security Ninja go to:
Security Ninja > Run Test
- Click on the Details link for each test and read through the information. Some fixes are simple and they do a good job on how to fix them. Others, you may have to read the documentation or outsource security optimization.
4. WordPress Database Cleansing
WordPress uses database tables for storing all the actions and information you add. By the nature of WP’s functionality, it has a hoarding disorder, albeit, very useful sometimes (eg, infinite revision history). Regardless, all this saving clutters the database and slows down your site. This is why we cleanse our WP website.
There are many great tools available to complete this task. Advanced Database Cleaner, WP-Optimize, LiteSpeed Cache (if you have LiteSpeed Server), and many more. I’ll use WP-Optimize for our example today. See Tom’s post at OnlineMediaMasters for in-depth instructions and settings.
With your fresh backup on your local machine or some remote storage place, install the WP-Optimize plugin and activate if you haven’t already.
- Go to WP-Optimize > Database > Optimization tab – look down through the list and tick the options you would like cleaned. You may want to keep a few (eg, the comments you haven’t gotten to reading them yet), and some of your revision history. You’ll need to set this up under the Setting tab. It’s wise to keep 5 – 10 revisions just in case you change your mind.
- Go to the Tables tab – Scroll down through the list and “Remove” the items marked “not installed” or “inactive”. Also, while scrolling through, investigate items that have high overhead. If you have a lot of plugins (Wordfence, some SEO plugins, etc.) you may want to consider disabling them or finding better options.
- Go to the Settings tab – You can schedule ongoing database cleaning here and set the number of revisions you want to keep automatically.
What to do if WordPress goes down?
If something should go wrong, go down, or give you a warning, there’s a road to recovery. As mentioned earlier, you have your insurance policy, but don’t use it without investigating first. Some issues that look really bad, like getting locked out of your Dashboard, are remedied without using the backup method.
Here are two images, frontside and backside, of a critical error warning that has locked the administrator wp-admin login page. It reads “There has been a critical error on this website. Please check your site admin email inbox for instructions.” Give it a little time to reach your inbox, then follow the instructions.
Since the release of 5.2, WordPress detects fatal errors on your site caused by a plugin or theme and lets you know with this automated process.
All issues don’t have this easy process. Sometimes you’ll be locked out because the site is completely down. If you’re a novice, I recommend submitting a support ticket with your hosting provider. If have a cPanel hosting account you can restore it by using the one-click restore functionality, great! Typically, the steps look like the following:
Hosting provider login > My Products > Web Hosting > Manage > cPanel Admin > Files > JetBackup (if you have it), Backup Wizard > Restore
If this doesn’t work and you’re not familiar with phpMyAdmin, get help. It’s likely you’ll need an advanced cleanup and security optimization.
In a nutshell, a WP maintenance nutshell (over 2,000 words), that’s it for the routine maintenance. Check back soon for the next edition on adding WordPress gas to increase your website visibility.
Thanks for reading! If you decide WP maintenance is not your thing or you just don’t have time, check out eLight’s Maintenance Plans.
