Maintenance and Upkeep of Your WordPress Site

Launching your WordPress site is just the beginning of its life on the web. You’ve conceived and birthed your baby… but now you’re in charge of feeding and protecting it.

Owning a site is a responsibility. There’s a lot to consider, more than most people realize when they are just starting out. Neglecting your site means it could get hacked, suffer from broken links, or an unplanned update breaking your contact form.

Here are some of the main tasks you’ll have to do on a regular basis to keep your site in excellent health.

Backups: Daily or Weekly?

Backups are arguably the most important ongoing task on your site. You may need a backup if your site gets hacked, for example, or if an update breaks something and you don’t have time to fix it. Basically, backups are great insurance for any instance your site goes offline and you need it up and running again before you have time to address the root cause.

The frequency will depend on how often you publish new content on your site. Ecommerce sites will want a daily backup (at least of the database) to retain all the order and customer information. Hobby bloggers can make do with weekly or even monthly backups, depending on posting frequency.

Make sure to keep an archive of backups so, if your site gets hacked, a clean copy is available. Again, depending on how often you log into your site, it could be as little as one day before you realize something is wrong or as long as a few weeks. In either case, you want to be able to go back to a clean copy of the site.

Fortunately, it’s easy to automate this task. All that is needed is to schedule the backups (set-it-and-forget-it style) and back up to a third party storage location such as Dropbox. Your backup should be kept on a different server than your actual site; otherwise, if your site is hacked, your backup can be compromised as well.

Free Plugins
Updraft Plus
The free versions of either plugin will suffice in most cases, but both have paid versions available with additional features.

Paid Services
VaultPress has various tiers of service including a real time backup feature for the most complete backup solution. They have an easy restore process as well.

Security Scan: Weekly

A hacked site is more than a pain in the you-know-what. It can also get you blacklisted by Google, damage your SEO, make your site look untrustworthy to visitors, and wreak general havoc.

Some hacks can be insidious and hard to detect. When you get hacked, your site may not become inaccessible and simply appear “off.” You might just put those glitches down to tech-weirdness when, in fact, they are symptoms of a hack.

Fast detection is key and there is a plethora of security plugins available to help. I’m not claiming to be a security expert but I would suggest using a plugin that can scan your installation for changed files.

I’ve used a couple: WordFence and All In One Security. They each have tons of additional features as well, but both have scanners.

All In One Security has a fast, lightweight scanner. It simply reports modifications to files, including files that have been added. It’s then up to you to decide if the changes or additions are malicious. I would recommend this for more advanced users who feel confident that they would be able to spot some malicious code.

On the other hand, WordFence does a more resource-intensive scan but it specifically looks for malicious code. This is better for a less experienced user since it provides more guidance.

Database Optimization: Monthly

Databases can get bloated over time with unnecessary info. Spam comments, revisions, and more can weigh down your database and slow down your site on both the front and back end.



I use the plugin WP Optimize to trim the fat. In the example below, I was able to slim down my database by 7MB. Not too shabby! Most of that was in unused post revisions. If you have a site that gets a lot of spam comments and you don’t remove those on a regular basis, they can add a lot of extra bulk.

For some sites, transients can bloat the database. WooCommerce sites sometimes have this problem. Pippin Williamson’s Transients Manager plugin is a great one for monitoring this.

WordPress Core Updates: Every Six Months (at Least)

Keeping up with WordPress core updates is both an important security measure and overall best practice. These days, WordPress is releasing a new version every six months, with point releases and security updates in-between.

If you’re using a managed WordPress hosting service, they will handle your core WordPress updates. But if not, you will have to update your WordPress core yourself. You can also enable WordPress auto updates for point releases. There’s some controversy over this because, although the point releases generally won’t break a site, there have been several cases where sites have lost their functionality.

Of course, it’s better to take nothing for granted. Test all updates on a staging/test site so you can see if anything breaks. Typically, breakages are not due to WordPress but rather due to incompatible themes and plugins.

Plugin Updates: Weekly

By far the most frequently updated part of your WordPress installation will be your plugins. Updating plugins is a crucial part of maintaining a healthy and secure site since many hacks emerge from exploits in old plugin code. Have an issue with a new version of a plugin? Easily revert to an older, non-site-wrecking version using the Rollback plugin.

Theme Updates: Monthly (ish)

Themes tend to get updated less frequently than plugins. However, you still need to stay on top of updates, particularly if they are security related. It’s good hygiene to delete any themes you are not using (besides one default theme for troubleshooting), but if you have other themes installed, update them when you see the notifications. Some theme updates can break custom styling you may have on your site (even if you used a child theme), so if you want to forego an update because of this concern, read the change log first to make sure it’s not an essential security update.

Check For Broken Links: Monthly

It’s important, both for SEO and user experience, to make sure there are no broken links on your site that display a 404 error. All pages should be accessible. There are WordPress plugins for this task but, since they can be resource-intensive (and some hosts even ban them), I recommend using an external tool.

If you have set your site up with Google Search Console (formerly Webmaster Tools), it will alert you to errors in crawling. It’s good to check your Google Search Console once a month or even more for a mission critical site.

For a more thorough examination, you can use Integrity for Mac or Screaming Frog’s SEO Spider (Mac and PC) to run a scan of your site to check that all links are intact.

Traffic Analytics / Stats: Monthly

Analytics and stats are like the stock market – you shouldn’t check on them every day because you’ll get lost in the small ups and downs and miss the big picture. Checking monthly is a good way to see overall trends. If you have a business site, you likely have some specific goals or metrics that are important for your bottom line. Strange drops in traffic or other abnormal trends can be indicators that something is wrong on your site. Likewise, out-of-the-ordinary spikes can reveal that something exciting is happening that you might be able to capitalize on or replicate in the future.

Tools for Managing Multiple WordPress Sites

All of the above can seem like a lot to do even for one site, but what if you have several sites or need to do this for all your clients’ sites? Here are a few efficient tools for managing multiple WordPress sites:

Main WP
Manage WP
Infinite WP

About the Author Lucy Beer is a web and WordPress consultant focused on making WordPress accessible to the beginner and a powerful development platform for the advanced user. Lucy runs Web Training Wheels and can be found speaking around the country or on Twitter. More by this Author