Best Practices for Maintaining a WordPress Website
“If your website is not properly maintained, having issues & getting hacked is not a matter of IF, but WHEN.”
This is a common saying in the WordPress community. There are huge advantages to using WordPress as a content management system, but the one disadvantage is that every WP website requires ongoing maintenance by a skilled expert.
With core updates being released every few months and new WordPress vulnerabilities being exploited by hackers, maintaining a WordPress site can become a real pain.
7 Tips on Effectively Maintaining a WordPress Site
1. Perform Plugin Updates Once a Month
With over 56,000 plugins available in the WP directory, an update is released almost every day for one of these WP plugins. These updates are critical because they typically contain patches for known security vulnerabilities, bug fixes and feature enhancements.
If updates are skipped for long periods of time, the WordPress site becomes extremely vulnerable to security breaches. In 2017, hackers defaced over 1.5 million WordPress web pages using a vulnerability in an outdated version of WordPress.
By updating the plugins at one time once a month, you can catch all the critical updates and you can make the process as efficient as possible.
2. Utilize a Staging Copy or Sandbox for Updates
Even the most experienced IT professional can run into issues while updating a plugin or theme.
Plugin incompatibility is a common issue on WordPress sites, where a plugin created by one developer does not work well when paired with another plugin. To prevent issues from occurring on the live site, take a staging copy of the site and test the plugin updates in the staging area first.
In staging, you can catch errors & correct issues before updating the live site. This process is very helpful for e-commerce sites with WooCommerce, where any site issues can lead to a loss in sales. WooCommerce recommends that you test every major Woo update in a sandbox area before updating the live site.
On this note, make sure other website users do not click “Update” in the WordPress dashboard, if they notice any plugin updates and that they do not install new plugins on their own. These are 2 common ways that plugin updates can get out of hand and cause issues on a site.
3. Install a Website Audit Plugin
An audit plugin tracks all the activities in the WordPress dashboard area. This tool is extremely helpful when something breaks on the site and you need to track down the cause.
Along with an audit plugin, make sure that anyone logging into the site to perform content edits has a separate login.
NOTE OF CAUTION – Because an audit plugin is keeping a log of site activity, this type of plugin can quickly overload the database if it’s not configured properly. Make sure to configure the plugin so that it is only logging activity for a certain period of time and that you are not tracking miscellaneous data.
4. Always Vet a WordPress Plugin Before Installing It
Since WordPress is an open source platform, there are typically numerous free plugins to choose from when you search for a certain functionality or feature.
However, not all plugins are made equal. Before installing a plugin, check the WordPress plugin page and review the following:
- How many installs does this plugin have?
- If the plugin has been around for a while and it has few installs, that’s a sign something is wrong and there may be issues with the plugin
- Does it have good reviews?
- Take a look at the number of reviews for the plugin and whether it has lots of 5 star ratings or poor reviews.
- When was the last plugin update? Was it tested with the latest WP core? Does it have support questions open from months ago?
- It is very common for a WordPress plugin to suddenly be abandoned by its developer. When this happens, the developer stops responding to support questions, stops updating the plugin to fix security vulnerabilities, and stops testing the plugin with the latest WP core updates.
A properly maintained plugin should have pretty frequent updates released and have been tested with the latest WP core.
If the plugin has poor reviews or it looks like the developer or development team is no longer maintaining the plugin, do not install it. We also recommend doing this extra audit for the plugins installed on your site every few months.
5. Keep the WordPress Database Optimized
WordPress sites can often have performance issues due to their databases. Informational sites built on WordPress typically have a database size between 25-50 MB. Larger sites and e-commerce sites’ databases range from 100 MB to 500 MB.
Having an extremely large database on a site causes poor performance and requires costly server resources.
In many cases, you can optimize and clean up the database. We’ve cleaned up sites, reducing the database from 3 GB down to 50 MB without losing any functionality.
First, check the data logs and then review the plugin settings on the site. Certain plugins and WordPress settings can cause the database to fill up with millions of rows of miscellaneous data.
If you are performing any database cleanup, always do that work in a staging area to prevent any issues on the live site.
6. Handling new functionality requests & needs
One of the biggest advantages to using WordPress is that it is an open source software and the most popular content management system in the world. This means every day developers are building new WordPress plugins and integrations.
When you receive a request for new functionality on a site, start by researching existing WordPress plugins and solutions. Sometimes a completely custom solution is required, but whenever possible, it’s more cost effective and easier to use an existing WordPress solution.
Fully custom e-commerce and membership systems can be extremely expensive and typically require more ongoing maintenance.
When you are evaluating a paid plugin that has more complex functionality, such as a membership system, it’s best to pay for a paid version that includes support. It is tempting to cut costs and skip the support package, but you never want to dive into a more complex functionality and then get stuck without support.
7. Implement Speed & Performance Best Practices
Regular site maintenance is also important for speed & performance. As we mentioned, cleaning up and optimizing the database can help with performance issues.
For ongoing optimization, plugins like WP Smush and Autoptimize help with the minimizing CSS and javascript and basic image optimization.
If you are noticing poor page load times, take a look at your hosting environment. WordPress sites tend to run slower on shared hosting platforms that aren’t configured for WordPress.
We host & maintain all of our sites on WP Engine, one of the premier WordPress hosting options. The WPE servers have multi-cluster, fast hardware with in-RAM caching.
In line with our recommendations on not having anyone else install plugins, try to keep the number of plugins on the site to a minimum. Plugins can add bloat to a site and cause more performance issues.
Preventative Maintenance is Key for WordPress
For WordPress sites, monthly maintenance is the best way to prevent security breaches and performance & speed issues. These tips have helped our team maintain & protect over 600 sites for businesses worldwide. If you have any questions about WordPress security & maintenance, feel free to reach out to our team.