WordPress websites need regular maintenance to keep them up to date and running smoothly without errors. Here are a dozen maintenance tasks you should be performing. How many do you do?
Ignore a website for too long and it could slow down, show errors or even get malware or be hacked. It is essential to carry out regular maintenance tasks to keep it running.
An obvious one is making backups, but there are many more tasks to maintain performance and smooth running. Few of these tasks need to be performed daily, some only need to be carried out weekly and a few might only need performing once a month or even longer. Let’s take a look at what is needed to keep a WordPress website in good health.
1 Back up your website
Websites are fairly reliable and some people never have problems with them. Some people have sites that have been running without problems for years and it just works. However, this is not everyone’s experience and occasionally a website will fail, either in a minor way or a major one.
There are many causes of minor problems like a plugin not working or glitch in the theme. Major problems can be the result of bad plugins, malware, corruption of files or databases.
You need to protect your website just in case there is ever a problem. If you have a backup, you can recover from most website problems. You can even delete the whole site if necessary and then restore a backup to fix a major problem.
A backup is a snapshot of the site at a particular time, so don’t just make one. That backup you made in 2019 is useless, unless you want to restore your site to the way it was back then. When a backup is restored, everything you did between that date and today is lost. It is therefore essential that you make frequent backups, at least weekly, so if you need to restore, you will only lose a week’s work.
Your web hosting company may create backups and this is useful, but you must make your own backups too. Don’t rely only on your web host’s backup. Use one of the many backup plugins for WordPress like UpdraftPlus, BackWPup, Duplicator, All-in-One WP Migration, to mention just the popular ones. There are many more backup plugins at the WordPress website.
Go to Plugins, click the Add New button and enter ‘backup’ into the search box.
2 Update WordPress
WordPress is frequently updated and there are major and minor updates. Both include security and bug fixes, but major ones also include new features. It is essential that you keep WordPress up to date because security flaws may be exploited by hackers who are constantly looking for ways to take over websites.
Bugs are not always apparent and maybe they have not affected you so far, but tomorrow you may want to do something, like use a feature you haven’t used before and it’s buggy.
WordPress can be configured not to install any type of update or to automatically install all of them, but often the middle path is chosen and it is set up to install minor updates to fix bugs and security, but not major updates that add or change features, like the Classic Editor to Gutenberg switch.
Go to the sidebar in WordPress and click Dashboard > Updates. Unfortunately, updates can break some plugins and you may have to deal with this, but it is better than leaving the site with a security flaw that hackers may exploit.
3 Update the WordPress theme
Themes may also contain bugs or security flaws that either cause problems in use or let hackers in. Old themes may use outdated techniques, they may not support new devices, or take advantage of new technologies or techniques, such as SEO optimization, and so on. Update them.
You may receive a notification when a theme is updated and this always happens with themes installed from the WordPress website, but it may not happen if you installed a theme from elsewhere. If you downloaded a theme from a developer or store, you may not get notifications of updates.
Go to Appearance > Themes and click your theme to see the details. The version number is shown and you can check with the developer or store and see if it matches the current one. If a newer version is available, get it.
4 Update WordPress plugins
The most common way hackers get into websites is through security flaws in plugins. They don’t hack the login page or guess your username and password, unless you have used an obvious one of course, they exploit bad plugins.
Always update plugins as soon as new versions are available by going to Dashboard > Updates. Security fixes in plugins are not always documented, so what looks like a minor update that does little, may in fact, fix a security flaw.
Updating plugins sometimes causes compatibility problems with other plugins or even with WordPress, but it is something you just have to deal with and it is better than having a plugin with a security flaw that hackers can use. Sometimes a plugin goes from being excellent to terrible in one update, so it is a gamble.
Beware of plugins that have not been updated for a long time. You get notifications when plugins are updated, but not when they are not updated. You may have plugins that have been abandoned by the developer and they are a security risk and could cause compatibility problems in the future as WordPress and other plugins are updated.
There is no quick way to find abandoned plugins. Go to Plugins in WordPress and click the Details link on the right of each plugin. Look at the last updated date. Look for a replacement for any plugin that has not been updated for more than a year or 18 months at most.
5 Check for new user accounts
Do you allow people to create user accounts on your website? This is enabled or disabled in Settings > General > Membership. There are good reasons for allowing or blocking this and you might want to restrict comments to subscribers (an account type with the least permissions), you might have contributors, you could have a virtual assistant, a web designer, that a tech expert you hired last year to fix a problem, and so on.
Check in Users to see if there are any accounts that should not be there. It is not likely, but it is worth checking if anyone else has access to the site. Delete any accounts that are not needed or at least downgrade them to subscriber. Select them in Users, click Change role to, choose Subscriber, click Change.
6 Check comments for spam
Spam comments are a constant problem for websites and comment forms attract bots that post junk. WordPress has some features that enable spam to be blocked and I looked at them in Stop spam comments on your blog or website without plugins, but you need an anti-spam plugin if there is a lot of junk posted. Akismet is a popular choice, but there are many more plugins like Anti-spam and I looked at CleanTalk in Stop blog and website comment spam with CleanTalk.
The anti-spam plug-in may occasionally miss spam and the odd comment gets through. You should select Comments in the WordPress sidebar and check on the latest comments just to make sure nothing has got through. An anti-spam plugin might save suspected spam in the Pending section of Comment for you to allow or delete. It may save definite spam in the Spam section.
Both need clearing out. Spam comments could run into the hundreds or thousands if you never clear them out. Click Comments > Spam > Empty Spam if necessary.
7 Reply to comments
Genuine comments may require replies and it can be beneficial to reply to people, even if only to say “Thank you for your comments” because it lets people know you read their comment. You can build a good relationship with regular visitors to your site through comments. Check the Comments section and reply whenever you can.
8 Optimize the database
WordPress stores a lot of information in databases, like the text of posts. If a post is revised and changed, the previous version may be kept. In fact, there may be as many as five previous versions of a post. Comments, deleted comments, spam comments and trashed comments are also stored in a database.
This means that as time progresses, the database contains increasing amounts of unnecessary content. It gets bloated, which can slow it down. How fast this happens depends on how much content is added to the site, daily, weekly or monthly. For a small website that does not see many changes, it may never become a problem, but for a busy site it could be affecting performance after only a few months.
There are plugins available that can clean out the junk from WordPress databases and WP Optimize is one of the most popular, but there are more plugins for optimizing WordPress.
Always back up WordPress before running the plugin and don’t run it too often. It depends on the site, but a lightly used one might only need cleaning once a year. Afterwards, the site performance will increase slightly.
9 Update old content
Some types of web content ages very quickly and few people are interested in last week’s news for example. Other types of post are evergreen and are still relevant in several years’ time, like a tip for getting red wine stain out of a white shirt. There is always a need for that.
Many posts are somewhere between and they are not as time sensitive as a news story, but they do become dated eventually. Look for old posts on your website and see if they can be updated in any way. Rewrite a few paragraphs, add a bit more information, add or replace an image or two, then promote it all over again to your social accounts.
Updating old posts might take up a significant part of your time if your website has been around for a few years and has a lot of articles. There always seems to be a post that is in need of a refresh.
10 Delete outdated posts
Sometimes posts become so outdated they cannot be refreshed and the only option is to delete them. Outdated posts with wrong information (it was right when you originally rote it), that does not apply now, should be deleted. Stale posts look bad to visitors who bounce immediately they see the information is not relevant and is bad for SEO because search engines don’t like it for the same reason.
Go to the WordPress Posts section, go to the last post on the last page and start checking each post. Delete ones you don’t want.
11 Delete unused images
Over time, your WordPress website may contain an increasing number of unused images. This can happen when a post is updated and new images replace old ones. Sometimes you may create promotional images to go in the sidebar, you might replace your own image on the About page, and so on.
It is completely safe to leave unused images in WordPress and they have no effect on the performance. However, time and space is wasted when backups are made because unused images are backed up along with used ones.
It is not really a priority maintenance task, but you might want to find and remove unused images to keep backups efficient and, well, it just looks better not to leave trash lying around.
In WordPress, go to Media, click All media items and select Unattached. The aim of this feature is to show all images that are not used in any posts. However, I find it unreliable and some images are definitely used in posts, even when it says they are not. If you are absolutely sure an image is not used anywhere, click it and then delete it. Take care and if in doubt, leave an image alone. This is an unreliable feature!
There are a few plugins that clean up WordPress media library like Media Cleaner, but take care because as with WordPress’ built in feature, it may get it wrong. Some have an undo feature, so you can put back images if you find they are used, but be extra careful cleaning up media.
12 Check your website for broken links
Many websites contain broken links that point to websites or pages that no longer exist or whose purpose has changed. This is one reason why updating old posts is useful and you can check the links and replace them if necessary.
There are also web services that check websites for broken links, like Online Broken Link Checker. It crawls your website and tests up to 3,000 links for free. That might sound like a high number, but a web page can easily have 10 links on it, so it might only test 300 pages on your site. That might be enough for some people though and there is a commercial version with no limits. There are also other broken link checkers like Dead Link Checker.
