Keep your website up and running so it can keep working for your business!
I often get asked about WordPress website maintenance, backups and plugin updates, which are all imperative to the smooth functioning and security of a WordPress website.
Why bother with WordPress website updates?
Even though your WordPress website may seem to be ticking along quite nicely without much being done to it, this can be a risky strategy. WordPress is by far the most popular content management system in the World (around 60% of CMS websites are run on WordPress, dwarfing other CMS’s such as Joomla, Drupal and Magento), and while I think WordPress is popular for good reason, it also means that because of its popularity, WordPress and WordPress plugins are frequently targeted by hackers and malware.
If your website gets hacked and you don’t have a backup, in the worst case you could lose the whole site with no way to restore it. Often a hacked website may appear to be working correctly but it could be used to send spam using your company profile and possibly helping to spread viruses around the web. I’ve come across affected websites where the hackers have added a redirect to their own site and the actual website was completely hidden from users. It could also affect how your site appears in google, where the only thing that has been altered is your site description.
If you feel that your site has been affected in anyway, don’t touch it. Make sure you consult an expert as soon as possible as you could inflict more damage by trying a DIY approach.
But by following the list below you should not only prevent your site from being hacked, but in the worst case scenario that it is still hacked (as it’s impossible to actually prevent it completely), you should have the backups in place to restore your site quickly and without a huge loss to content or functionality.
1. Implement a double back-up strategy.
Before any work begins on your website, back up your site. Every website, and especially those containing frequently updated sections such as a blog, should be backed up on a regular basis. An effective backup solution should involve at least two back-ups, saved in different locations, to add an extra layer of security in case one of the back-ups gets deleted or corrupted. Backup frequency should reflect the frequency with which you update your website and website files, but I would recommend it is done at least once a week.
The first backup is usually provided via your host. A good hosting company should offer daily website back-ups and the ability to restore to a previous version should the website become corrupted or hacked, or fail while maintenance is performed. Make sure you ask your host about this, and if they offer a service to restore if the worst should happen.
The second backup can be automated via a back-up plugin and saved to a separate location. A plugin I can recommend is Updraft plus, a free plugin which facilitates automatic backups to remote locations such as Google Drive and Dropbox. This can be set to make daily or weekly backups, where all files are saved externally.
Once these have been set up, you will need to make sure you check your back-ups on a regular basis to make sure that the process is running smoothly. As everything is automated, a manual check is essential as these processes can and do fail.
2. Keep your website updated!
In order to keep a WordPress site safe, all plugins and WordPress files need to be updated frequently, as plugin and core file developers create updates to provide patches for new security vulnerabilities and website performance issues. Which means that an out of date plugin may create a weak spot for hackers or reduce your website performance.
Once you have a good back-up strategy in place (allowing you to restore the site in case there are any issues!), you are ready to start the updating process. This is easy to do from within your WordPress admin panel. In the top left hand corner, next to your website name, you will see a two circular arrows with a number next to it. If the number is anything but 0, then updates are required. Click on the icon and it will take you to the updates page. When updating plugins, there is one important rule: do one update at a time and test your website after each update. An updated plugin can in theory break your site, so this way you can know which plugin may be causing an issue. You can then revert to backup and contact a developer to help resolve the issue. But at least you know which plugin caused the issue, reducing the troubleshooting process.
3. Change your username and password
One of the most common areas of attack on WordPress sites happen via the admin login panel. But some basic changes to your settings can make a big difference.
change your username and password to something difficult to guess. ‘admin’ is the most common username and should be avoided. Passwords should be unique and made up of a complex mix of upper and lowercase letters, numbers and special characters, such as “mMMP}DrTp6k3FR`RD)s?5:sm~5 If you want to create a very secure password, a password generator can be a very useful tool.
4. Enable Web Application Firewall (WAF)
A firewall blocks all malicious traffic before it even reaches your website, so is one of the most effective ways of protecting your site from attack. I can recommend NinjaFirewall, which offers a free and premium version, but the free version already provides a very effective firewall for your WordPress site.
5. Test your website as a user would see it.
This involves going through all your pages and more recent blog posts to make sure they appear correctly. Resize the windows and check them for different screen sizes. Do all images appear correctly or are they blurry? Check that contact and submission forms are submitting correctly and that you receive the emails. Links can and do break, so make sure that none of the buttons and links on your website are broken. Is the navigation and all the links / dropdowns working on mobile and desktop?
6. Check your website speed.
The biggest reason that people will click away from your website is if it’s taking too long to load. Studies show that after about 3 seconds half your visitors will give up and leave. I’m definitely one of those people who loses patience quickly! You can use the google developers tool to check your website speed:
Some of the most common reasons for a sluggish WordPress site are:
• Your hosting is slow. If your site is loading slowly, a likely cause is that your hosting is inadequate. Cheap shared hosting packages are great for small websites, but for a professional business website, a premium managed WordPress hosting solution can dramatically speed up your website.
• Your images haven’t been optimised. If you upload images to the web, they should be optimised for the web and not be larger than a few hundred kilobytes. This should ideally be done in an external editor such as photoshop and the images saved as jpegs, not as pngs or any other file format. If you do upload original larger files, at least reduce the file size from within the WordPress image uploader.
• You haven’t updated your WordPress core files and plugins, as these updates often deal with performance as well as security issues.
• A bloated premium theme: many premium WordPress themes come with so many extra plugins and features enabled that it can have a dramatic effect on your page load speed. It’s hard to do anything about this, apart from change to a slimmer custom theme, but all other steps combined will hopefully help improve your website speed.
7. Check your social media feeds and sharing buttons.
If your website contains Twitter, Instagram and Facebook feeds, check these on a regular basis. They are generally run via third party plugins and rely on communication with the different social media platforms. If communication fails the feed will break and no longer appear on your website. This generally requires a developer to resolve but it’s a good idea to keep an eye on them so any issues can be resolved quickly.
Following these 7 steps should lead to a more secure, faster and user friendly WordPress website, which is quintessential to any business. It’s important to run these checks on a regular basis to avoid any serious issues. Depending on the size of your website I would factor in at least 30 minutes a week to focus on WordPress website maintenance.
What if I don’t have the time or inclination to do this myself?
Along with web design services, I also offer a variety of web maintenance packages, including a free website check. I can either do a one-off service on your website to optimise and back-up your website and install WordPress maintenance plugins, or I also offer regular monthly website maintenance packages to give you peace of mind, in the knowledge that your website will always be up to date and offer the best user experience possible.