WordPress Website Maintenance Guide

Website maintenance activities.

You’ve heard you need regular WordPress website maintenance. What is that, and why should you do it? And how much do you really need to do? After reading this article, you will know why it is essential, which actions are non-negotiable and which other ones you might need depending on how you use your site.

You’ve invested time and money into your WordPress website. You don’t buy a new car and never take it for maintenance or minor repairs. If you do, you will eventually pay the price. That’s the way it is with websites too.

Since 30% of websites today are built on the WordPress engine, the chances are good that this article is for you.

Some of us put off updating our computer programs for fear of things “breaking.” I get that. I do that. It’s easier to let others test it for a couple of months until the bugs get worked out.

BUT, you cannot do that with a website! The pace of changing code and the prevalence of hacking mean you must keep up in small, consistent steps.

So, let’s dig in and learn what to update, why it’s important and how to do it the safest way. If you are not inclined to be a techie or simply don’t have time for this, you may want to get on one of our website security and care plans.

Backup Before WordPress Website Maintenance

What is a website backup?

Before performing WordPress website maintenance, a backup is a copy of all your website files. This includes:

  • The WordPress version, theme and plugins with all their settings
  • All the website’s files, including images and other uploads
  • The database

Backups on a Server

Often, a web host will provide daily backups. Most excellent hosts do a full backup, but you should always check to make sure. These backups remain on your server.

Managed WordPress hosting plans usually give you a means to do a one-click backup just before you update your site. And, if anything goes wrong, you can restore your site to that previous version with one click.

Offsite Backups

It’s a good idea to keep a backup in at least one place off of your server. If someone hacks your site, they may also have access to the backups on your server. If you keep copies of your backups in a different location, you know you will always have something to rely on. This is most often done with plugins that do automatic backups.

Automatic Backups

There are several good WordPress plugins to use for scheduling automatic backups to offsite cloud locations. From that cloud location, you can also download a copy to your hard drive to backup in yet another location. Always have at least 2 backups at your disposal. A daily backup kept for 3 months would be great. If you run an ecommerce store you may need incremental backups in real time so that you never lose any shopping cart data.

Why do you need website backups?

If you do nothing else to your site ever, at the very least make a backup!

If something went wrong with your website, without a backup it would have to be rebuilt from scratch. Here are some things that could go wrong to impair your site or to bring it down completely:

  • A coding error made while making site improvements
  • Conflicting code after applying new software updates
  • The site gets hacked

With a backup there are ways to restore your site to the point at which you made a backup. That’s why you want to backup before you update or work on your site. And you want to keep older versions of backups because you might not know right away if your site has been hacked.

How do you perform backups?

For WordPress sites, backups are normally done by using a backup and restore plugin.

There are plugins that give you options to:

  • Backup manually
  • Download backups
  • Backup automatically on a set schedule to offsite cloud storage such as DropBox or Drive

They also have ways to restore your website should you need to use those backups. Each plugin has its own documentation on that.

Staging Site

What is a staging site?

A staging site is a copy of a website for testing updates or changes before they are deployed to the live site.

Why create a staging site?

It is a good practice to use a staging site to prevent errors and wrong decisions from being seen by the public. After errors are resolved, make changes to the live site. This is especially true for major updates of WordPress or theme files. Any time you suspect something may make a big change in your software environment, you can use this method.

How do you create a staging site?

Most website hosts will have a pretty easy way to help you create a staging site. This article tells how to do this on popular hosts.

If your host doesn’t provide a staging solution you can use the plugin WP Staging Pro.

WordPress Website Updates

What are WordPress website maintenance updates?

For WordPress website maintenance, you perform updates on all the software that runs your website. These updates need to happen regularly and often. There are three things to update on your website:

  • WordPress Core
  • Themes
  • Plugins

Why update a website?

Each of these parts has code that needs to be updated for security and to remain in sync with one another:

  • All WordPress websites are built around the WordPress Core code.
  • Themes determine how the website looks; they give you different ways you can change the look.
  • Plugins are little capsules of code that help your site do something specific

When to update a website?

  • Once a month, check to see if core, themes or plugins need to be updated and do so
  • Once a week, if your website has a lot of plugins or is mission critical
  • Also update the software whenever there is a security patch released
  • Get notified of security patches by subscribing to a security scan service

How to update a WordPress website?

Important: Update your staging site first to find any issues and problem-solve before touching your live site. When that works, update your live site the same way.

Visit your site and check a handful of pages to make sure they look right. Some pages to check might be the home page and pages with special functionality like forms, checkout pages, pages with a connection to Google Maps or that are streaming a Facebook feed.

Assuming all is well, move on to updating your site:

  • Login to the dashboard
  • Create a new, full backup of your site
  • Update plugins, core and theme
  • Check the same pages you checked before updating

Order of Updating

People have different preferences for the order of updating during regular WordPress website maintenance. It is my preference to update plugins first. If there is a problem with updating, it will normally be with a plugin. It is easier to identify a problem if you update those first, before adding in any core or theme updates. After plugins, update core. When all is good with that, update themes. Check the front end of your website between each phase.

Updating Plugins

Here are some best practices for updating plugins:

  • Slow and methodical wins the race. Double check what you are clicking and wait a second after you know it is complete before moving to the next update.
  • Pay any outdated premium (paid) plugins. Unpaid premium plugins will keep working for a while but you will need to renew the subscription in order to update your version. (Do it. It is a security issue and prevents the plugin from becoming out of sync with Core or your theme.)
  • Update plugins in small chunks. Do from five to seven plugins at a time. If you are on a slow server, do one at a time.
  • Update “heavier” plugins separately — like site builders, form builders and other complex plugins.
  • Perform visual checks between updates. Go to the front end of the site and re-check those five pages you checked initially. If something went wrong, you know which set of plugins to check further.
  • Update or delete plugins not being used. They are still vulnerable to hackers even though they are not visible on your site.
  • If there are bugs, disconnect one plugin at a time until you find the culprit. File a ticket with the software developer to look at the issue and create a fix. Meanwhile, revert back to the old version (unless it is a security patch).

Updating WordPress Core

Once you have updated the outdated plugins, update WordPress Core if it is needed. Check your pages again, to make sure all the new software agrees and there are no bugs.

Updating Themes

Make sure all themes are updated. Sometimes you will have themes other than the active theme in your dashboard. If you don’t need the unused themes, you should delete them. If you want to keep one inactive theme for testing purposes, make sure it is updated along with everything else.

Tip: When updating a theme, there is a quirk in WordPress. It will look like the theme update is complete before it has thoroughly completed. Wait until you see a “theme has been updated” message. If you click away before the theme has updated, some parts may be left out of the theme folder, causing a fatal error where visitors see a blank screen and you may be prevented from getting back to your dashboard. In that case, you would need to follow directions for a manual update using FTP or C-Panel.

If Something Goes Wrong During WordPress Website Maintenance

Stuff happens, especially to websites. If you followed best practices and made a backup of your site before updating, then you can revert the website to its previous state while you problem-solve. Once your public-facing site is reverted, you can use your staging site to find out which plugin or theme is causing the issue. This way, you can take your time debugging the issue or contacting support for plugins.

Contacting Support

There are two kinds of plugins: free and premium.

For support on issues with free plugins, you can visit the WordPress plugin repository and file a request for support. (You will need to sign up for a free membership for this.) Search for your plugin with the search bar. Then, find the “Support” heading in the right sidebar. Click on the “View support forum” button. Search the forum to find out if your issue already has an answer. If not, click the “Create a new topic” button.

For support on issues with premium plugins you can visit the plugin developer website, log in and submit a ticket. In this case, they may ask to access the dashboard of your site to find out more information. It would be best to make a new temporary user for your site with Admin access. Then remember to delete that user when the issue is resolved.

Restore from Plugin or Host’s Backups

If your host makes backups, you can usually restore from these with one click. If you use a backup plugin, you can follow the directions on that plugin’s Help or Knowledge section on their website.

No Backups?

If you are not WordPress savvy, this is a time to call on a professional. If you know your way around the WordPress file structure, here is how you might salvage your website.

If you have no backups and something goes wrong with the update, you can download a copy of the software (plugin, core or theme) from WordPress.org or from the developer website where you purchased them. Then, follow instructions for updating manually.

If you do not have a backup and something has happened to your database (content and settings), there is not much you can do except to salvage what is possible and start to rebuild the site. Hence, the absolute importance of including the database in your backups!

Monitoring Website Health is Part of WordPress Website Maintenance

Monitoring key indicators of your site’s health is important. Your site may look fine but trouble under the hood could cause a drop in traffic or sales or even a notification from Google that you’re site has been blacklisted. You don’t want to go months not knowing something is wrong. Some of the following actions are easy enough to do without even going into your website.


Security scans will detect if your site has been hacked. They can also tell you if your site is vulnerable to hacking and give you an idea what needs to be done. It is possible for scans to miss a compromised file. So if you see other signs of hacking, it’s best to consult a website cleaning company such as Wordfence, Malcare or Sucuri.

Subscribe to a security release watch email to receive emails on WordPress core, theme or plugin vulnerabilities when they are announced. When they are announced, immediately perform that update on your website.


There are a few free speed tests out there. On a GTmetrix scan, the numbers to look for Web Vitals are Largest Contentful Paint, Total Blocking Time and Cumulative Layout Shift. The “grade” your site gets is not as important as the actual time to load. But, the grade breakdown can provide ways to improve.  GTmetrix will give you the speed of any particular page on your site on desktops. Just type in the URL and away you go. Think with Google mobile speed test will tell you the speed of your site using mobile data.

If your site is speedy enough now, the main thing to watch is that is stays the same or improves. If site speed suddenly takes a turn for the worse, it could be a sign of hacking and you should run it through a security scanner or check with your host.

Database Optimization

Database optimization for a website is like emptying the trash and clearing cache on your computer. There are unnecessary autosaved versions of your typing or images you have deleted. There may be data from plugins you no longer use. If your site is used heavily you may want to clean things up often. If you hardly ever make changes, once a year may be fine. You can use a plugin to make optimization a breeze. Still, you must be careful to follow directions. And, of course, always make a full backup of your site first.

Image Optimization

Image optimization means serving images on a website that are good quality but as small in kilobytes as possible. Images are responsible for bloating your site and slowing it down. But, using visuals does make a difference to the visitor’s experience. The trick is in finding a good balance between quality and speed. Optimize as much as you can.

Here are the formats acceptable to WordPress and what kind of images they serve:

  • JPG — Photos
  • PNG — Logos and any art that needs a transparent background
  • GIF — Any art with flat shapes of black and white or simple color
  • SVG — For flat or vector graphics; can sometimes save a lot of kilobytes while looking great
  • SVG NOTE: For WordPress, you will need a free plugin like Safe SVG to “sanitize” the image as it is uploaded from possible malicious code. Without a plugin, WordPress will not accept an SVG image.

A basic process for manual image optimization using free tools:

  • Download a pixel measuring app like PixelStick. Use this to measure the space on a desktop screen that your image needs to fill.
  • Use an app like Photoshop or a free online resizing and cropping tool like Canva to crop your image to the right proportion and size.
  • Use an app like Photoshop or online tool like TinyPNG to compress (reduce kilobytes). TinyPNG makes this part of the process very simple.


Keep track of your website’s uptime record to see how well your host is doing or if there are any backend issues with your website. A free service you can use is UptimeRobot. You can also set alerts when your site is down. If your site is down, this could be a sign of malware, an expired domain name or a hosting issue.

Broken Links

Broken links happen when web pages move or get deleted. Broken links are bad for SEO — they indicate that your site is not up-to-date. It also makes for a bad user experience. Google dislikes both. This can happen on your own site and you may know to change the URL in that link. But an external website might change their page URL structure and you wouldn’t know. You can run your site through a free broken link checker online such as Online Broken Link Checker. When you find the broken links, you can remove the link or replace it with a similar web page reference. This is especially important if you have a blog where you often link to supporting information.

Google Search Console

Your site should be added to Google Search Console. It is where you can submit sitemaps to Google. Check your site health at Google Search Console and see what terms you have been shown for in search. Here is what to check:

  • Make sure your sitemap has been submitted or submit a new one.
  • Is your website mobile friendly? Are there any new errors to prevent google from viewing your site on mobile?
  • Do any pages have errors preventing Google from indexing a page?
  • Are there any 404 (Page Not Found) errors? This may happen if you move pages around on your site and forget to redirect the old URL to the new one.
  • Check for which search terms your site has been shown.

Google Analytics

Add Google Analytics to your website for free to get a ton of data to help you understand visitors. The data is not private data. But seeing trends of how the general public uses your site can be extremely useful in making improvements to generate more of the desired action (click, download, call, watch, pay, engage).

What to Do Next

Whew! You now know that WordPress website maintenance is critical to your website investment and you know what is involved.

If you’ve made it this far, you are probably committed to taking care of your website to keep it safe and at optimum performance. You may rely on your website to attract client leads or drive your mission. If you love taking care of your site, read through the linked articles for more in-depth information.

If you don’t enjoy doing this stuff, leave it to those that like to geek out over it. We love caring for websites at mhcDesign. We’ll perform maintenance, keep track of web health essentials and let you know what’s going on behind the scenes each month. If something goes wrong with your site, you don’t have to hunt down someone to fix it. In fact, we will probably know about and fix any issues before you even need to ask. And, as a bonus, you get access to our design and development skills as well as informal consultation on website improvements, branding and marketing ideas. What a win!

Join a Care Plan. Contact us here.