As easy and accessible as WordPress is, unfortunately, it is also relatively demanding in maintenance. Why? Mostly because the software is constantly being revised and improved, but also because as the number of installations grow, so do the number of malicious hackers who want to either put their stuff on your site, or bring the site down altogether.
There are a few issues that need to be addressed to keep your site in good shape. We highly recommend that you either manage these yourself or pay us to manage them for you. The third alternative is to just install WordPress, then forget about security and backup. We DO NOT recommend this! We have seen many WordPress sites hacked, and we have heard even more horror stories.
Here are our recommendations, which also serves as a description of our maintenance program:
Backup
We recommend putting your wordpress site on a scheduled backup program. Have a backup program that works for your wordpress usage. Remember, wordpress uses both a database and files — you must backup BOTH. Unless you have special needs, typically it is good enough to have:
- Daily Site backup
- Monthly Site archive
- Save Backups for a year
Importantly, store your backups on another server. We use Amazon S3 Cloud Storage. If your host crashes, guess what? Both your site and backups are gone,,, but not if your backups are stored somewhere else.
Typically your website host provides backups for disaster recovery, and the original site developer keeps the original files for the site. Both of these sometimes come in handy, but I would not recommend relying on them.
Updates
There are typically three things that require regular updates on wordpress:
- Core WordPress files
- Plugins
- Themes, Frameworks and Child Themes
More often than not, these things need to be updated for security reasons. Sometime a major update comes along that is urgent to protect your site from a security breach. We recommend checking and installing updates monthly, at the least . Almost every site has at least one thing to update monthly. Please backup everything before updating because updates can sometimes break the site. We do updates for our customers weekly.
Performance Monitoring and Maintenance
It is a good idea to have an uptime monitor for your site that will tell you if it goes down for a period of time. Sometimes the problem is the host, but often it is a problem with the wordpress software. If we see sites going down often enough, we usually try to uninstall plugins that may be causing conflicts. Additionally, you should be doing other things to keep your site running smoothly:
- Delete comment spam (weekly)
- Delete automatic post revisions (weekly)
- Optimize database (weekly)
- Periodically check site performance (monthly)
- Security Monitoring
We recommend a monthly security scan of websites and also keep an eye on your site for anomalies. If your site runs into problems, it is much better to catch it quickly and then use a recent backup instead of having to go back to your original site files and losing months of updates.
It is also wise to keep up with developments in the wordpress community. That way you can find out about vulnerabilities and address them before anything happens.
Additional Best Practices
- FTP the site files only with SFTP (Secure FTP) – Regular FTP sends password information in clear text, which can be intercepted by hackers. SFTP solves this problem.
- Create high-level passwords for all users: 8 characters or more using letters and numbers. Simple passwords are easily hacked.
- Don’t install plugins unless you feel they are necessary. Plugins are the greatest source of problems for WordPress sites. We block plugin installation in our maintenance program, but we will install plugins for you.
Our Maintenance Program
Currently, we charge $25/month ($250/yr) for our maintenance program. If you are a hosting client, the program is $15/month ($150/year). Please call if you are interested in signing up.