WordPress Website Maintenance Guide

Updated:By:Tom Homer

Managing and maintaining your WordPress website is an ongoing process that keeps your investment healthy and functioning as designed. It’s something that needs to be done. If not, you are risking your investment. These risks only increase the longer you leave the website.

In this way your website is like a car. You want your car to keep running properly and not suddenly break down. So, you do ongoing maintenance like oil changes, brakes, and inspections of critical components. Likewise, website maintenance needs to be continually performed or it will start having problems and may eventually fail completely. Among many other things, this is done by ensuring software is updated, backups are performed, and monitoring for potential security threats.

As you keep reading below you will discover there is a lot of work and time involved.  The purpose of this guide is to educated you on the tasks allowing you to decide whether you want to do it yourself, or have us handle it (or another business that specializes in website management and maintenance) by subscribing to one of our Management Service plans (i.e. maintenance care plans). 

Let’s now take a look at the recommended website maintenance tasks (organized by frequency) for a typical business website:

Ongoing Tasks

These ongoing tasks are continuous being performed. Most are setup with automation that will send out an alert if a problem is detected. These website maintenance tasks may be scheduled to happen X number of times per hour or are triggered by an event like a page being visited.

Security Monitoring

You never know if a visitor to your website has malicious intent or not. While we ensure the software, we use to build your website uses best practices and have appropriate security features in place, no piece of software is bug free and doesn’t require security fixes from time to time.

Hackers and spammers have bots constantly surfing the internet looking for security holes in websites. When one is found they will use it for their own benefit which will cause your business harm. This often includes things like:

  • Infecting your website with a virus so it can potentially spread to your visitors.
  • Placing links or ads on your website to promote their own interests.
  • Causing destruction by defacing your website and locking you out.

The longer your website is online the more it will be found by bots. Attacks on a website may be gradual and take months or can happen all at once with many thousands of hits happening throughout the day.

Please note, no security measures are 100% effective but the ones we employ greatly reduce the chance of security breaches. Website security also depends on the administrative users of the website having strong passwords and having security measures are in place on the devices they use to access the website. If their devices are compromised with a virus by a hacker, then their keystrokes could be logged or the device itself could attempt to compromise other systems it connects too.

Website security has a number of layers and there are many software solutions and services to help. Here are the layers of security in order of protection based on what a visitor would go through first:

Cloud Delivery & Security

This is a protective layer that if the visitor fails to pass or bad behavior is detected would block access completely from your host and website. It is a content delivery network and firewall security tool all in one. One popular provider of a service like this is called Cloudflare. At a basic level, it works by keeping a copy of your website pages on their own servers, which are then when requested, served directly to the visitor if they are deemed legitimate.

This is the only layer that we may or may not recommend for your website as it depends on the amount of traffic you have and other risk factors. It also has a lot of other benefits besides security (which we will not go into here).

Quality Hosting

Choosing a quality web hosting provider and hosting plan is a very important step. Cheaper solutions usually mean less security built into the server, the network, and the software they use to serve your website. It also probably means a shared hosting environment which can result in security compromises that affect all business hosting a website on the server.

The 3rd party hosting provider we use locks down their servers by including security features that run independently of the website software making it faster and much more secure.

WordPress Security Plugin

Every WordPress website should have a security plugin installed. This is the last line of defense, and you want to make sure you have a quality product installed as not all security plugins are equal in features and detection measures. Our security plugin of choice not only protects the websites from bots with a built-in firewall but also includes other features like file scanning and enhanced login protection.

Uptime Monitoring

Making sure your website is up and viewable online is important and creates trust with your visitors. You can’t depend on your customers, staff, or yourself to constantly check to make sure the website is accessible. That is why services from companies like UptimeRobot exist which can automate this process for you. You can schedule to have a page checked as often as every 1 minute if needed and be notified by text or email if the web page is down.

When you get a notification, you can then investigate why the page is not accessible. There are many reasons a website could be down including:

  • A website or server software issue including bugs from updates, corrupt files, or incompatible settings.
  • A hardware failure with the server or hosting networking equipment.
  • A networking error somewhere on the internet which is preventing traffic from reaching the website (which is operating fine but just not accessible).

Once you determine the problem, you can then figure out who needs to fix it and how.

Did you know the average uptime of a website is 99.41%. This means on average; a website is down about 52 hours per year (not including scheduled maintenance). Increasing the uptime to 99.9% means the annual downtime decreasing to 8.75 hours. Going a step further, 99.99% uptime is about 53 minutes annually.

SSL Certificate Monitoring

Making sure visitors can access your website using a secure protocol (https://) is an important part of security. This ensures information from contact forms, login pages, and payment information is sent and received encrypted and stays private. Most web hosts now days use certificates from Let’s Encrypt which is a free service. These certificates are renewed automatically every 3 months by the web hosting company. In some cases though, this renewal process may have a problem and no renewal may take place. When this happens, you are usually NOT notified. If a renewal does not happen and the certificate for your domain expires, then when someone visits your website, they will receive a Not Secure warning message in their browser. This message will scare away visitors and does not promote confidence in your business.

For this reason, monitoring your SSL Certificate expiry date is a good way to get a step ahead of any renewal problem issues before the certificate actually expires.

Search Console Monitoring

Google Search Console is a critical part of managing your website. It lets you know how Google views your website and gives you insight on how it ranks in the search engine. If Google bot has problems accessing your website or has a problem with how a page is displaying, they will send out email notifications summarizing the issue. These notifications need to be taken seriously. If these problems are not fixed in a timely matter, it could result in Google decreasing how these pages and/or how the entire website ranks in the search engine.

Daily Tasks

These tasks are usually performed once a day and tend to be automated.


This mission critical task is usually done daily or weekly depending on how often the database and files of the website are updated.

If your website ever goes down due to a software update gone wrong or a hacker defacing your website, it is a recent backup that will get your website back online quickly.

Backup software is complex, so you always want to test the restore process every once in a while. This is to make sure that you are backing up everything you need and the restore process works as expected.

As an extra precaution eSilverStrike Consulting runs 2 separate backups for all care plan clients who use our 3rd party hosting provider. One is done at the server level which is super quick and stores it in the cloud for safe keeping. We then have a secondary backup done by a WordPress plugin during off hours which we then upload off site on a popular cloud service like Google Drive or Microsoft OneDrive.

When storing backups, we also make sure that we are able to go back and restore one if needed from 3 months ago. This protects the website in case a security threat happened which wasn’t detected right away.

Weekly Tasks

These tasks may or may not be automated but should be performed at least once a week.

Malware Scans

Scanning the content of your database and your website files for virus signatures should be an ongoing process and a full website scan should happen at least weekly. These types of scans also should detect any new files that were not there during the last scan which seem out of place.

If the scanner does detect something nefarious, you then know either someone has been able to gain access to your website through a security hole in a piece of software your website uses or has gain access through a compromised user account. The other possibility is you have updated or adding new software (like a plugin) that may have been already infected.

The easiest way to fix a website that has been infected by malware/virus is to restore the most recent backup that contains a clean version of the website. Unfortunately, while this may remove the malware, it does not fix the security of the site so the hacker may infect your website again. Ideally you will need to do a security audit of your website (or hire someone to do it) who can then determine how the malware was installed and to then plug the security hole, so it doesn’t happen again.

You can find malware scanners as part of a full WordPress security plugin (that contains other security tools like a firewall) or as a separate plugin. Cloud malware scanners for websites are also available if needed in a pinch like Sucuri. Cloud scanners are usually not the best choice (unless they include a WordPress plugin as well) since they only have access to the online public view of your website and therefore can only scan web pages and not the actual files and whole database of your website.

Plugin Updates

Plugins extend the functionality, features, and design of a base WordPress website. They make things like adding a contact form or online store to your website possible. There are tens of thousands of WordPress plugins that are designed and developed by many different developers from all over the world. Many of these plugins are constantly receiving updates which add new features, fix security issues, and increase compatibility with newer versions of WordPress and other plugins. For this reason, it is important to keep the websites plugins updated. A typical website may have about 20 plugins and every week there is most likely at least a couple which will have updates that need to be dealt with.

While updating plugins seem easy, there are risks involved, especially if it is a major version release. The first thing you should do before updating any software on your website (this includes WordPress itself, plugins, and themes) is to perform a backup. If anything goes wrong during the update or after you will have a very recent backup to restore the site quickly if needed. Trust me, problems and errors happen during updates, and from the result of updates, many more times than we like.

Another thing you should do before updating is checking the change log of the plugin to determine what features and fixes have been added that may cause conflicts with other plugins. If the risk of conflict seems high, you may want to wait a week to update (unless there is an important security fix) to ensure the developer doesn’t have another release soon to fix bugs that other website owners have reported. The other option available is to spin up a staging site and test the plugins updates on it first, before doing it on the live production website.

Once you do update any plugins, you always need to visually inspect the website and test its functionality (of just the features related to the plugins being updated) to ensure nothing is out of place or not working. If you find something that is, you then need to report it to the plugin developer so he can work on a fix. In the meantime, you will need to either rollback the plugin update or restore the most recent backup to get your website working properly again.

Monthly Tasks

Most monthly tasks make sure your website is operating at peak efficiency. Many once set up can run automatically and notify you only when and if you need to step in and investigate things further.

Database Optimization

A smaller database is a faster database as it means less records for the web server to query when searching for data. It is always a good idea to clean your database monthly and remove any old draft posts, empty the trash of comments and pages, and trim unneeded revisions. This can be done manually but is much quicker to have a plugin schedule the task and do it for you automatically. This type of functionality can usually be found in caching plugins and other performance improvement plugins.

Broken Links Monitoring

Broken or dead links are URLs on your website that point to a web page on your site or another that does not exist. In most cases when a user tries to visit this page the website will return a 404 error code. As your site content changes over time and pages come and go it is easy to miss updating links that point to pages and posts you may have deleted. Likewise, if your content has links to other websites, those URLs can change over time or the website itself could close and just disappear without warning.

Having broken links on your site leads to a poorer user experience and unhappy visitors. Search engines also take note of broken links and may rank a page lower because of them.

Therefore using a tool like Dead Link Checker, Screaming Frog, or W3C Link Checker to scan your website every month is an easy way to automate the process. With some of these paid tools you can even create a schedule and be notified only when a dead link is found.

Traffic Monitoring

There are other options, but most people use Google Analytics to record traffic on their website. It is free and has many reports and features allowing you to really do a deep dive on where you traffic is coming from and what they do when they get to your website. From a management point of view with website traffic we really want to keep track of the basic trends of the website and if overall it is either trending lower, the same, or higher. We should then compare the websites trends with not only reported search engine algorithm updates, but also with the changes happening to the website itself so we can understand why the trends are happening. At a minimum this should be done monthly, but if you are investing in SEO and other marketing to increase your traffic, this should be done weekly or even daily.

If things are trending downwards for a while or there is a sharp drop in traffic, we want to be on top of this right away and launch a more through investigation as it is an indication something might not be right. For example, it could indicate that Google for some reason now are ranking the website pages lower and therefore sending less organic traffic. This might be because of a search algorithm change or something on the website itself has changed. Either way we want to find out what, why, and fix it.

Likewise, if you have a sharp rise in traffic, you also want to investigate why. This is a good thing obviously and is more from a marketing perspective, but finding out early why it is happening may allow you to take advantage of the situation and bring in even more traffic. For example, if a certain informative post has gone viral, then it would make sense to capitalize on its popularity and write related posts on the topic to keep the trend going.

To track these trends ideally you will want to setup Google Analytics custom alert emails that can notify you when traffic changes over a certain threshold. The Google Site Kit plugin also allows you to display quick snapshots of your traffic right from within your website. This makes it quick and easy to see the trends.

Page Speed Monitoring

Ideally you want your pages loading into a browser in under 3 seconds on both desktop and mobile devices. Any longer than that and you may start to loose visitors who do not want to wait around. Search engines like Google also may take notice and lower your rankings.

Tools that can help you audit your pages and find out the speed that your page loads (among many other things) include Google’s own PageSpeed Insights and GTmetrix.

There are many reasons why a website page can have a slow loading speed. They can include one or more of the following:

  • The resources the webserver has available and the amount of concurrent traffic the website has.
  • Settings of the software used by the webserver.
  • WordPress, themes, and plugins settings.
  • Plugins and themes which the developers have not taken speed into consideration.
  • The way the page itself was designed.
  • The complexity of the widgets used on the page.
  • and many more…

Sometimes a page may be designed with a certain look or style in mind. Things that grab a user’s attention like having a video playing in the background may look good from a design point, but it does have the negative effect of increasing the page size significantly, which in turn requires the page loading to take longer. These types of things must be considered when thinking about improving the page speed. Is it worth having the background video, and does it really grab the user’s attention when compared to just using a static image for the background?

A lot of the time fixing a page loading speed is not simple and not just one thing. It also may require fundament changes of the website. If you are concerned about the overall speed of your website, we recommend contacting us or your own website developer and ask for their recommendations.

Yearly Tasks

These are tasks can be done on the same date every year. They are more about reflecting on your websites performance and organizing your website and upcoming tasks for that year.

Review Website Setup

Every year you should review how your website is setup (hardware and software) and if any improvements can or should be made. A website is not a static entity. The internet is constantly evolving and maybe the features and how the website functioned 2 or more years ago was perfectly fine, but now days if improved, will bring in more traffic and increase sales. If this is a possibility, it may be worth talking with a website developer to investigate further to see if your website is worth further investment.

You also should log into all accounts associated with your website. This is to ensure they are still active, and all is in good standing. This includes everything from your domain registrar, plugin developers, and third party services like Google Analytics and email services. You want to double check things like plugin licenses subscription dates and domain expiry dates are all correct and reminders are still setup in your calendar.

Review Content

At least once a year you should do a quick read through of all the content on your website (or at least the main pages and posts). This is to ensure everything is still correct and accurate. You don’t want a potential client visiting your website finding one thing, and then you are telling them something else in person. This doesn’t look professional and can lead to awkward situations.

Test Restoring Backups

If you haven’t needed to restore a backup in the last year, great! This most likely means the tasks in this guide have been performed. The thing is you should still test that the backups you have been doing will restore properly. You don’t want to find out when you actually need to restore a backup that it doesn’t work due to incorrect settings or doesn’t contain all the files and data needed thereby keeping your website offline much longer than necessary. Plus, just like any other piece of software, backup software receives updates which has a small possibility to create problems.

When testing a restore you don’t want to test it on your actual website (just in case something goes wrong). Instead, it is much better to create a staging version of your current website and then perform a restore using an older backup. This way you can test it and then do a visual inspection of the website to make sure everything looks and works as expected.

Since we run 2 separate backups for our clients, with one being a WordPress plugin solution and the other being a built-in web server solution, we test both options to ensure a smooth restore whenever one is actually needed.

As Required Tasks

These tasks do not happen as frequently or on any real schedule. They should only be done when necessary.

Theme Updates

Like plugins, themes have updates as well and for the same reasons. Most websites only have 1 or 2 themes installed so there are not as many updates when compared to a typical WordPress website that has on average 20 plugins installed.

Still, in the past few years a lot of themes have become much more complex thanks to all the customization features developers have been adding. This unfortunately has also increased the chances of issues, and therefore fixes, which in turn has increased the number of updates a theme may receive.

Updating themes carry similar risks as plugin updates, therefore you should follow the same procedure as plugin updates when updating your theme.

WordPress Updates

Just like plugins and themes, WordPress itself receives updates which can add new features, fix bugs, and tighten security.

Updating WordPress carries similar risks as plugin and theme updates, therefore you should follow the same procedure as plugin updates when updating WordPress.

In most cases minor version updates of WordPress (for example 3.5.X) just contain small bug fixes and security patches and shouldn’t affect compatibility with plugins and themes. These rarely cause problems and usually are safe to install.

It’s the major version updates that need to concern you more. Fortunately, these only happen every 4 or 5 months. These major releases add new user features and developer APIs which could possibly break backwards compatibility and could cause a plugin to break and even take down the website. For this reason, you need to do your research to find out if the plugins you have installed support this major version of WordPress before updating. This can be further complicated by the fact if the WordPress update also includes security fixes. You always want to install these as soon as possible.

Remember, just like with plugin and themes updates, ALWAYS do a backup before updating WordPress. If it is possible, test the update on a staging server with a copy of the website first.

License fees

While some plugin and themes are free to use, not all of them are. Some software used on your website may require a paid license to function, receive updates, and get support for when needed. A lot of this type of software is subscription based and renewed annually. You will want to keep track of any licenses you need to purchase to make sure when the time comes the payment goes through. If it doesn’t, then the software will stop receiving updates and may even stop working.

One huge advantage of subscribing to one of our Management Service Plans is that we most likely already have the licenses you need for the software your website uses. Since we deal with multiple clients we can get developer licenses at discounted prices for many plugins and themes. This way we build the price of the license fees into the monthly cost of our Management Service Plan and pass the savings on to you. In some cases you can save over 50% of an annual plugin license fee.

At the same time, you should also keep track of any 3rd party services your website uses. These are services that your website needs to function but are operated within the services own environment. Examples of this includes services like CDN and Newsletter Emailers. These fees usually are paid monthly but may also be offered annually for an additional savings.

Domain Renewal

The domain name is one of the most important pieces of your business identity and brand online. A website and email cannot operate without one. You do not want to lose ownership of your domain especially if you have put years of marketing behind it. 

Most companies purchase their domain name for several years. This makes it easy to forget when your domain name comes up for renewal. When it gets close to the time, the domain registrar will send out reminder emails. Unfortunately, these can get misplaced or get sent to the spam folder by accident. For this reason, we recommend setting up a reminder in your calendar several months before it expires. Having this reminder in place acts as a backup in case the domain registrar emails do not get through. As part of our Management Service Plans we also send reminders to you.

This is very important as once your domain expires; it is available for anyone to purchase. Unscrupulous people will purchase domains right after they expire either to use the domain for their own purposes or with plans to sell it back to the original owner for a huge fee.

It is also very important that you retain ownership and control of your own domain. This is why we do not perform domain renewals for clients. We only send reminders and if required help the client through the renewal process if needed. The domain of your business should be with your own domain registrar account, in the owner’s name, and purchased with their credit card. This way no one can hold your domain for ransom. Unfortunately, we have heard about unscrupulous web designers and developers doing this.

Content Updates

Overtime you will want to make updates to your website copy and media. Whether it is a new employee you must add to the Team page, or a sale of a new product you want to promote, you are going to need to know how to at least make small updates to your website. Keeping your website current shows that you are serious about your business and overall shows professionalism.

Search engines also love new or updated content. Google much rather show a page with content that has been updated/added recently over one from another website that hasn’t been updated in a while. Updating content increases the chances of improving your rankings. Adding new content (like news or blog posts) also means more pages in the search results for different keywords. This means more traffic, and more potential sales.

For these reasons that is why we include the option within our Management Service Plans for 1 or more 30 minute task blocks. When included in your plan, we set time aside every month for these task blocks to work on content changes, additions, and other minor website changes you may have.

Security Notifications Review

It is important to subscribe to security bulletins for WordPress and its plugins and themes. Sometimes a security hole is found in the software your website uses which news about gets leaked online that has not yet been patched with an update. You want to find out about these issues before hand so you can take pre-emptive action to prevent your site from potentially getting hacked.

In Conclusion

Hopefully this Do-It-Your-Self Website Maintenance Guide will be helpful to you. As you can see there are a lot of important tasks required to keep a website healthy and running smoothly. While a website may limp along for a few months without any maintenance, the longer you leave it the greater the chance a problem will happen that will make the website not operate properly or even take it down completely.

One thing you should remember is that website technology (both hardware and software) is constantly changing and improving. On top of all these tasks it is also important to educate yourself with not only the direction the industry is going but also on all the parts that make up your website including hosting, WordPress, plugins, etc. You never know what is coming down the pipe which might help push your online presence to the next level, or cause problems (like a plugin developer going out of business).

If you find you don’t have time to learn about and perform these tasks, there is a solution that we have mentioned through out this article. You could subscribe to one of our Management Service Plans. We have been managing and maintaining websites for a long time and have fine tuned our process. This has allowed us to pack a lot of value into each care plan making the price a real deal.

Your time is better spent improving your business and not managing your website, so let us do it for you!

About the Author

Tom Homer

Building custom dynamic websites is my specialty. With over 25 years experience in software design and development I have been helping small businesses invest in their future.

Headshot of Tom Homer.