The real secret to maintaining your WordPress website is to set up a schedule for these tasks. As usual, a plan is only as good as the execution so make sure you actually do what you’ve scheduled.
Here are the most important part of maintaining your WordPress website. I wrote an article website maintenance. you can check that out. but in the post, I am going to disclose deeply the three major things to do to keep your WordPress website clean and safe.
Let Get Started
The Three major things are:
Do the difficult things while they are easy and do the great things while they are small. As your business headquarters on the internet, your WordPress website is about as important as it gets. You need a backup and restore strategy in place; if you take your business seriously you will make this task non-negotiable.
Of course, you know that your website, like the data on your PC, must be regularly backed up. (If you aren’t doing this now for your PC then go and learn to do it right away!)
If your site is hacked, if your hosting company makes changes that somehow stop your site from working, if a plugin update goes wrong (as they can and do), or even if you inadvertently make changes to your site that mess it up… these are the times when your backup reveals its true worth.
You can return your website to its original condition with a simple restore operation and get on with your business. It’s that simple.
Do you think having a backup of your business data is important? These days I think it’s safe to say that almost everyone and certainly a savvy business owner is aware of the importance of having all of their important files and data backed up regularly.
But guess how many actually do it? Industry estimates put the figure at around 47% for daily data backups – less than half! That figure is scandalous enough in itself, but the Wall Street Journal reported in 2015 that 70% of businesses do not believe disaster recovery plans are a business and regulatory requirement (they are in many areas).
You can bet those same companies would be in serious trouble both legally and financially if data was lost because of those missing backups.
Couple that information with the fact that data loss is very real and pretty common and you can understand how this paradox means that data recovery is a booming industry. According to EMC, 140,000 hard drives fail every week in the U.S.A alone and a 2014 survey revealed that 62% of IT professionals have experienced data loss at some point in their careers.
Even if you do have a data backup solution in place, do you test those backups? Most small businesses never do. Are you 100% confident you can restore the data? For that matter, how do you know your backup is complete? Or that your backup hardware is not about to keel over?
What about websites? You’d agree that it’s important for your business to be found online and if your website were to suddenly no longer exist you would be eager to have it back as soon as possible. Well, more shocking statistics here. A quick Google search reveals scary statistics like:
And if you run any kind of e-commerce business your website going down is the equivalent to a brick-and-mortar shop suddenly boarding up its doors for a few days with no warning to its customers.
Fortunately, the trend is toward more regular backups but, depending on your source, 52% to 72% of small businesses do NOT backup their website.
Some of the areas that can severely hinder a small business during unplanned downtime of their website include
Also Read: How to Maintain WordPress Website
Need I tell you that Hacking is on the increase with statistics like these:
Sophistication in hacking is increasing all the time.
you will see the part of this guide about updating WordPress software, sometimes things do go wrong. These are the times you will be delighted that your website can be fully restored with perhaps just a few clicks of the mouse.
It’s very easy to accidentally delete an important file, misconfigure a setting or run a wrong command at the wrong time in the wrong place. Having our WordPress website backed up will help restore the previous update.
There are several ways you can approach your WordPress website backups.
Your WordPress site is comprised of the files containing the code to display your site, media files, and other “assets” and, of course, the database that holds the site content. You can log into your hosting account control panel, most often cPanel, make backups of these files, and then log into phpMyAdmin to make a backup of your database whenever you need it.
Most managed WordPress hosts provide these and it should be a prerequisite of any premium host you consider. However, there are several good reasons not to rely on these backups as your only port of call in times of need, as seen above.
Hosting company backups aren’t specifically designed for WordPress. This means they may not actually help when you need them. You may not be able to restore a single site from your hosting company backups without restoring all the sites in your entire account.
This is extremely common among shared hosts and you generally need to pay extra to enable separate site backups that can be restored separately. Do you know your hosting companies policy about this?
You also won’t know if the hosting company’s backups fail, so you’ll never know if they’ll actually be there if and when you need them. So relying on only your hosting company for your backups means you’ll be at their mercy if you ever need to restore.
I know from my own experience that they probably won’t be as responsive as you think they should be – your emergency is just another minor task to them.
The bottom line is that you should take responsibility for and maintain your own WordPress backups through a service designed to work specifically with WordPress.
Some people regularly copy up their WordPress files and database to a cloud storage service like Amazon S3 or Google Drive. This is fine as an extra precautionary backup but remember that cloud storage is NOT cloud backup.
Cloud storage is designed to allow you to access and sync data across multiple devices, not as a reliable backup and restore solution. The main problem I have with this approach is that if any file is deleted or corrupted on one device, this corruption is duplicated to the cloud storage itself and then across all devices. In this case, a reliable backup is non-existent.
Install a plugin to do it for you. Several very good plugins exist nowadays but always be aware that plugins need to be updated, you need to know that the authors are following WordPress best practices, etc.
The best advice I can give is to use a plugin with high usage and high reviews from the WordPress plugin repository.
Of course, there are drawbacks to using a plugin for such a crucial task.
There is a high failure rate among backups run by plugins. Not many people realize this as not many people regularly check the reliability of their backups. It’s a set-and-forget-it case for most people but in the case of backups, this isn’t advised.
The second problem with backup plugins is that the backed–up data needs to be stored somewhere. If it’s stored inside your website’s wp-content folder (where uploads, images, etc. are stored) then the backups are exposed to the same problems your website is: if your site goes down your backups can be compromised.
One way around this is for the plugin to store the backup using a remote service like Dropbox or Google Drive but this takes more time and effort and exposes the data to further possible corruption while being transferred. You are also limited in terms of how many backups you can store unless you pay for additional storage.
So now you know that creating a regular backup is about the best thing you can do for your WordPress website. If you want to do it yourself, here are my recommendations – automate it and use a quality premium (paid) plugin that’s designed just for WordPress backups. See Recommended backup plugins
Also Read: Linux Commands
A lot of business people don’t realize how easily an out-of-date website can be hacked. They also forget that their website is their most important online asset since it’s the only asset you really own and the only one over which you have full control.
Facebook regularly can and does change the way they present or hide your posts.
Google’s search algorithm is under constant change and these changes can suddenly negatively influence how your site will be ranked.
Instagram engagement has dropped significantly in the past year and is perhaps past its peak.
In fact, what happens to the content you post to any social media site is entirely at the whims of that company. Your website, on the other hand, is yours and yours alone!
The flip side of this is that your website is also completely your responsibility; like all your business assets it needs to be regularly looked after. You probably have invested (or are investing) a lot of time, energy, and perhaps money into building a website that you can be proud to show to your clients.
The big mistake most small business owners make is in thinking their work is done once the website goes “live.”
Most software is continuously being updated. You’re no doubt familiar with updates for your operating system. They come regularly for Windows, Mac, Linux, Android, iPhones.
Windows users have regularly pushed updates for Office and other Microsoft software. Likewise, owners of Linux, Apple, and Android devices can also expect regular updates and each provider forces the installation to a greater or lesser degree.
However annoying for many end users, these updates are essential.
A recent trend from software providers is to base the software in the cloud. This trend is partly due to increased internet speeds and hugely reduced storage costs. Think along the lines of Google Docs, Google Sheets, etc., Microsoft’s Office 365, and Apple’s iWork for iCloud.
You know the ones I mean – you log in one day and familiar buttons and menu items you were happily using yesterday have been moved, removed or obscured because the latest version of the software has been quietly installed overnight.
This way the providers can keep the software updated discreetly as well as make incremental “improvements” on the fly,
Today, it’s an absolute must to keep all of your software up to date – and not just the Operating System.
The WordPress team, too, regularly releases new versions and updates to their software. In fact, the WordPress team is extremely diligent in updating the code and adding improvements; they produce about 3 major releases each year and many smaller maintenance releases in the interim which include bug fixes and minor improvements.
WordPress has a huge community of developers around the globe that contribute code to the software. It is also an Open Source project, meaning that anyone can look at the code to understand how things work or not, as the case may be.
This includes the hackers looking for new ways of attacking WordPress websites but it also includes the good people in the community who just want to find problems so they can be fixed. The large pool of developers means that these problems can be fixed quickly and efficiently.
The updated or patched code is sent back into the pool and eventually released as part of a newly updated version of WordPress. Due to its popularity and this open-source nature of WordPress, it is a prime target for malicious hackers so it’s clearly in your best interest to keep it updated.
First things first: before you proceed with ANY update, however seemingly trivial, make sure you’ve already read and understood the importance of backing up your website and that you have actually done it.
Handling WordPress updates yourself need not be very daunting. With most security releases being installed by default you need only take care when updating a major version release. These come but three or four times a year. Just click the update now link at the top of your WordPress dashboard.
WordPress developers elected to enable automatic updates for minor versions to increase security. This generally causes no side effects.
To change the update settings, you will need to edit the wp_config.php file since this setting is not exposed via the WordPress dashboard user interface (UI).
Themes and Plugin updates and major version updates are disabled by default for the good reasons already mentioned but these settings can also be overridden by editing wp-config.php as indicated in the link above.
There are a few obvious problems with this auto-update approach. If your website contains just standard code with no changes and only well-written and professionally maintained plugins and themes then you should be fine.
However, if you or your developer has made code changes to your site or to plugins you use then you run the risk of your changes being overwritten with the automatic update and your website suddenly going down or acting unpredictably as soon as the update is installed.
I will advise If you had a developer build the site for you and if that was a good experience then it may make sense to hire the same developer to review, clean, and update your site regularly, assuming that’s a service they offer.
If that option isn’t available or if you built the site yourself without much technical knowledge then you may be feeling a little out of depth when it comes to these tasks.
The good news is that nowadays, even for the single website owner, there are affordable options like us here at Realjossy.
Maintaining websites is what we do and it gets us up excited at the crack of dawn every morning. Well, most mornings it does.
Don’t become too hung up on making your website completely secure; that’s not possible. Set yourself a goal of what you want to learn and be careful to learn from reliable sources.
Every operating system is regularly updated, or should be. Who isn’t familiar with these updates, whether iOS, Android or Windows?
They’re the cause of many a user’s annoyance but of course they exist to keep your device safe.
These updates also help the creators of the operating system to get people to move to a newer version of their software; when they stop providing updates to an old unsupported operating system that old system becomes vulnerable.
This gently forces people to upgrade to a newer version where they can get updates and be sure of it being at least a bit more secure.
As we see every day, technology, operating systems and the software that runs on those operating systems is getting more and more complex and sophisticated. So too are the hackers.
These bad guys are smart, very tech-savvy and they often know an awful lot more about the vulnerabilities in software than even the makers of that software.
The very same is true of any software you have running on your WordPress website. The difference is that your website is exposed to the public via the internet so it is even more important to be aware of some security basics when it comes to WordPress.
Your website is a set of several thousand files and perhaps thousands of lines in a database; it’s a very complex entity with a lot of potential cracks for smart hackers to get into.
If you think you’re safer because you are a small business and don’t have anything of value to the hackers, let me put you straight: you are possibly even more at risk than a high-profile company since hackers typically use a stepping-stone approach to reach their goals. Gaining access to your small business could bring them one step closer to a much bigger target that you do business with.
WordPress website owners are unable to keep up with the emerging threats to their websites and urgently need to have some knowledge of security vulnerabilities, website hardening, and protection.
If not, as a business owner, it is your duty to your business to delegate these tasks to someone who does understand this area.
As already mentioned, there is a sharp drop off in the knowledge required to have a website, which is breeding the wrong mindset with website owners and service providers alike. This leads to a rude awakening for website owners when established entities, like Google, take a hard stance against malicious websites.
The message from Sucuri and others is that you must view your website not only as a WordPress website that needs to be updated but as part of a hugely complex system that includes many elements such as PHP, MySQL as well as your host’s infrastructure. All of these elements need to be maintained.
While you can’t control most of them, you can certainly perform due diligence by selecting a reputable hosting provider and learning some security fundamentals.
In the face of so many overwhelming dangers online, how on earth do we navigate our security problems in WordPress? How can we simply make it more secure? As you would guess, the ways are many. And they take some work…
First of all, you should familiarise yourself with the official WordPress documentation. It’s called the WordPress Codex and there they have instructions that show you how to make your entire WordPress installation that bit more secure.