“If your WordPress website is not properly maintained, then getting hacked is not a matter of IF, but WHEN.” This is a common saying in the WordPress community.
Unfortunately, if you forgo the basic tune-ups on your WordPress website, it’s just a matter of time before your site is compromised.
The good news is that if you treat your website like you would your car, and stick to regular maintenance along with these best practices below, your site will continue purring day in and day out like a well-cared for Aston Martin V12 Vantage Zagato.
Get a Tune-Up Once a Month
Update Your Plugins & Themes Every Month
There are over 56,000 plugins available in the WordPress directory, and an update is released almost every day. These updates are critical because they typically contain patches for known security vulnerabilities, bug fixes and feature enhancements.
If updates are skipped for long periods of time, the WordPress site becomes extremely vulnerable to security breaches. In 2017, hackers defaced over 1.5 million WordPress web pages using a vulnerability in an outdated version of WordPress.
It’s worth taking the time to update WordPress plugins once a month. This routine maintenance ensures that you keep up to date with all the critical updates and streamlines the process of keeping your website secure and in top form.
Be Careful Looking Under the Hood
Perform Updates in a Sandbox Environment
Even the most experienced WordPress developer can run into issues while updating a plugin or theme.
Plugin incompatibility is a common issue on WordPress sites, where a plugin created by one developer does not work well when paired with another plugin. To prevent issues from occurring on the live site, test the plugin updates in a staging copy or sandbox development area of the website first.
In this staging environment, you have the opportunity to catch errors and correct issues before going live. This is particularly important when running updates on an e-commerce site, as any issues may result in a loss of sales. In fact, WooCommerce, the most popular e-commerce platform for WordPress sites, suggests that all significant Woo updates be performed in a sandbox area before applying the updates to the live site.
On this note, make sure other website users do not click “Update” in the WordPress dashboard if they notice any plugin updates. This is a common way that plugin updates can get out of hand and cause issues on a site.
Keep It Clean As A Whistle
Optimize Your WordPress Database
WordPress sites can often have performance issues due to their databases. Informational sites built on WordPress typically have a database size between 25-50 MB. For larger and e-commerce sites, the database size may range from 100 MB to 500 MB.
A very large database can jeopardize the performance of a site because the database requires more costly server resources.
However, optimization and database clean-up is possible for most websites. First, check the data logs and then review the plugin settings on the site. Certain plugins and WordPress settings can cause the database to fill up with millions of rows of miscellaneous data. Security, audit plugins or backup plugins are common types of plugins that can fill up a database if they are not set up correctly. Adjust the settings on any of these plugins and then remove any miscellaneous data from the database.
Remember to complete any database cleanup in a staging area or sandbox environment first, to get a head’s up on issues that could affect the live site.
Go, Grease Lightning
Speed & Performance Optimization Tips
Routine maintenance will boost your website’s speed and performance. As described previously, cleaning up and optimizing the site’s database a is good first step.
If your website is affected by poor page load times, take a look at your hosting environment. WordPress sites tend to run slower on shared hosting platforms that aren’t configured for WordPress.
Lastly, it’s best to monitor plugin installations and keep the plugins installed to a minimum. Having excess plugins are unnecessary and cause more performance issues.
Use Only Top-of-the Line Parts
Always Vet Your WordPress Plugins
When searching through the abundance of WordPress plugins to fulfill any given function of your site, you may be tempted to choose the first free plugin that fits the bill. However, vetting a plugin before installing it will save you a lot of hassle later.
Check the WordPress plugin page and review the following:
- How many installs does this plugin have?
- If the plugin has been around for a while and it has few installs, that’s a sign something is wrong and there may be issues with the plugin
- Does it have good reviews?
- Take a look at the number of reviews for the plugin and whether it has lots of 5 star ratings or poor reviews.
- Do you need to pay for support?
- When was the last plugin update released? Was it tested with the latest WP core? Does it have support questions open from months ago?
- It is very common for a WordPress plugin to suddenly be abandoned by its developer. When this happens, the developer stops responding to support questions, stops updating the plugin to fix security vulnerabilities, and stops testing the plugin with the latest WP core updates.
A properly maintained plugin should have pretty frequent updates released and have been tested with the latest WP core.
If the plugin has poor reviews or it looks like the developer or development team is no longer maintaining the plugin, do not install it.
Every few months, audit the plugins installed on your website and make sure the plugin is still properly maintained by its developer. Even highly recommended plugins can be abandoned or sold to different owners. Also, keep an eye on the WP Scan Vulnerability Database, which tracks the latest WordPress plugin vulnerabilities.
Preventative Maintenance is Key for WordPress Sites
WordPress’s status as one of the most popular website platforms worldwide results in some unwanted attention from hackers. Thankfully, you can avoid getting hacked by treating your website like your favorite car and sticking to a monthly maintenance schedule. These simple updates and site improvements go a long way to preventing security breaches and resolving performance and speed issues.
Just as you might pause with an appreciation for the clean sound of a well-tuned engine, your favorite sound will be the silent hum of a well-tuned website.