Empowering Website Owners: A Guide to Essential WordPress Maintenance


When we first started working on websites in the 1990s, it was a simpler time. Site maintenance wasn’t really something you needed to worry about, because unless you needed to update content, your website probably didn’t change much. It was more like an electronic brochure than an interactive marketing strategy.

Most sites looked more or less like this:

Space Jam website
Ah, Space Jam…we adored you, and your cousin GeoCities.

Boy, have things changed.

We’ve worked almost exclusively with WordPress for the past decade, and for good reason. It’s the most popular content management system on the web. More than a third of all websites use it, which is pretty crazy when you stop and think about it.

But there’s a dark side to being the most popular content management platform in the room.

Evil hacker dude hacking a vulnerable WordPress website

Hackers routinely target WordPress code because it’s everywhere. If you look under the hood, WordPress is a complex and ever-changing world that requires regular maintenance to stay stable, secure, and functional. This is true of any software, but when you’re talking about over a third of the internet, the scale is – well, big.

So how do you keep your WordPress site happy and healthy? The answer is simple: regular site maintenance.

It’s not a sexy answer. But it’s the truth.

Maintaining your site isn’t (necessarily) all that complicated, but it does require a little bit of a time commitment to do it right. All told, maintenance tasks add up to about 8-10 hours every month. Some are best done daily.

We’ll go into more detail about what you need to do below. Keep reading to get the full picture, or use the table of contents below to quickly go to a specific topic.

Why would A Hacker Attack my site?

Whether you have a blog that only your mom reads or a multi-million dollar revenue-generating site doesn’t especially matter to internet bad guys.* Their primary concern is finding and exploiting vulnerable code, no matter whose site it’s on. Even if it’s a tiny little site for your fledgling mom & pop business.

* Note: When we say “bad guys” we mean bad actors in general, including bots, scripts and bad-ass women.

Because it’s so popular, WordPress sites are especially vulnerable. Worldwide “hack-a-thons” like this happen all the time. That shouldn’t scare you or deter you from using WordPress – we still think it’s the best way to be online, and most of the internet agrees.

Let’s just get this out of the way, too: You probably won’t care much about security or anything else in this post unless you understand the stakes, and they’re high.

We’re talking about your website’s security and continued health, which is tied to your name, your online reputation, and very possibly your income.

The good news is, you can tackle most major security concerns just by keeping your site up to date.

The goal of this post is to show you what’s required to maintain your WordPress site correctly, and why it’s so important, so you don’t have to learn the hard way.

What does WordPress maintenance involve?

When we talk about WordPress website maintenance, we’re referring to an array of tasks involved in monitoring and improving your website’s performance, security, and overall quality.

Most of that work is about keeping your site safe from bad actors and making Google happy. And yes, that requires ongoing involvement. So if you thought your WordPress site would be a “set it and forget it” kind of a thing…not quite.

No website is “set & forget,” if you want it to help attract customers.

WordPress websites can’t be set up, then ignored – unless you want to attract hackers.
Happy digital nomad entrepreneur, relaxing in a sunny meadow, with her laptop.

Your site requires ongoing attention on a weekly (often daily) basis. The list of specific chores to keep a WordPress site well-maintained is on the long side, so let’s break it down into categories for a simpler overview:

1) Site backups

You know how you save multiple copies of vital documents in more than one place, in case you lose one? Treat your website the same way by keeping several (automatic, ongoing) backups in more than one location. This allows you to restore your site if and when you encounter issues – meaning anything from “Why is my logo suddenly broken?” to “OMG, my entire website just vanished!”

2) Updating WordPress core, themes, and plugins

WordPress core software, themes, and plugins are constantly updated to patch holes in security, address bugs, and unleash new and exciting functionality. It’s critical to keep up to date with the latest and greatest versions to take advantage of any upgrades that keep your site secure.

3) Troubleshooting

It’s unavoidable. Mistakes will happen, even if they aren’t yours. Plugins don’t always play nicely together, and the wrong combination or order of updates can break your site. Plan in advance for time spent rolling back updates and troubleshooting what’s breaking, why, and how to fix it.

4) Database optimization and speed testing

Keeping your database optimized means clearing out the clutter, like copied or deleted versions of posts, spam comments, broken links, etc. It also means checking to make sure your pages load quickly enough for modern attention spans.

5) Security monitoring and protection

Continuous monitoring and protection against spam, unauthorized logins, malware, and other nasty stuff you don’t want anywhere near your site.

Doesn’t my host provide site maintenance?

If you’re reading this and thinking, “My site host handles maintenance and updates,” don’t bail out just yet. While most hosting plans do come with some level of maintenance and administration, it’s almost never what you need to protect your website.

Typically, the updates and maintenance included in your hosting fee are for the server/hosting environment, not for your website. That’s a critical distinction, because your host is almost certainly not maintaining your WordPress site – just the back-end infrastructure where your website lives.

The other stuff, like theme and plugin updates, troubleshooting, offsite backups, speed testing, and database optimization is all on you.

Whether you do these tasks yourself or outsource your site maintenance to experts like AFV, you need a solid plan to keep your website functioning well. That’s important to any business, but it’s critical when your business relies on your site to do business. Either way, you’ve invested a lot of time, money, and energy in a website that looks great and works like a charm; it’s well worth the additional effort to keep it that way.

So let’s dive into what goes into site maintenance, and how it all works.

Site backups

The most important maintenance task is backing up your website. Do it early and often.

That’s because, at some point, something will go wrong. You’ll accidentally break something, your site will get hacked, or a plugin will have ramifications you don’t expect. When things go awry, your website can end up anywhere along the spectrum from “slightly funky” to “completely decimated.”

When any of that happens, the quickest fix is to restore your website from a backup copy.

Remember the days before the cloud, when you had to obsessively save documents you were working on in case your computer crashed? Same concept here. As long as you have a historical record of your site before it broke, you can generally revert your site to its previous state and reverse whatever broke it in the first place.

Note: We know the process of restoring your site from a backup is easier said than done if you’re not very tech-savvy, but we’ll leave it at that for now.

There are some good options for creating daily backups. Your site host might even include a backup service. We recommend taking them up on this, but treating it as an extra option.

First because you need off-site backups, stored somewhere other than your host’s servers, just in case of a worst-case scenario where your host servers go down. And also because restoring the backups created by most hosting companies is…well…let’s just say it’s not for normal people.

Web hosting team member at work, digging into all the nerdy things you do not want to touch.
We recommend looking at your web host’s backups as backup backups. If you’ve ever tried to restore one, you’ll know why.

Is it likely you’ll need multiple obsessive backup copies of your site? We hope not. But like a can of bear spray in grizzly country, it’s better to have it and not need it than the other way around.

Plugin, theme, and WordPress updates

Technology is changing all the time. In many ways, that’s a great thing. It means there’s always something new and exciting we can do today that we couldn’t do yesterday.

Bicycle with WordPress wheels
WordPress democratizes the web, enabling even the smallest of entrepreneurs to go amazing places with their businesses.

But as a website owner, it’s also a pain in the ass, because it means that you constantly need to install updates to take advantage of these new, exciting advances. (And actually, most updates just fix bugs in previous releases or plug holes in security.)

Either way, you want to stay up-to-date. Your WordPress site has three major components that require updates:

  • Core software, or the underlying WordPress code itself;
  • The theme, or the set of files that inform your site’s design; and
  • Plugins, which add functionality and flair.

Almost anyone can make themes and plugins, which is why they’re so customizable and flexible. And because anyone can make one, there are thousands of them out there. Every plugin or theme has its own developers/teams. If those developers are doing it right, they’ll have regular code releases that you need to install to take advantage of current security patches, bug fixes, and the like.

It’s important to perform updates in the right order so that you don’t accidentally break something in the process. As a general rule of thumb, update from smallest to largest:

  1. Plugins
  2. Themes
  3. Core WordPress software

It’s not always foolproof, and that’s why backups come first on the priority list. Updating components like plugins and themes is a common source of trouble. Some plugins don’t play nicely together, or developers might ship an update containing a bug that breaks your site.

That’s why we can’t stress backups enough – so you can roll back to a previous version of your site if an update causes anything to break.

Which leads us to …


We won’t sugarcoat it. Updating sounds simple, and it usually is – but now and then, it takes a bit of doing to figure out where an update went wrong and how to fix it.

On some occasions, we’ve had to work with multiple plugin developers on behalf of our Site Care clients and get them talking to each other to figure out how to make their software sympatico.

So while updates are usually straightforward, we recommend budgeting time or money for troubleshooting if and when you encounter bumps in the road. (If you’re thinking that avoiding updates altogether would be easier/less risky, think again. Most issues with websites that get hacked are related to outdated software.)

Majorly frustrated guy trying to figure out problems with his website.
95% of the time WordPress does exactly what you want. It helps to remember that when you’re frustrated by the other 5%.

Database optimization and speed testing

Database optimization might sound like something only a developer can do, but it’s more like the WordPress version of organizing your closet.

Think about a section of your site like the blog, where you might have a backlog of unpublished posts, unused drafts, or spam comments. Just like emotional baggage, it all builds up over time – and on a website, it slows you down. Users don’t like this, and neither does Google. Both users and SEO like a site that loads quickly.

Here’s a visual:

Neat, organized closet. Markie Kondo was here.
Finding things is quick and easy when you only keep what you need and it’s well organized. Doing this for your database helps keep it loading quickly.
Messy, disorganized closet…a lot like an unoptimized database.
When a database is a mess, it takes longer for WordPress to find content and show it to your visitors. Someone should Marie Kondo this wardrobe.

Part of the solution is keeping your database optimized and free of “junk” that might slow it down, so get rid of anything you don’t need in there: deleted or spam comments, unused components like tags or fonts, and even old posts that aren’t evergreen.

If you don’t like the idea of doing this yourself, there are some great plugins that can help. WP-Sweep is one we’ve used and liked.

Database optimization isn’t the whole story behind site speed, by the way, so this isn’t a cure-all for a lagging site – but it will help.

And speaking of speed, page speed testing is another essential ingredient of any maintenance plan. Page load speed is a critical component of SEO – not to mention convincing people to hang around your site.

Count off 10 seconds and imagine waiting for a web page to load for that entire time. These days, that feels like forever. You don’t want potential customers getting bored and clicking away.

As a general rule, the bigger your site is, the slower it runs. But even small sites should test and monitor site speed regularly, so include speed testing in your list of regular maintenance tasks.

Security monitoring and protection

If you don’t already have a security plugin for your site, you should get one – unless your web hosting service offers robust security services.

Note: We don’t personally use security plugins (because we have Site Care, which offers built-in pro-grade security). If we did need a plugin, we would choose Wordfence and go with the paid option (because the free version doesn’t immediately cover new vulnerabilities).

The benefit of site protection is right there in the name; site security is there to keep your site safe from bad guys, and offers an additional layer of general protection over and above the security patches released by individual plugins, themes, and WordPress core.

Then there’s uptime.

Even with the very best in WordPress maintenance, your website will probably go down at some point. Most of the time it is related to your web host and server, it has nothing to do with you or your site, and it will come back up within a few minutes.

Uh oh. Your website is down.
No hosting company has 100% uptime, but some are better than others. Track your uptime so you know if you’re getting what you pay for.

Ideally, you want to know the moment your site goes down, for at least a couple of reasons.

First of all, so your website isn’t down for hours or even days without your knowledge. And also because, if your server experiences much downtime, it may be time to move hosts. When you track uptime you can keep your host accountable.

If your site is even remotely tied to your revenue, any amount of downtime is a big deal. Installing a plugin or engaging a service to provide uptime monitoring and reporting helps you stay on top of things – without constantly watching your site.

Note: A comprehensive website care service should monitor uptime for you, and can alert you and help troubleshoot when it’s more than a momentary outage.

When your website has an emergency, it’s too late

Good site maintenance is all about prevention.

You don’t have to be a developer or a WordPress whiz to keep your site safe and up to date. Avoiding problems down the line does, however, require monthly, weekly and daily time investments to keep things tuned up and running well. An ounce of prevention really is worth a pound of cure.

We like to compare site maintenance to changing the oil in a car. It’s something you need to do regularly if you want your car to keep running smoothly. You can skip an oil change and be okay – for a while. But sooner or later your engine will have problems. The same is true of your website.

DIY maintenance – person laying under car, preparing to change oil.
Regular preventative maintenance keeps cars – and websites – running smoothly.

Just like that oil change, website maintenance is something you can do yourself, so long as you’re willing to get under the hood and get your hands dirty on a regular basis.

Is your website is important to your business? Are you someone who recognizes the risk and time loss that goes hand in hand with DIY maintenance?

AFV Site Care includes all the maintenance tasks covered above and more – performed by us humans, never outsourced to robots – so you can stick to what you’re good at and leave the routine maintenance to us. Sign up now, and we’ll have you on board, backed up, and updated quickly — almost always within 1 business day.