Home » Guides » How to keep your WordPress website in good shape

How to keep your WordPress website in good shape

If you have a WordPress website then you should allow time for regular housekeeping. Why? Well, WordPress is free software and as such doesn’t come with any support. You have to keep it running smoothly yourself. This includes running WordPress updates, updating plugins, security checks and so on.

I recommend clients do housekeeping once a month for busy blogs, or once per quarter for low traffic business websites. Below is the checklist of items we suggest. It’s not complicated, and you only need to allow about an hour a time. If you’d prefer someone to do it for you, we offer a basic monthly health checks service.


1. Check scheduled backups are working

You should already have a backup system running on your website. If not, do it now – I recommend VaultPress.com which is about $5 /month for the Lite plan. You may find your website host does backups for you, but make sure they’re also easy to restore from. If you do have a backup system running, check it’s actually working from time to time. Don’t assume it is.

2. Check any download links work

If you have some important downloads available on your website,
make sure they’re still working. We’ve seen plenty of cases where the download file was moved, deleted or had it’s name changed, which breaks the link on the website.

3. Test your forms

Test your Contact and Signup forms (or any other forms). They’re too important to leave to chance, or you could be missing out on leads and new subscribers.

Submit a test entry to each in your browser and check the notification comes through, or the subscription is added to your mailing list. Remember to be tidy and remove these from WordPress or your mailing list once you’re happy the forms work.

As an extra precaution, check the Entries log for your forms to see if you’ve missed any notifications.

4. Check for plugin updates and run

If plugins are prompting you to update in your dashboard, update them at least once a month.

As a precaution, you may want to consider these points BEFORE updating:

  • Make sure you have a current backup of the website just in case
  • Keep WordPress updated too. Sometimes plugin updates are only supported by the latest WordPress version.

5. Check for WordPress updates and run

If WordPress is prompting you to update, first consider these points BEFORE updating:

  • Make sure you have a recent backup of the website
  • Update your plugins first (or at least the important ones)
  • Make sure your website isn’t dependent on an old theme framework or plugin that may not be compatible with the latest WordPress.

Then, run the update and check your website in a browser.

6. Look for broken links

This can be automated by installing Broken Link Checker plugin, which will periodically email you a list of broken links.

7. Check for unused plugins and remove

Plugins tend to build up as we forget about them, and clutter isn’t a good thing. In this case it’s bad for security and performance.

Check the Deactivated list for any you know you’re no longer using and remove them. Then check for Active ones you know you’re no longer using and deactivate or remove them.

8. Delete spam from Comments

Another good housekeeping routine is removing Comment spam, or it will build up. Go to Comments > Spam to check.

9. Check for any Comments that need moderating

Speaks for itself – don’t leave your readers hanging if they’ve posted a comment you need to approve.

10. Make sure the default “admin” username has been removed

This is a one-off task, but needs checking. WordPress creates “admin” as a username for you, by default during installation. This makes it easier for hackers to use in combination with guessing your password. It’s doing half their job for them. To avoid this, create a user with another name and give Administrator privileges to that account. Logout and and then login using your new account.

First, if you had any Posts assigned to the “Admin” account then reassign them to your new account by editing each one. Then, delete the old “admin” account in Users.

11. Run a malware and security check

Running the free Sucuri test on a monthly basis is a good way of keeping an eye on security issues. Keep in mind it’s a free service though, and shouldn’t be seen as a robust, catch-all test.

12. Uncheck “Anyone can register”

This is a one-off task, but a good security precaution. Go to Settings > General > Membership and un-check this option.

Want some help with this? Ask us for a quote ›