Your 5-Step WordPress Website Maintenance Guide

security lock and chain on laptop-protect website

Keep your website protected and updated with this guide and checklists.

⇒ Straight to the checklists.

Your website is critical to your business

Your website is one of the most important assets in your health and wellness business. It’s vital that you keep it updated, protected and online so that you can serve your visitors. Your website is the foundation for your business.

If your website is offline or having problems, it’s no longer effective and will cost you. In today’s modern world, there are many factors to be aware of and websites can be targets of hacking attempts.

In fact, the average website will have automated attacks looking for weaknesses multiple times a day.

Are you looking after your WordPress website?
Can you remember the last time you ran updates in the admin dashboard?

Maybe you have never logged in to the backend of your WordPress website, but today, you are going to learn 5 reasons why you need to – STAT.

Your website runs using software – it’s the language WordPress uses – and it needs to be maintained, just like your computer, phone, or other mobile device. You update the apps on your phone, yeah? Let’s do the same on your website, shall we?

Paying attention to updates, ensuring they’re carried out effectively on your website and testing afterwards does take time, but what are the repercussions?

Potentially a broken website, a website that is hacked, infected with malware, and ultimately costing you more time – and money.

With the right tools and know-how, you can do this yourself, or have someone more knowledgeable do it for you.

I’ve put together five key essentials to help you set up a maintenance schedule and keep your website secure. Using this guide you will have peace of mind that your website is in good health and you’ll be able to focus on what’s important to you in your business or nonprofit.

Here we go…

1 – Website Peace of Mind

One of the worst things that can happen to you is that you go to access your website and find that it’s offline. Even worse though is that you get an email from a potential client who tells you that your website is down, or that they can’t access what they want to because there is a major glitch with the functionality of your site.

So, what do you do? Who do you call? What support do you have?

Your first step would probably be reaching out to your hosting provider and being reliant on their response time and the support team to assist you.

Most of the time they are able to restore your website and fix whatever needed to be fixed on the back end, but you may inevitably lose some data and/or have to pay a hefty fee to have it fixed and restored.

Have a disaster recovery plan! Make a note of key telephone numbers or contact details for your hosting company, domain provider and email provider.

NOTE: Your email and hosting should NEVER be in the same place. If you do have them together, your website and email can be down at the same time. Read THIS POST I wrote for more information about WHY you want to keep these separate.

The most important piece to this puzzle is going to center around your backups. With a full backup of your website, you can reinstate the backup to ANY hosting provider, even in the worst case scenarios.

  1. Off-site backup: For proper security and safety, your backups should be stored with an external service. For example, Google Drive or Dropbox. We do a backup of our clients’ sites directly on our server and we have an additional backup on a separate server. We also have another backup in Google Drive.
  2. Regular schedule: Your backup schedule will vary depending on how often you update your website. If you have an E-commerce store, you are going to want to backup every day or at the very least every other day. You can do a full backup of your website and also a database backup of your site.
  3. Encrypted: For the safety of data, you should choose a solution that encrypts the backup of your website before storing it off-site.

2 – WordPress Security

Good website security practices are vital! WordPress powers over 30% of the websites on the Internet. It’s popular and highly powerful, and with this popularity, comes the responsibility of being vigilant with the security of your website.

There are thousands of plugins that add functionality to WordPress websites. Your website will have most likely have a number of them installed. Having the best plugins installed is also something to consider, but that is for another guide.

Plugins will have regular security updates released and the WordPress software itself will also have regular updates made available.

Unless you have someone else maintaining and updating your website, this rests solely on your shoulders. Your hosting company should have some security measures in place that will protect your website, but this will not shield you from the dangers online.

You need to have suitable protection on your WordPress website. You can install a free security plugin such as WordFence or iThemes Security. They both have guides to help you get set up quickly and each have their pros and cons so go through them carefully. Make sure you take care not to accidentally lock yourself out of your own website!

If anyone needs access to your hosting or your WordPress admin, make sure you trust them and when their time is done, change your password immediately. It’s even better to give them a unique login that can be disabled by you at any time.

Security is very much a lot of common sense and a little bit of luck. No WordPress website, or any website, is 100% secure. But you can take these steps to ensure you have the best protection possible.

Security and Protection are the Backbone of Our Plans

Our hosting company has top-notch security and your website is extra secure due to being on your own dedicated cloud server. More than 50,000 websites get hacked each day and 43% of cybercrimes are against small businesses. 90% of all websites that are hacked are WordPress.

We’ve invested in the proper firewalls and other security precautions to make sure your website is secure. And we have a protocol in place if malware threatens your site.

Learn more about our WordPress Care & Support Plans

Steve Lisa serving coaches and healers

3 – WordPress Maintenance

Just like your car, or your home, your website needs servicing to stay in good health. You get an oil change to keep your car running smoothly. You repair plumbing in your home to make sure you continue to have running water. Well, you do the same thing with your website. It’s really important that regular maintenance occurs of your WordPress website.

Without regular maintenance, you run the risk of your website being attacked, going offline, running slow, or just not functioning correctly.

You’re going to need to schedule regular maintenance time into your calendar.

4 main tasks on your schedule:

  1. WordPress Core: New version of WordPress is released periodically. These should be installed quite quickly, as they are often security patches. Be careful with this though. Make sure you have a backup of your website right before you do this update.
  2. Plugins: The plugins you use on your website will have regular updates – not all at the same time – but they will all have updates. Update plugins at least once a week. If a plugin is not updated regularly, it’s time to look for another one. Your site is vulnerable if a plugin is left to chance. If you are no longer using a plugin make sure you delete it, don’t just deactivate it and leave it on your website.
  3. Theme: The WordPress theme you are using will have updates as well. Maybe not as often as plugins, but usually more than WordPress itself.
  4. Check backups: Make sure that your backups are running successfully, especially if you have an active E-Commerce website. We have our websites set to do an automatic backup once a week (more often on some of our sites) and it’s on my husband’s “to do” list to do a quick check to make sure everything ran smoothly.

Before starting any of this maintenance work, make sure you have a recent backup. Once you have done all the updates needed, test your website and make sure that you can access your website. You can also test as you go. Update a plugin, test, update another, test… and so on.

Set aside at least an hour a week to do this maintenance on your website.

woman working on laptop with coffee on white table

4 – Website Reliability

Website hosting – the holy grail of a WordPress website! Every website needs hosting and there’s a ton of hosting available. Without hosting, your WordPress website would not be online.

Unfortunately, not every hosting company is all it’s cracked up to be.

If you are currently paying less than a cup of coffee for your hosting each month, then you are probably not with the best company. In fact, I’ll go so far as to say, you definitely are not in the right place. Maybe the company has better plans available, but the plan you are on, is trouble waiting to happen.

Low-cost hosting is most often on what is called “shared hosting”. Hundreds, and often times, thousands of websites are sitting on ONE server, sharing resources and also sharing vulnerabilities. With this type of setup, hosting companies can make more money, but you are at risk in this environment.

What does being on a shared server mean?

1 – You are sharing the same resources as all those other websites.

If one of them uses “more than their share” of resources, your site could go offline. A neighboring website could also be letting their website go, not updating, uploading malicious content or installing plugins that cause problems on their website. Because you are neighbors, you are at greater risk.

2 – Your performance is at bare minimum.

If visitors are not able to access your website fast enough (less than 3-5 seconds) they will leave and are gone.

3 – Emails using the same server are another common practice with shared hosting.

When your emails are are all being sent from the same server as your website is on (with all these other websites), if one person decides to send out spam (voluntarily or involuntarily) the IP address of the server can be blocked by email providers. And guess what? There goes your email because you are on the same server.

No emails being delivered to your people. You are not receiving emails either. Bummer deal! I recommend using Google Workspace for your email. Super easy to set up and it’s like a free gmail account, only it’s a professional business email.

Choose the best hosting possible.

This is one area where cutting corners can cost you big time. Your website hosting should be in the range of $10-$25 a month for basic, good hosting.

You are still doing all the maintenance yourself and troubleshooting, but at least you have a good foundation. I recommend FlyWheel for stable, Managed WordPress Hosting.

5 – Be Proactive Not Reactive

Do you want to be proactive, keep your website up to date and be prepared for any technical issues that come up? Or, are you the reactive type who is only going to take action where there is a problem that arises?

With maintaining and updating your website, making sure to keep it in good health, you have two choices – Do it yourself or have someone do it for you.

Do you have experience to look after your website or do you have a trust in someone that does? If you are looking after your own website, do you have the adequate time to do that?

It’s an hour or so a week, but if you run into an issues that needs immediate attention, it could take you another 2-4 hours, or more. And, if you aren’t sure what you’re doing, it could take longer.

Can you afford to take this time away from key business tasks to focus on your website?

If not, I encourage you to be proactive and see how a small, personal company like ours can help you manage your WordPress website. A Care Plan is a monthly service where we look after your website, carry out off-site backups of your data, keep your website secure and many other services.

These plans are designed to give you peace of mind about your website so you can carry on doing what you do best and focus on the more important tasks you do every day to grow your business.

As easy as it sounds to take care of your own website, you don’t want to take risks. If you are at all wondering if you can do it, be proactive and seek out someone who can.

You may never have had an issue, but what happens when you do? It is inevitable you are going to need support at some time and those large companies are usually not available when you need them the most.

Final Thoughts About WordPress Maintenance

Keeping a website well maintained and attractive is important to your business. It might sound like a good idea to cut corners and let a few tasks slide, but in the long run you’re playing with fire.

We’ve seen quite a few websites that are a legit hot mess just because the lack of care. Like your health can fall apart if you go too long without a regular check up, so can the health of your website.

Weekly, Monthly, Quarterly and Yearly Checklists

Weekly Maintenance Tasks

  • Check to make sure that a recent backup has been taken of your website and stored safely off-line.
  • Perform any WordPress core updates (run a backup first!).
  • Perform any WordPress plugin updates (delete unused ones).
    Perform any WordPress theme updates
  • Run a security scan.
  • Check that all pages are loading without any errors.
  • Check all forms on your website to ensure they are functioning and working correctly – especially sure that they are sending emails.
  • Remove spam comments or form submissions
  • Check for broken links.
  • Check for any 404 errors.
  • Review uptime logs – If there are any significant downtime periods, talk to your hosting provider to ascertain why.

Monthly Maintenance Tasks

  • Test the loading speed of your website using GTMetrix or PageSpeed. If your website is loading over 3-5 seconds it needs some optimizing.
    • Have a friend or family member go to your website and see how fast it loads – have them click around and see the transition time between pages. This will give you a better idea of how fast (or slow) your website is.
  • Review security scans from the last month and ensure that all issues are resolved.
  • Check your website statistics in Google Analytics and make sure everything is being saved. We use Fathom Analytics now due to data privacy rights and regulations.
  • Check how your website is performing with search engines. Use an incognito window to do this. Are you visible?
  • Clean up necessary and unused content – your WordPress database holds onto all content – you can clean it with a free plugin called WP Optimize.

Quarterly Maintenance Tasks

  • Review your website – Is there anything that needs improving?
  • Do you have any new content to add? Anything outdated?
  • Are all of your graphics and photos up to date? Do you have newer versions?
  • Check your meta titles and descriptions – have you correctly set each of these on every page?
  • Do each of the pages of your website have a clear Call to Action (CTA)?
  • Are all the forms on your website user friendly and giving a clear success or failure message when used?
  • Test your website to make sure it is loading well across desktops, laptops, tablet and mobile devices.
  • Test the health of your backups by restoring a backup on a staging website.

Yearly Maintenance Tasks

  • Renew your domain name(s).
  • Check your hosting contract and make sure it’s the most suitable for your business.
  • Update the copyright year in the footer of your website.
  • Review each page on your website and make sure that you content is still accurate.
  • Consider updating the design of your website to better suit your target audience – plus it’s just nice (and fun) to give your website a fresh look and feel.

WordPress Website Technical Information

Our Recommendations

Domain Registrar: Google Domains

Email Providor: Google Workspace

Hosting Provider: FlyWheel (How to choose the best hosting provider)

Theme: Divi


FluentForms Pro
Fluent SMTP (email deliverability)
Postmark (email deliverability)
FluentCRM (email marketing)
Imagify (image optimization)
SEOPress Pro
Anti-Spam by Clean Talk
WP Optimize
WPVivid Backup
* Sucuri Security or iThemes Security or WordFence

* We don’t use a security plugin on our websites because we invest in server level security platform. These recommendations are from other colleagues we trust.

maintenance guide pic
Free Guide

WordPress Maintenance Guide

Download our free guide to learn how to take care of your WordPress website. Checklists included for weekly, monthly, quarterly and yearly tasks.

Steve & Lisa Williams

Our desire to remain on the smaller, ‘mom and pop’ side of things keeps us close to each and every client we serve.

We deliver custom-built websites designed with a solid marketing strategy as the foundation. This ensures your online presence is not just aesthetically pleasing, but also geared towards achieving your business goals.

With our expert guidance, we know you can reach the next level in your business. Partner with us and experience the JoLi Design Solutions difference!