When you finally make it through the seemingly Herculean effort of getting your new site launched, it’s easy to put it on the back burner thinking “Phew! I can check that of my list now!” and forget about it. But, especially if you have a WordPress website, this is a surefire path to not only having your beautiful new site becoming stagnant but also leaving you vulnerable to getting hacked (which trust me – is not fun).
Here are 3 bare-minimum things you should be doing at least once a month for your WordPress website to keep that from happening:
-
Create a full site backup
The first thing you want to do before making any significant updates to your site is making sure you’ve got a good backup of it. That way, if something goes awry during the update process, you haven’t lost months (or years) of works and recovering is a fairly painless process.
There are 4 major components of your WordPress website that you need to make sure are included in a backup one way or another:
The WordPress core files
These are the files that make WordPress, well… WordPress – they run the show, and they primarily live in the wp-admin and wp-includes directories.Your Themes and Plugins
These are the files that make your site beautiful and do fancy things like protect you from comment spam or share your blog posts on social media sites. These files live in the wp-content/themes and wp-content/plugins directories and are essentially the personality of your site.Your Media Files
These are all of the files – graphics, photos, PDFs, etc. – that you’ve uploaded to your website using the ADD MEDIA process. They live in the wp-content/uploads directory, and you definitely don’t want to lose these.Your Database
This is the lifeblood of your site. All of your site content and settings and configurations live in the database. Without your database, you have no site.Most backup plugins offer a couple of different types of backups that may cover some or all of these components, so be sure you’re choosing the correct type of backup.
-
Update WordPress including all your plugins and themes
WordPress puts out major, new releases with new and improved functionality about 3 times per year. But they release security updates considerably more often than that in order to patch security holes and vulnerabilities so hackers don’t have easy access to your site.
WordPress, in case you haven’t heard, is hugely popular – powering more than 25% of the websites on the internet these day. But this also makes it a big target for hackers and spammers to try and exploit. So there is a huge team of really talented folks who do a ton to stay ahead of the nefarious elements out there and that’s why WordPress gets updated so often.
Note: If you’re on the current major release of WordPress, you will likely receive these security updates automatically when they become available. You may get an email from your webhost that your site has been automatically updated (which is a good thing).
And then you have your plugins and themes that are subject to similar security vulnerabilities and also put out new releases. More than 55% of site compromises happen due to outdated plugins, so even if your WordPress is current, if your plugins aren’t (or if you’re using plugins that aren’t being patched regularly as new security vulnerabilities are discovered), then you’re leaving your site exposed.
-
Run a security scan
Once you’re all backed up and updated, I highly recommend you run a scan on your site to make sure there aren’t hacks or malware or other compromises that might be invisible to you (or maybe they’re visible but show up on pages that you don’t regularly visit so they’re easy to overlook).
And the reason you run the security scan as the last step is that if your WordPress version is outdated, that’s one of the first things it’s going to tell you about, so you might as well get that issue out of the way.
One of the services I use for this type of scan is Sucuri. It can be set up as a plugin on your site, but it’s just as easy to run it as an external scan from their site.
So set yourself a calendar reminder (because face it, these types of things are way too easy to forget about), and set aside 30 minutes and get at it!
(Psst…if this kind of thing isn’t your bag and you would prefer to have some help keeping your site healthy and happy, I offer a service called Mindful Monitoring where I do all of these things for you at least once a month. Sometimes it’s nice to have a pro keeping an eye on things for you.)