So you’ve launched a new website – hooray! While most of the heavy lifting is complete, investing in proper website maintenance will go a long way in ensuring your WordPress site remains healthy and insusceptible to cyber attacks. Just like a car needs regular preventative maintenance, simple maintenance tactics are important to the long-term health of your website. Here we break down five simple steps to help you maintain your WordPress website.
1. Backup your website
Rule number 1: always back up your website. We suggest that you backup your WordPress website on a monthly basis, either through your hosting provider (which may have options for website backup) or by downloading a local copy of your website via FTP. If you frequently update content on your WordPress website, this step is especially important.
2. Ensure WordPress and plugins are up-to-date
Any software you use will need constant maintenance to function properly and remain secure, and the same goes for WordPress and any plugins you have installed on the site. We suggest you log in to your website on a monthly basis and update WordPress and website plugins.
3. Avoid installing new plugins as much as possible
Any plugins on your website have been vetted by your web development team and have been deemed secure. At Stryve, some of our favourite plugins include Yoast SEO, WP Smush and WordFence. When passing off a website to one of our clients, we suggest that they avoid installing new plugins, as many can leave their site vulnerable and may conflict with website programming. Typically, if you or your team is looking for a particular functionality, a custom development solution may be better suited.
4. Manage user accounts
It may go without saying that dolling out your website password may leave your website vulnerable, but it’s an often overlooked aspect of website security. We suggest that you avoid giving your main administrative credentials to multiple users. Ideally, each user should have their own unique login and password. In addition, each user should be given the appropriate user role. In our experience, editor is usually a sufficient level of access for most users.
In addition to managing login information, it’s important to make sure you don’t have a user account called “admin”. Similarly, changing your URL login so that it is not the WordPress default (company.com/wp-login.php) is extremely important. Most often, brute force attacks occur because one or both of these items has been overlooked.
Pro-tip: At Stryve, we use the plugin Rename wp-login.php to change the login URL.
5. Invest in web security
Website downtime can be a nightmare, so investing in a web security option for your WordPress website instantly provides peace of mind. While there are many options for web security, our go-to for malware detection, cleanup, and prevention is Sucuri. For a monthly fee, Sucuri’s security experts will thoroughly scan, clean, monitor and protect your website 24/7.