When was the last time you updated all the plugins and themes on your website? If you’re like most small business owners, you’ve probably had to think very hard to remember that. That’s a huge mistake since it leaves your site performing poorly and vulnerable to hacks. Fortunately, the basic maintenance functions can be done in a minimal amount of time.
Why bother with maintenance?
Regular maintenance of your WordPress website will
- close all the known vulnerabilities
- provide you with a clean copy should your server crash or your site get hacked
- give you access to all the latest functions of WordPress
- keep your site performance from suffering
Regular maintenance in 3 steps
- Backing up the site
- Cleaning up the site
- Updating the site
Step 1 – Regular Backups
There is a manual means of creating a backup using phpMyAdmin, but ain’t nobody got time for that. Fortunately for us, there are plugins which will do most of the work.
Before we go too far in talking about how to do the backups, I want to describe the two different types of backups and when to use them. Wait, what? 2 types of backups?
When I first started using WordPress, I assumed, like many of you, that a database backup is all I needed to do. I discovered very quickly how wrong I was. See, the database contains all of our posts, pages, categories, tags, users, settings, and options. Sounds pretty complete, doesn’t it? What’s missing from that list? All of the photos we’ve used in our posts and pages, our themes, our plugins, and any other media we’ve uploaded.
My favorite plugin is BackupBuddy, by iThemes. There are several others out there that are free. Just check the WordPress plugin repository via your WordPress dashboard.
Once you install your backup plugin, set it up to do regular backups automatically.
Store you backups offsite
That means that you don’t want your backups on the same computer (server) as your website. Why? Well, let’s imagine that your server fails, which they do after a few years. You lose your website plus your backups. Oops. So, make sure those backups are stored somewhere else. Most plugins will upload backups to a dropbox folder or other cloud server, or you can have them emailed to you and you can store them on your laptop.
Step 2 – Tidy things up
Maybe you installed and tried a few different themes and plugins. You might have decided against using them, or you found something better and you deactivated the old ones. In this step, we’re going to delete everything you aren’t using except we’ll keep the latest default theme from WordPress. This is currently TwentyThirteen.
Don’t be afraid to delete unused themes or plugins. You can always reinstall them if you need them in the future. Really, they’ll be there. I’ve seen plugin folders that look like an episode of Hoarders. You don’t want to be like that.
Unused themes and plugins can be used by hackers to compromise your site
They don’t have to be active to be a problem. Get rid of them.
Step 3 – Update
The biggest mistake I see bloggers and business people make is not updating their WordPress, themes and plugins. I’ve heard every excuse from “I’m waiting to make sure it’s a stable release” to “I haven’t even logged into the site in ages”, so you’re in good company if you haven’t been on top of your updates.
Everyone seems to have their preferred way to do this, but the method I’ve found that causes the fewest issues is this
Update plugins first.
Since most plugin updates will be compatible with older versions of WordPress, it seems safest to update them before you update WordPress. I also strongly suggest that you update your plugins one at a time. If anything is going to break your website, it’s most likely going to be a buggy plugin. By updating them one at a time, you’ll know which plugin needs to be deleted rather than having to troubleshoot them individually.
Update your themes second.
All of them. Even if you’re not using them. But, if you did step 2, you should only have your active theme and a default WordPress theme to update.
Update WordPress last.
Everything should go smoothly if your plugin and theme updates went smoothly. Now do a final test of the site to make sure everything is ok.
What to do if something goes wrong
First of all – Don’t Panic!
If updating a plugin breaks the site, I’ve written a separate post, What to do when a plugin update breaks your WordPress website. Follow the steps there to get your site running again.
If updating the theme didn’t go well, try activating the default theme.
If everything returns to normal, contact your theme developer and let them know there is a problem. give them as much description of your setup as possible.
If activating the default theme didn’t fix things, deactivate all of your plugins. WordPress + Default theme with no active plugins should always work. Always.
If things return to normal, then you probably have an older plugin that is no longer compatible with WordPress. Start activating plugins one at a time to find out which one is the problem.
If going to the default theme and deactivating your plugins still isn’t working, it’s possible that your WordPress update was incomplete or corrupted. WordPress gives you the option to reinstall the latest version. Do it.
How often should you maintain your WordPress website?
If you have a static site, the bare minimum is once a month. You might have to do it more often if there is a big release of WordPress as plugin and theme developers will release their updates after a big WordPress update.
A better idea is to login once a week. This will make sure you don’t miss any important updates.
The best is to login every day. You’ll never miss an update this way and you’ll always have a good backup available.
If you are running a heavily used site, like a news aggregator, you’ll want to go with hourly backups and daily updates. For most of you, though, this is overkill.
I presented this material at the Seattle WordPress meetup this month. You can see the entire slide set at my Slideshare page.
One of the nice things about the Wordfence Security plugin is that it notifies me of the need to update my plugins or theme. It doesn’t notify me about WP updates. This plugin also has a newsletter that I subscribed to that addresses all sorts of security issues.
I have been doing my updates the exact opposite of the way you described, so I will change the order. I do deactivate all plugins when doing a theme or WP update – may have learned that in your website class.
Phyllis – Good for you for doing regular updates! That makes me all warm and fuzzy inside.
If the order you are doing your updates works for you, then feel free to stick with it. Since you’re deactivating your plugins when doing a WP update, you’re avoiding a lot of the problems that come with updating WP first. Whatever works for you and keeps you updating on a regular basis is a good plan.
Thank you. I think I updated my plug-ins about 5 weeks ago, in no particular order. I was letting my web developer do backups. I just checked to see if they are on a regular schedule. They are not.
You make it seem possible to manage more of it myself. Thanks.
Thanks, Rosi. I try to educate people so they can do more of this stuff themselves. Empowerment is my goal.