Is this what your WordPress dashboard looks like?

How often do you update your WordPress site? Many people forget to do it, sometimes for months (or even years). Then you log in and discover that the little orange bubble says you have bajillion updates. Do you click the update button, and possibly encounter an error, or worse, break the entire site? Maybe you are afraid to mess with it, and you just leave it for later. One thing leads to another, and eventually you site will get hacked or break down. We have seen it time and again, but it is completely avoidable, and you should be avoiding it right now, by doing regular maintenance.

Why do websites need maintenance?


article-razor-fenceJust like a car, a website works best when it is taken care of regularly. If you want it to be there for you when you really need it, you need to do regular maintenance. When you first set up a site, it has the latest versions of all the software, and it is configured to run well. As time passes, bugs are often discovered in the software (every program has bugs– if it doesn’t, they just haven’t been found yet). Some of these bugs are serious security problems that can allow criminals to hack your site or access sensitive information. If you pay attention to the news, you hear about this kind of thing happening on a regular basis. In most cases, fixes for these bugs and security flaws are freely available long before your site gets hacked. Lax site maintenance allows hackers to exploit them anyway– even when safety is just a click or two away.

Just like a car, a website works best when it is taken care of regularly.

Fortunately, WordPress is supported by thousands of talented software developers all over the world. It is so widely used that bugs and flaws are quickly discovered and patched in a very timely manner. They publish the fixes for free, and your WordPress dashboard will show you when they are available and allow you to easily install them. If you keep up to date, your risk of a security event is greatly reduced. Attackers prefer to go for the low hanging fruit– sites that are out of date.


article-bmwIf you have a blog, an online store, or any other kind of site that grows or collects information, you may also find that performance on your site can suffer over time. Often this is easily corrected if you are monitoring this sort of thing. There is a great deal of marketing research out there showing that site load times and performance have a huge impact on whether visitors continue to engage with your site. Quite simply, a slow site loses you money. Major retailers like Amazon have discovered that even a difference of one second can make a big difference. Check out this great infographic to learn more about our fickle web-surfing customers and how they feel about load times.

It can also happen that unusual spikes in the number of visitors, Denial of Service attacks, and problems with your hosting company will affect your site performance or even take the site down temporarily. There have even been cases of unscrupulous businesses trying to take down competitors’ sites. We have personally encountered business owners who have experienced this. It doesn’t just happen in Hollywood movies– real businesses do this to each other. You should be continuously monitoring your site for both up-time and performance. That way, if the site slows down (or goes down), you can get it fixed quickly and stop losing those paying customers. If you are only logging into your site from time to time, you are relying on customers to let you know when there is a problem, and those customers may just go somewhere else instead.

If you are not collecting this information, you are flying blind.

You should also be monitoring the ways that people are interacting with your website. At a minimum, you should be tracking which pages people are visiting, how much time they spend on each page, and where that traffic is coming from. This can be useful for marketing purposes, but it can also help you optimize your site as usage patterns change over time. Unusual behavior, such as very brief page view times can be indicative of a problem with your site. If you are not collecting this information, you are flying blind.



Technology is constantly changing. With multiple major web browsers that all have significant market share, not to mention a plethora of tablets and mobile devices flooding the market, the hardware/software profile of your online visitors is constantly changing as well. The history of the web teaches us that the only guarantee is the most popular platform (no matter how popular) could be gone in a fairly short time. Internet Explorer went from 70% market share to around 10% market share in seven years. Five years from now, there could be a complete reversal. This constant flux means that a site which was fine a year ago or five years ago may be creating problems for some of your current visitors. You should collect information on who is visiting your site and what they are using to view it. Test your site on all the popular platforms to make sure it looks good and runs well. Collecting hardware and browser demographics allows you to target your efforts to the most popular platforms. As the online world changes, you need to change to stay relevant. There are tools that make testing easier to do, which we will talk about in a moment.

As the online world changes, you need to change to stay relevant.


WordPress is an amazing piece of software, and you can bring tremendous value to your business by using it. However, it is not a fire-and-forget kind of thing, like that old static website your nephew built you back in the 90’s. One of the things that often goes overlooked is article comments. It is important to put fresh content on your website regularly to improve search engine rankings and stay relevant to your existing customers. For many people, this means keeping some kind of blog on the site. It is a great opportunity to engage with your audience, especially if you allow them to comment on articles. The default commenting functionality in WordPress works, but it has some drawbacks. First of all, it has no built-in spam protection. Secondly, it does not require users to have any kind of account in order to post. These two factors tend to produce– you guessed it — spam!

The creators of WordPress know this, and they have responded by doing several things. First, the default settings on a new WordPress install require those who comment to include their name and email address. Second, they withhold new comments from publication until they have have one previously approved comment. This means that you must read their first comment and approve it before any further comments can be automatically published. Third, they hold comments that have 2 or more links in them for review. The idea is that spammers tend to post a lot of links to services they are trying to promote, in hopes of boosting their search engine rankings courtesy of your site.

The comment settings in WordPress show that there are problems with commenting, but they don’t actually fix those problems.

The result of all this is that an unattended WordPress site tends to rack up a huge number of spam comments sitting in the approval queue waiting for you to get to them. And nobody gets around to it. We have seen sites with more than ten thousand spam comments sitting there. Somewhere in there are a few legitimate comments that would add value to your site, but they never get published. The comment settings in WordPress show that there are problems with commenting, but they don’t actually fix those problems. They have even installed the Akismet plugin in every fresh install of WordPress, in case you want something better. Akismet is disabled by default, because it is a paid service for businesses.

You should be trying to get users to engage with your content, and so you need to address the comment problem. A more interactive site is more engaging, and this translates directly to more sales. If you are not keeping up with comments, your site is not working for you as hard as it could be. As it turns out, there are plenty of great solutions to this problem that don’t involve hours of our time or hiring someone just to read comments. Keep reading to see our suggestions.

What kind of maintenance should I do?


As you have probably gathered by now, the most important thing is to keep up with updates. WordPress has three kinds of updates. There are core updates, which is the WordPress application itself. There are theme updates, which affect the way your site displays content to visitors. Finally, there are plugin updates, which affect the extra functionality that may be added to your site. When you log in to WordPress, your dashboard will show you all the items that need updating. If you click the updates menu item, you will see them grouped by type. You can update each thing individually, or update them all at once. Here is an example of a site that needs updates (we have blurred out names to protect the guilty!). The bright orange bubbles indicate updates that need to be installed.



Savvy WordPress users might point out at this point that WordPress offers the possibility of automatic core updates. This can be useful for getting security fixes installed in a timely manner, but we have to offer a word of caution. Any time your site is updated, there is a possibility that something will break. Security updates are designed to fix vulnerabilities, not change the way WordPress works, but any time you are changing the code running your site there is the chance that something can break. If you do enable automatic updates, please PLEASE have daily backups implemented on your site, so you can roll back if it breaks.

If you are going to do the updates yourself, run a backup first. If it is critical that your site have no down time, consider setting up a test server. A test server runs a complete copy of the latest version of your site. A typical procedure involves copying your live site to the test server, running all the updates, and doing a series of predetermined tests. These tests are something you work out ahead of time, to make sure you check all the key functionality of your site is still working across all target platforms.

If you are really busy or you don’t log into your website on a weekly basis, you might consider installing a plugin on your site to notify you via email when updates come out, such as this one This will help make sure you don’t get behind on critical security updates. It’s also a good idea to add your specific test procedures to a written document, so you don’t miss anything and can delegate the task in the future if you need to.


This is a no-brainer. A backup is a copy of your site that can be restored if something goes wrong. There are two things that need to be backed up:

  • Database – user account information, settings, and all the text on your site’s pages live in the database (the text of this article, for example, is stored in our database)
  • Content Folder – your plugins, themes, and any pictures or documents that you have uploaded in the Media section of your site are “content” (the pictures on this page are stored in this site’s content folder)

Both should be updated regularly, but the database is the more important of the two for most people. If you do ecommerce, this is especially true since it will contain all your customer order information. The content folder is generally important for restoring functionality to your site, since it includes your theme and plugins. It also includes all the images on your site, so if the content folder is lost your site will have broken images everywhere.

Typically, the database backups require less space. Both can be stored in a compressed format, to save space. If your site gets any kind of traffic, you should back up your database daily, and your content should be backed up weekly. Any time you install updates, you should do a full backup of both content and database. A local backup saves it somewhere on your server, which makes it very fast to restore it if it goes down. But, if the whole server dies, the backups may be lost too. That’s why it’s important to also do periodic off-site backups into the cloud or onto another server.

If you don’t know how to do all this, there are a ton of products out there that can do it for you. Typically they are installed as WordPress plugins. Here is an article showing some of your options.


There are lots of ways to measure website performance. A popular choice is Google’s PageSpeed Insights, which can also be integrated right into your WordPress admin area with a plugin. Typically, these tools access your site from their servers and rank performance based on a variety of factors. Then they give suggestions for improving performance. As we said above, speed directly translates into sales, so you owe it to yourself to do this regularly. A couple of the more popular tools:


Just for your reference, here is an example of a typical backlog of comments on a default WordPress install. Most people take a look at all this and just decide they don’t have time to deal with it. Maybe they spend a few minutes going through it, and then run out of time and just delete them all or leave them there for later.


If you want people to engage with your site, and you want more chances to make a sale to them, you need your comments working. You have a few options:

  • Manage them manually – Go through all comments and approve them, or hire someone to do it. Delete comments that are spam or inappropriate.
  • Require people to register for an account – This will significantly reduce the likelihood of getting comments, but it will cut down on spam. It will also drastically cut down on conversion rates.
  • Use a plugin – A plugin adds functionality to deal with the problem. Many require you to pay, because there is work involved somewhere along the line.

Most people will go the plugin route. WordPress supports Akismet, which is a spam filter much like the one your email service probably provides. It allows people to post without creating accounts– drastically lowering the barrier of entry for people visiting your site. You have to pay to use Akismet on your site if you are a business, but it is not expensive and it is designed to “just work”. Disqus is another popular option, for the budget conscious. It is free, but it places ads on your site. They do profit sharing, so if the ads on your site generate revenue, you get a cut. You can also just integrate Facebook into your site and use that for comments. You can integrate it yourself, or use one of many plugins available.


Testing is something you should do any time you make a change to your site. This is just common sense in simple cases. For example, when you post an article, go look at it and make sure it looks good on the live site.

If you install an update of make a change to the plugins or theme you are running it will require more extensive testing. This will vary depending on the kind of update, so we can only give general advice here. A major version update should always be tested thoroughly. This means (preferably) making a copy of your site and visiting the pages and trying out any special functions you have (like an online store) to make sure they are still working right. Part of this testing process should also involve testing on popular platforms. Not everyone visits the site using the same hardware and software that you have. This can lead to the classic and annoying response: “it works for me”. That’s great. Does it work for your customers? Most of them won’t tell you. They will just move on.

A simple way to do testing is to use a cross-platform testing service. This takes a lot of the expense and hassle out of it. We use Browserstack, but there are plenty of other options out there. Since you are tracking who is visiting your site and what they are using to view it with (*ahem* you are doing that, right?) you can just load up those configurations right in your web browser. For example you can try out your site on Windows 10 with Firefox, and on the iPad, and on Safari 10, all from your own favorite web browser with a few clicks. They run the hardware and just pipe the visuals to you over the internet (for a monthly fee).

Outsourcing the Maintenance

When it comes to cars, some people change their own oil, and some have it done for them. Regardless of which group they fall into, some people are timely about it, and others tend to put it off and let it go too long between changes. For your website, the only thing that matters in the end is that the maintenance gets done. The question you need to ask yourself is: what will it take to get this done right?

If you like being in charge and want to do it in-house, rest assured it is not hard to put a good maintenance process in place. To get started, take an inventory of everything you need to do ( this list gives you a general idea ) and document procedures for each item. Then put it on a calendar with a reminder and stick to the schedule.

There are two reasons you might want to outsource it. If you find that kind of techy stuff to be over your head, of course you need to hire someone to do it. Since it’s only a few hours a month in most cases, it makes more sense to outsource that than to hire staff to do it internally. But some people are quite capable of doing it themselves and still outsource it. That’s because it frees them up to worry about more important things (like running their business). So, if you are a do-it-yourself person who consistently gets behind on maintenance, set your pride aside and hire someone to do it so you can get back to the things that really interest you.

Of course, if you are lucky enough to work with us for your website, we will have offered you a variety of great service options when we delivered the site to you. Even though our main focus is on boosting our clients’ business, we offer maintenance plans because we want to make sure the client actually gets the maximum value out of their website investment. Since we do our own maintenance, we can’t recommend a particular service to you. Your best bet is a personal recommendation. If you use someone you find online, please read their reviews, and see if they can put you in touch with an existing customer who has a similar business to yours for a referral. Take your time, because this is important.