WordPress maintenance is often seen as a chore, but it’s extremely important. Most web platforms, without a little extra care, can become slow, error prone and unreliable. From a security perspective, a poorly maintained site can even become a liability. Unnecessary files and data can slow your site down. Unwanted content such as comment spam can cause you a world of hurt, consuming valuable resources and impact on your search engine rankings. Security flaws can enable attackers to use your site to commit fraud, spread malware and launch further attacks.
Regular maintenance is essential for a stable, healthy website.
For most of this article, we’re assuming you have Administrator access to your WordPress site, at the very least. It’s not uncommon for some WordPress users to not have access to their own hosting environment, whether that be cPanel, Plesk or shell access. You will just need access to your WordPress dashboard to install plugins. If you’re not a plugin kind of person, I understand, so I do mention other ways of achieving the same results by modifying your
wp-config.php file. However, to do that you will need server level access.
As always, please make sure you have reliable, current backups before making any changes to your website. Ideally, you should be testing any changes in a test environment.
Here’s a short overview on what we’ll be covering:
- Maintenance Mode
- WordPress Updates
- Comment Spam
- Database Maintenance and Optimization
- Health and Security Monitoring
- Centralized Management
- Scheduling and Documentation
- Keeping Informed
Backups are essential, it’s that old broken record. But it’s still something that frequently gets neglected.
Setting up automated backups are absolutely the way to go and what you should aim for, but just make sure you test them regularly.
I’d even recommend adding manual backup and restoration into your schedule, the process is quite easy and if/when the time comes, you’ll be prepared to complete the restoration process. Here are some guides that will definitely help you:
If you’re after a backup plugins, BackWPup is one of the most popular, with 1.5 million downloads.
There are also plenty of alternatives, such as Backup to Dropbox, UpdraftPlus and VaultPress. Your web hosting provider might also have backup options, there’s no right or wrong, just make sure you’ve covered. Don’t be afraid to use multiple backup systems.
You should always take your site offline whenever you’re making changes behind the scenes. This is especially true if you have to work on a live site. This will help reduce the likelihood of your users seeing or experiencing anything they shouldn’t while you’re making changes.
WordPress itself does have a native maintenance mode when updates are being applied, but there are also some useful plugins that look a little nicer and give you a few more options that you can enable at any time.
This category of plugins is also commonly referred to as ‘Coming Soon’ or ‘Maintenance Mode’ plugins, so include those terms if you’re looking around for other options.
Here are just a few of the popular plugins:
WP Maintenance Mode
Plugin URL: https://wordpress.org/plugins/maintenance/
Coming Soon Page & Maintenance Mode
Learn PHP for free!
Make the leap into server-side programming with a comprehensive cover of PHP & MySQL.
RRP $11.95 Yours absolutely free
Plugin URL: https://wordpress.org/plugins/coming-soon/
WordPress Maintenance Mode with .maintenance
As mentioned above, WordPress puts itself into maintenance mode when performing updates. The way it does this, is by creating a .maintenance file which is removed after the updates are complete. You can also create this file yourself. There is quite a lot you can do with the default maintenance mode, for instance, it can be customized and styled.
If you’re interested in more information and want some examples, I’d recommend checking out WordPress Maintenance Mode without a Plugin.
Manually Setting a 503 Redirect
If you’re prefer to take your site offline without using plugins or a .maintenance file, another option is to add a 503 redirect in your .htaccess to a static page you’ve created. Note that this isn’t a 301 redirect, something you’ve probably come across when talking about redirecting URLs for SEO purposes. The 503 HTTP response code tells all clients that the service is unavailable. It’s a bit more work compared to just activating a plugin, but still might come in handy one day.
Software updates are released regularly and they need to be applied to your website to ensure your website functions correctly. In the context of WordPress, we’re referring to WordPress core, themes and plugins. Once updates are applied, it’s always important to test the site to ensure everything is functioning as expected and that there hasn’t been any conflicts.
If you have a complex site (with lots of plugins), I’d recommend applying updates one at a time so if something breaks you know what caused it. Again, this is where a test environment can be invaluable.
Here’s some more information on WordPress updates if you’d like to dig deeper:
Comment spam is a plague that typically comes in the form of comments including links that exist just for a perceived short term SEO boost, or to generate sales leads.
Prevention is always better than the cure, but if you’ve been called in to help fix a site that has been hit with comment spam, that saying doesn’t really help.
You should always use anti spam techniques (using Akismet for example, or closing comments after a certain number of days), or even turn commenting off completely if it’s not being used. However, what do you do if a site has already racked up a high volume of spam comments? Luckily there are some helpful plugins that deserve a place in your toolbox if this situation ever arises.
Delete All Comments
This pretty much does what it says on the box, it deletes all comments. This is particularly useful if you’re working a site that has accidentally allowed commenting. Just install this plugin and you can then remove all comments in one go. You can then turn off commenting if commenting isn’t needed, or enable your favorite spam management system. What about if the site has lots of pages and posts I hear you ask? You don’t want to have to check every page. That leads me to the next plugin!
You can and should already know about the bulk edit feature in WordPress, it’s a massive time saver when making changes to multiple content types. Comments, like most things in WordPress, can be managed this way. However, there’s an even easier way to turn off commenting on a site-wide basis. The plugin is called Disable All Comments. Again, it does exactly what it says it does, however be sure that you definitely won’t need comments in the future. The plugin will also ask you to confirm this.
Plugin URL: https://wordpress.org/plugins/disable-comments/
Database Maintenance and Optimization
Databases need maintenance. It depends on things like how big your database is, how often things change and your server environment. If you’re managing a busy site, the following plugins can help fix any errors and make sure that your databases are optimized.
These plugins mostly do the same thing, but check them all out and pick the one you feel best fits your needs. Some offer more features than the others, some can be scheduled to run regularly.
Plugin URL: https://wordpress.org/plugins/wp-dbmanager/
Plugin URL: http://wordpress.org/plugins/wp-optimize/
WP Clean Up
Plugin URL: https://wordpress.org/plugins/wp-clean-up/
Plugin URL: https://wordpress.org/plugins/wp-sweep/
Plugin URL: https://wordpress.org/plugins/cleanup-images/
Database Interfaces within WordPress
You’re probably familiar with MySQL and tools such as phpMyAdmin, but there are also several plugins that you can install to give you similar access to your database. These plugins can be used to run operations such as import, export, repair and run queries.
Usually we’d use our tool of choice for accessing MySQL, but if you don’t have access, these can be a lifesaver.
Plugin URL: https://wordpress.org/plugins/sql-executioner/
Plugin URL: https://wordpress.org/plugins/adminer/
It’s worth noting that care should be taken enabling these tools and only use them if it’s completely necessary.
Manually Turning Off Trash and Revision History
In this section, we’ll be editing the
Autosave has saved my bacon more than once, and features such as the revision history and the built in file comparison are incredibly handy if you create a lot of content within WordPress, so I wouldn’t jump and change this unless you need to. That said, there are cases when these changes make sense and it’s easy to turn these features off by adding a few simple entries to your
Note: When you’re making changes to your
wp-config.php file, you’ll need to make sure you add them above the last section:
/* That's all, stop editing! Happy blogging. */ /** Absolute path to the WordPress directory. */ if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); /** Sets up WordPress vars and included files. */ require_once(ABSPATH . 'wp-settings.php');
There are comments to remind us of this, but just don’t forget and add them to the last line of the file. The
wp-config.php file can be used for lots of useful and interesting things. For the adventurous, check out the Codex page on
wp-config.php and you’ll see what I mean.
This is where content, mostly pages and posts, end up when you hit delete. By default, content will sit in the trash for 30 days. Adding the following line to your
wp-config.php file can easily change this. Here’s how we’d change this to 2 days:
define( 'EMPTY_TRASH_DAYS', 2 );
We can also turn off trash completely:
define( 'EMPTY_TRASH_DAYS', 0 );
Autosave and the Revision History
The default time period for auto-saving post revisions is 60 seconds. Every 60 seconds, WordPress saves the content that exists in your editor. This can be really handy, but in some situations, it can also create a lot of extra records that we don’t need.
Your revision history can be found underneath your content editor. If you can’t see your revisions, go to the top right hand corner to ‘Screen Options’ and make sure ‘Revisions’ is checked.
There are a few Autosave settings we can tweak, for example, we can increase or decrease the interval that posts are saved:
define( 'AUTOSAVE_INTERVAL', 15 );
We can also limit how many revisions are stored:
We can also turn off revisions altogether:
As you can probably guess, there’s a stack of plugins for changing the behaviour of Autosave if editing the
wp-config.php file isn’t your thing:
Better Delete Revision
WP Revisions Control
Health and Security Monitoring
It’s important to monitor your website health and performance to ensure that your visitors are getting the best possible experience when they visit your website. This includes uptime monitoring (which tells you when your site is down) and a regular review of key website metrics including information from tools such as Google Analytics and Google Webmaster Tools. Tools such as these give you information about both performance and overall website health.
Regular monitoring will help you discover issues as soon as they and appear, and often before they becomes serious.
Slow loading pages, broken internal and outbound links all impact on user experience as well as your search engine rankings.
Security monitoring is also very important when it comes to website maintenance, and how far you go will depend on your requirements. Some hosts will manage security for you, or you can use a third party plugin and service such as Sucuri, Wordfence and iThemes Security. It goes without saying that you should treat security seriously, it’s time well spent and will help you run a tight ship.
Here are a few more in-depth articles on WordPress security:
Centralized WordPress Management
I’ve tried to look at WordPress maintenance from a single users perspective, but no guide on this topic would be complete without mentioning centralized WordPress management.
If you’re managing more than a few sites, you should definitely invest the time in setting up a centralized management tool.
WordPress Management Dashboards
Many WordPress users will already be familiar with WordPress management dashboards such as ManageWP and InfiniteWP, but there are several other choices out there that is keeping the competition hot. These platforms are all continuing to improve, and now we’re starting to see them bundled with hosting services, even newcomers to WordPress can take advantage of some very powerful features.
Here are the popular choices when it comes to centralized WordPress Management, they all have their pros and cons and come in at different price points.
More information: ManageWP
More information: InfiniteWP
More information: WP Remote
More information: WPDASH
Hosting Control Panels
Some web hosting control panels are now offering WordPress management features, such as Parallels Plesk’s introduction of their WordPress Toolkit.
WP-CLI is a project that brings a nice command line interface to WordPress, with many commands related to maintenance tasks. WP-CLI lets you do almost everything you can do in the dashboard, via the command line. If you haven’t used it, definitely check it out.
If there’s ever a time when your site will fail, it’s when you’re applying updates. WordPress core updates are seamless, it’s usually the extra stuff that sits on top (your theme or plugins) where you can run into problems. The more complex your site is, the more moving parts that can break.
We’ve got some handy articles if you need help troubleshooting or tracking down WordPress issues:
- Common WordPress Issues and How to Fix Them
- Optimizing WordPress Performance with P3 (useful for fixing performance related issues)
Scheduling and Documentation
The best of intentions doesn’t always result in action as we all know. Most of us are time poor, and while WordPress maintenance might not be the top of your list of fun things to do on a Friday night it’s important to get into a routine. It will save you time in the long run.
So create yourself a maintenance plan that suits you. How often you address any or all of the above topics is really up to you and how important your site is. At the end of the day, whether you do it yourself or get professional help, make sure the schedule works for you and your risk threshold.
It’s important that you’re in the loop when it comes to updates and security patches. Twitter, blogs, mailing lists, IRC, Slack groups, Facebook, Google+, forums, podcasts and Meetups are all places where you can get notified of any important news. It’s also worth reading the release notes for any update, it can give you a heads up for things to look out for.
If you’re using a particular product, such as a membership or ecommerce plugin, make sure also you opt in for updates on these.
So there you have it, I hope that the areas I’ve covered will help you save some time in the future and set you on a path to a well maintained WordPress website that runs hassle free. I’ve noticed that the definition of ‘website maintenance’ can vary, so I’m very interested to know what other maintenance tasks or plugins you recommend, please let me know in the comments.
Chris isn't afraid to admit it: he's a geek from way back, having worked in IT for more than 20 years. He co-founded a digital agency called Clickify, working with a great team of developers and marketers, and is also the WordPress Editor for SitePoint. Chris is passionate about keeping up-to-date with the latest web technologies and can be found at many of the tech events in Melbourne, Australia. For more details, check out his personal site at chrisburgess.com.au.
Jump Start Git, 2nd Edition
Visual Studio Code: End-to-End Editing and Debugging Tools for Web Developers