WordPress
Article

The Definitive Guide to WordPress Maintenance

By Chris Burgess

WordPress maintenance is often seen as a chore, but it’s extremely important. Most web platforms, without a little extra care, can become slow, error prone and unreliable. From a security perspective, a poorly maintained site can even become a liability. Unnecessary files and data can slow your site down. Unwanted content such as comment spam can cause you a world of hurt, consuming valuable resources and impact on your search engine rankings. Security flaws can enable attackers to use your site to commit fraud, spread malware and launch further attacks.

Regular maintenance is essential for a stable, healthy website.

For most of this article, we’re assuming you have Administrator access to your WordPress site, at the very least. It’s not uncommon for some WordPress users to not have access to their own hosting environment, whether that be cPanel, Plesk or shell access. You will just need access to your WordPress dashboard to install plugins. If you’re not a plugin kind of person, I understand, so I do mention other ways of achieving the same results by modifying your wp-config.php file. However, to do that you will need server level access.

As always, please make sure you have reliable, current backups before making any changes to your website. Ideally, you should be testing any changes in a test environment.

Here’s a short overview on what we’ll be covering:

  • Backups
  • Maintenance Mode
  • WordPress Updates
  • Comment Spam
  • Database Maintenance and Optimization
  • Health and Security Monitoring
  • Centralized Management
  • Troubleshooting
  • Scheduling and Documentation
  • Keeping Informed

Backups

Backups are essential, it’s that old broken record. But it’s still something that frequently gets neglected.

Setting up automated backups are absolutely the way to go and what you should aim for, but just make sure you test them regularly.

I’d even recommend adding manual backup and restoration into your schedule, the process is quite easy and if/when the time comes, you’ll be prepared to complete the restoration process. Here are some guides that will definitely help you:

If you’re after a backup plugins, BackWPup is one of the most popular, with 1.5 million downloads.

There are also plenty of alternatives, such as Backup to Dropbox, UpdraftPlus and VaultPress. Your web hosting provider might also have backup options, there’s no right or wrong, just make sure you’ve covered. Don’t be afraid to use multiple backup systems.

Maintenance Mode

You should always take your site offline whenever you’re making changes behind the scenes. This is especially true if you have to work on a live site. This will help reduce the likelihood of your users seeing or experiencing anything they shouldn’t while you’re making changes.

WordPress itself does have a native maintenance mode when updates are being applied, but there are also some useful plugins that look a little nicer and give you a few more options that you can enable at any time.

This category of plugins is also commonly referred to as ‘Coming Soon’ or ‘Maintenance Mode’ plugins, so include those terms if you’re looking around for other options.

Here are just a few of the popular plugins:

WP Maintenance Mode

WP Maintenance Mode

Plugin URL: https://wordpress.org/plugins/wp-maintenance-mode/

Maintenance

Maintenance

Plugin URL: https://wordpress.org/plugins/maintenance/

Coming Soon Page & Maintenance Mode

Coming Soon

Plugin URL: https://wordpress.org/plugins/coming-soon/

WordPress Maintenance Mode with .maintenance

As mentioned above, WordPress puts itself into maintenance mode when performing updates. The way it does this, is by creating a .maintenance file which is removed after the updates are complete. You can also create this file yourself. There is quite a lot you can do with the default maintenance mode, for instance, it can be customized and styled.

If you’re interested in more information and want some examples, I’d recommend checking out WordPress Maintenance Mode without a Plugin.

Manually Setting a 503 Redirect

If you’re prefer to take your site offline without using plugins or a .maintenance file, another option is to add a 503 redirect in your .htaccess to a static page you’ve created. Note that this isn’t a 301 redirect, something you’ve probably come across when talking about redirecting URLs for SEO purposes. The 503 HTTP response code tells all clients that the service is unavailable. It’s a bit more work compared to just activating a plugin, but still might come in handy one day.

WordPress Updates

Software updates are released regularly and they need to be applied to your website to ensure your website functions correctly. In the context of WordPress, we’re referring to WordPress core, themes and plugins. Once updates are applied, it’s always important to test the site to ensure everything is functioning as expected and that there hasn’t been any conflicts.

If you have a complex site (with lots of plugins), I’d recommend applying updates one at a time so if something breaks you know what caused it. Again, this is where a test environment can be invaluable.

Here’s some more information on WordPress updates if you’d like to dig deeper:

Comment Spam

Comment spam is a plague that typically comes in the form of comments including links that exist just for a perceived short term SEO boost, or to generate sales leads.

Comment Spam in WordPress

Prevention is always better than the cure, but if you’ve been called in to help fix a site that has been hit with comment spam, that saying doesn’t really help.

You should always use anti spam techniques (using Akismet for example, or closing comments after a certain number of days), or even turn commenting off completely if it’s not being used. However, what do you do if a site has already racked up a high volume of spam comments? Luckily there are some helpful plugins that deserve a place in your toolbox if this situation ever arises.

Delete All Comments

This pretty much does what it says on the box, it deletes all comments. This is particularly useful if you’re working a site that has accidentally allowed commenting. Just install this plugin and you can then remove all comments in one go. You can then turn off commenting if commenting isn’t needed, or enable your favorite spam management system. What about if the site has lots of pages and posts I hear you ask? You don’t want to have to check every page. That leads me to the next plugin!

Plugin URL: https://wordpress.org/plugins/delete-all-comments/

Disable Comments

You can and should already know about the bulk edit feature in WordPress, it’s a massive time saver when making changes to multiple content types. Comments, like most things in WordPress, can be managed this way. However, there’s an even easier way to turn off commenting on a site-wide basis. The plugin is called Disable All Comments. Again, it does exactly what it says it does, however be sure that you definitely won’t need comments in the future. The plugin will also ask you to confirm this.

Plugin URL: https://wordpress.org/plugins/disable-comments/

Database Maintenance and Optimization

Databases need maintenance. It depends on things like how big your database is, how often things change and your server environment. If you’re managing a busy site, the following plugins can help fix any errors and make sure that your databases are optimized.

These plugins mostly do the same thing, but check them all out and pick the one you feel best fits your needs. Some offer more features than the others, some can be scheduled to run regularly.

WP DBManager

WP DBManager

Plugin URL: https://wordpress.org/plugins/wp-dbmanager/

WP-Optimize

WP Optimize

Plugin URL: http://wordpress.org/plugins/wp-optimize/

WP Clean Up

WP Clean Up

Plugin URL: https://wordpress.org/plugins/wp-clean-up/

Clean Sweep

WP Clean Sweep

Plugin URL: https://wordpress.org/plugins/wp-sweep/

Cleanup Images

Clean Up Images

Plugin URL: https://wordpress.org/plugins/cleanup-images/

Database Interfaces within WordPress

You’re probably familiar with MySQL and tools such as phpMyAdmin, but there are also several plugins that you can install to give you similar access to your database. These plugins can be used to run operations such as import, export, repair and run queries.

Usually we’d use our tool of choice for accessing MySQL, but if you don’t have access, these can be a lifesaver.

SQL Executioner

SQL Executioner

Plugin URL: https://wordpress.org/plugins/sql-executioner/

Adminer

Adminer MySQL Interface

Plugin URL: https://wordpress.org/plugins/adminer/

It’s worth noting that care should be taken enabling these tools and only use them if it’s completely necessary.

Manually Turning Off Trash and Revision History

In this section, we’ll be editing the wp-config.php file.

Autosave has saved my bacon more than once, and features such as the revision history and the built in file comparison are incredibly handy if you create a lot of content within WordPress, so I wouldn’t jump and change this unless you need to. That said, there are cases when these changes make sense and it’s easy to turn these features off by adding a few simple entries to your wp-config.php file.

Note: When you’re making changes to your wp-config.php file, you’ll need to make sure you add them above the last section:

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

There are comments to remind us of this, but just don’t forget and add them to the last line of the file. The wp-config.php file can be used for lots of useful and interesting things. For the adventurous, check out the Codex page on wp-config.php and you’ll see what I mean.

Trash

This is where content, mostly pages and posts, end up when you hit delete. By default, content will sit in the trash for 30 days. Adding the following line to your wp-config.php file can easily change this. Here’s how we’d change this to 2 days:

define( 'EMPTY_TRASH_DAYS', 2 );

We can also turn off trash completely:

define( 'EMPTY_TRASH_DAYS', 0 );

Autosave and the Revision History

The default time period for auto-saving post revisions is 60 seconds. Every 60 seconds, WordPress saves the content that exists in your editor. This can be really handy, but in some situations, it can also create a lot of extra records that we don’t need.

WordPress Revision History

Your revision history can be found underneath your content editor. If you can’t see your revisions, go to the top right hand corner to ‘Screen Options’ and make sure ‘Revisions’ is checked.

There are a few Autosave settings we can tweak, for example, we can increase or decrease the interval that posts are saved:

define( 'AUTOSAVE_INTERVAL', 15 );

We can also limit how many revisions are stored:

define('WP_POST_REVISIONS',5);

We can also turn off revisions altogether:

define('WP_POST_REVISIONS',false);

Revision Plugins

As you can probably guess, there’s a stack of plugins for changing the behaviour of Autosave if editing the wp-config.php file isn’t your thing:

Better Delete Revision

Better Delete Revision

Plugin URL: https://wordpress.org/plugins/better-delete-revision/

WP Revisions Control

WP Revisions Control

Plugin URL: https://wordpress.org/plugins/wp-revisions-control/

Health and Security Monitoring

It’s important to monitor your website health and performance to ensure that your visitors are getting the best possible experience when they visit your website. This includes uptime monitoring (which tells you when your site is down) and a regular review of key website metrics including information from tools such as Google Analytics and Google Webmaster Tools. Tools such as these give you information about both performance and overall website health.

Regular monitoring will help you discover issues as soon as they and appear, and often before they becomes serious.

Slow loading pages, broken internal and outbound links all impact on user experience as well as your search engine rankings.

Security monitoring is also very important when it comes to website maintenance, and how far you go will depend on your requirements. Some hosts will manage security for you, or you can use a third party plugin and service such as Sucuri, Wordfence and iThemes Security. It goes without saying that you should treat security seriously, it’s time well spent and will help you run a tight ship.

Here are a few more in-depth articles on WordPress security:

Centralized WordPress Management

I’ve tried to look at WordPress maintenance from a single users perspective, but no guide on this topic would be complete without mentioning centralized WordPress management.

If you’re managing more than a few sites, you should definitely invest the time in setting up a centralized management tool.

WordPress Management Dashboards

Many WordPress users will already be familiar with WordPress management dashboards such as ManageWP and InfiniteWP, but there are several other choices out there that is keeping the competition hot. These platforms are all continuing to improve, and now we’re starting to see them bundled with hosting services, even newcomers to WordPress can take advantage of some very powerful features.

Here are the popular choices when it comes to centralized WordPress Management, they all have their pros and cons and come in at different price points.

ManageWP

ManageWP

More information: ManageWP

InfineWP

InfiniteWP

More information: InfiniteWP

WP Remote

WPRemote

More information: WP Remote

WPDASH

WPDash

More information: WPDASH

Hosting Control Panels

Some web hosting control panels are now offering WordPress management features, such as Parallels Plesk’s introduction of their WordPress Toolkit.

WordPress Toolkit

WP-CLI

WP-CLI is a project that brings a nice command line interface to WordPress, with many commands related to maintenance tasks. WP-CLI lets you do almost everything you can do in the dashboard, via the command line. If you haven’t used it, definitely check it out.

WP-CLI

Troubleshooting

If there’s ever a time when your site will fail, it’s when you’re applying updates. WordPress core updates are seamless, it’s usually the extra stuff that sits on top (your theme or plugins) where you can run into problems. The more complex your site is, the more moving parts that can break.

We’ve got some handy articles if you need help troubleshooting or tracking down WordPress issues:

Scheduling and Documentation

The best of intentions doesn’t always result in action as we all know. Most of us are time poor, and while WordPress maintenance might not be the top of your list of fun things to do on a Friday night it’s important to get into a routine. It will save you time in the long run.

So create yourself a maintenance plan that suits you. How often you address any or all of the above topics is really up to you and how important your site is. At the end of the day, whether you do it yourself or get professional help, make sure the schedule works for you and your risk threshold.

Keeping Informed

It’s important that you’re in the loop when it comes to updates and security patches. Twitter, blogs, mailing lists, IRC, Slack groups, Facebook, Google+, forums, podcasts and Meetups are all places where you can get notified of any important news. It’s also worth reading the release notes for any update, it can give you a heads up for things to look out for.

If you’re using a particular product, such as a membership or ecommerce plugin, make sure also you opt in for updates on these.

Conclusion

So there you have it, I hope that the areas I’ve covered will help you save some time in the future and set you on a path to a well maintained WordPress website that runs hassle free. I’ve noticed that the definition of ‘website maintenance’ can vary, so I’m very interested to know what other maintenance tasks or plugins you recommend, please let me know in the comments.

Free Guide:

7 Habits of Successful CTOs

"What makes a great CTO?" Engineering skills? Business savvy? An innate tendency to channel a mythical creature (ahem, unicorn)? All of the above? Discover the top traits of the most successful CTOs in this free guide.

Comments
CichyEll

I think iThemes Security is worth to mention on security side. I used it in one of clients blog. Provides step-by-step instructions to make Wordpress site more secure.

Alex_Reds

Great article.
However I was expecting to see something new smile and something that wp community is struggling with - maintaining stage and productions wp sites. So far I know there is no definitive solution. We have have to overwrite sites all the time with changes on stage or production and no chance to override only changes/

chrisburgess

Thanks @Alex_Reds smile

It would be good to see some more options for managing environments. Not sure if you've seen WP Stagecoach (https://wpstagecoach.com/), but it looks nice!

Recommended
Sponsors
Because We Like You
Free Ebooks!

Grab SitePoint's top 10 web dev and design ebooks, completely free!

Get the latest in WordPress, once a week, for free.