This article is a snippet from my WordPress maintenance course.
WordPress started out as just a blogging tool, but is now the leading content management system (CMS) on the web, dominating the entire web-design industry.
In fact, more than a quarter of the internet runs on WordPress:
None of its so-called competitors even come close. Squarespace has 0.7% market share, for example.
WordPress’ growth comes from a few factors:
- it’s built well right from the start, it’s a very powerful and flexible piece of software
- it’s still constantly improved, with a very active developer community
- it’s free, anybody can just install and use it for free. Sure, you might need to pay for premium themes and plugins, but the WP core is free.
- it’s open source, so many people have been able to build great things on top of it. The ecosystem now has tens of thousands of community-built themes and plugins.
- it’s easy to install, it usually takes just 5 minutes if you have experience with it. And some hosting providers now provide one-click installations as well.
- available in many languages
- great documentation. There’s nothing that can’t be found online about WP. If you have any problem with your site, for sure some has already blogged about it.
- great SEO out-of-the-box. Matt Cutts, a famous SEO guy from Google stated “WordPress takes care of 80-90% of SEO optimization out of the box.” (source)
But this popularity leads to complexity as well:
There are over 50K plugins out there, downloaded over 1.5B times.
Themes are in the tens of thousands as well:
Combining this with poor hosting services, improper management, security attacks and negligence, and you get a slew of possible errors:
But you don’t want this to happen to your website, it’s an essential part of your business. You want to make sure’ it’s fully functional for your audience 24/7.
The importance of WordPress maintenance.
If you don’t properly manage your WP site well, problems will come.
And I say “proper” because a superficially maintained WordPress site can still break:
- If it’s slow or partially broken, you lose clients and you lose money.
- If it’s poorly secured, it can get hacked & blacklisted, a nightmare to recover from.
If you build a new website on WordPress and then you never touch it again, you never log into the admin area, it’s just a matter of time before it will go down or get hacked. I completely understand that some of you are not very technical, so you don’t want to do things in the WordPress admin area for fear of breaking stuff.
Photographers come to me because they have a small problem with their WP site, asking me to implement a small change or fix on the site.
Once I go into the admin area, oh my god, it’s a complete mess. The “Plugins” menu item has a 20+ badge on it (= plugins that need to be updated), the WP theme hasn’t been updated in 2 years. And, most annoying of all, the top of any admin page is full of plugin notifications.
The photographer has never gone into the WP admin area since launching the site.
If you don’t touch it, it will keep working, right? Well, yes, for a while. But then you run into trouble.
So doing active maintenance is important, either by learning to do it yourself (this is what this guide is for) or by hiring someone else to do it.
When you’re done with the site, the admin should look like this:
This is how it should look like every month or so: no more notifications, everything up to date, nothing in orange or red.
“But my website seems to be running fine…”
It always seems to be running OK, until something happens.
It’s difficult to tell what’s happening behind the scenes if your site has already been infected with malware, if parts of it are not broken.
Unless you’re actively updating things, checking logs and being well informed of recent vulnerability threads, you’re not really on top of things.
The Italians have a nice expression: “Dolce far niente” which means “It’s sweet to do nothing”. In other words, it’s easier.
What happens when a WordPress site gets out of control
1. WP theme is no longer compatible with other plugins
See this theme changelog for how often they fix stuff and improve compatibility with other plugins: http://the7.io/changelog/
2. Plugins get out of date or are subject to attacks.
Notice how plugins routinely add security fixes to their code:
3. Some plugins become “ghosts”
That means that they’re no longer updated and supported by their initial developers, again becoming security risks (example)
They need to be replaced with new ones, there’s always another plugin that can do the same thing.
And I’m going to tell you about a great plugin that tracks vulnerabilities in other plugins, you need to always have it in place (Plugin Security Scanner)
4. WordPress core also gets updated
See the WP core changelog.
5. A combination of themes/plugins is causing problems in the layout/design of the site
6. Your hosting company can limit your server resources, causing your site to be really slow (or even taking it down completely) with little or no notice.
GoDaddy has a habit of doing this, pushing users to upgrade to their more expensive plans.
Bluehost is also known to do this from time to time.
7. Security breaches
That means that a hacker can insert content onto your site. It can be visible:
or quite hidden. This site, for example, had hidden links pointing to online pharmacy sites:
You can also get an email from your hosting provider, that your site is blacklisted:
Getting off a blacklist is a nightmare, it takes a lot of back and forth with them to do clean-up, rescan the site and lift the blacklist.
Google always takes notice. In just a couple of hours, Google can spot the problems on your site and then flag your site. That leads to a bunch of possible problems.
Most of these problems will also be reported inside Google Search Console, these are screenshots from the old GSH user interface:
Finding problems is hard
Note from Sucuri:
“In most instances, the compromises analyzed had little, if anything, to do with the core of WordPress itself, but more with improper deployment, configuration, and overall maintenance by the webmasters and their hosts.”
Notes from the WP Engine hosting provider:
“How did the malware infection happen? How can it be prevented in the future?”
“This isn’t something we commonly go into, honestly – we can guess where it came from and when we search the list of plugin & theme updates available, we can reasonably assume it’s coming from there. The real reason though is it’s difficult to know where/what was compromised.
Ultimately the best defense against this kind of thing is logging into WordPress every other day to make sure everything is as up-to-date as it can be. WordPress itself is secure, it’s when a bunch of third party code is introduced via plugins & themes where vulnerabilities are most often found.”
(source: chat with support team from WP Engine)
Statistics show that people often have not idea what caused the problems:
It can be a bunch of things:
And look how most site owners find out about problems:
The conclusion is that, being so popular, the WordPress core and plugins are often the targets of various hacks and exploits. It’s simply the nature of the online world, and all can you do is have plenty of preventive measures in place, and a helping hand nearby.
“But my website seems to be running fine…”
Maybe. For now.
Even if you THINK your WordPress site is doing OK, you probably can still do a better job of managing it.
I’m not trying to scare you. In fact, this entire webinar is meant to give you more piece of mind once you learn to manage everything well.
The solution is PREVENTION
To explain the importance of prevention, let me do a couple of quick analogies.
First off, I know this is a sensitive topic for some, but I’m going to do a health-care analogy.
Modern medicine is really great for dealing with acute problems. If I get injured somehow, I go to a hospital to fix it asap.
But for chronic illnesses, sometimes modern medicine just treats the symptoms, you don’t get cured, you just keep fixing things. That’s how some people manage their sites as well, they just patch things up as they go.
I want you to get into the mindset of a healthier lifestyle. You want to prevent problems from happening in the first place.
Especially since, as part of your photography business, your website is an investment. A money investment (for the services you’re paying for and maybe for a web-designer you hired), and definitely a time investment too. So why not care for it?
Another way to think of it: WordPress maintenance is like owning a car.
You do a regular oil change for your car, right? You take it into the shop for a check-up, you change the tires, you have an alarm installed.
You taking care of it is a form of prevention: you don’t want it to get stolen, and you don’t want it to break apart when you need it the most.
Same with your website, you have to treat your business seriously.
In the long run, you’ll save hundreds of dollar and tens of hours of stressful time by properly managing your WordPress site and preventing security and functionality problems down the line. A website hack alone can set you back $400 (not to mention the downtime and SEO implications).
So either you hire someone to do it, or you learn to do WordPress maintenance yourself, you’re protecting your online assets, it’s like having basic health insurance, it’s just the wise thing to do.
There are two types of tasks you need to do: one-time and ongoing.
One-time changes are usually done when building the website in the first place, or as-soon-as-possible if you already have a WordPress website.
Ongoing changes are done on a regular basis to check up on things.
I’ve covered both types of tasks in my full course on WordPress maintenance.