Your website is critical to your business

Your website is one of the most important assets in your business. It’s vital that you keep it updated, protected and online so that you can serve your customers.

If your website is offline or suffering from problems, it’s no longer effective for your business and will lose you revenue (directly – through lost sales/visits or indirectly through word of mouth or social media posts).

In today’s interconnected digital world, it’s important to stay vigilant when it comes to security. Websites, in particular, face a significant challenge. The average website is tested for vulnerabilities by automated attacks, not once or twice, but multiple times a day! 

Are you looking after your WordPress website right now? Can you remember the last time you ran updates in the admin dashboard?

Some website owners have never even logged into the back end of their WordPress website. It is important to understand that your website uses software, just like your PC, Mac, laptop, tablet, or mobile device. If you don’t keep that software updated, you run the risk of errors, malfunctions, or in the worst cases malware infections.

Monitoring updates, implementing them on your website, conducting subsequent tests, and then troubleshooting issues when they arise require a considerable investment of time. This might be a resource you cannot spare, or perhaps do not have the technical skills to manage. However, maintaining your website, including updating all themes and plugins, is paramount to maintaining an online presence and guaranteeing visibility to your desired audience.

Do you have someone in-house who is suitably knowledgeable with WordPress to perform these updates? It’s okay if you don’t, no one can blame you considering this could easily cost you $60,000+ per year to have an employee with the right skill set to be able to look after your website. But you’ll need to have a plan in place to keep your website updated and safe.

In this guide, we’ve put together five key essentials to help you set up a maintenance schedule and to keep your website secure. Taking these steps will give you peace of mind and allow you to focus on what’s important to you in your business.

1. Peace of Mind

Don’t leave backups to chance.

One of the worst things that can happen as a business owner is to try and access your website and find that it’s offline. Even worse, is when you get that dreaded email from a customer who tells you that your website is down or that there is a message from Google telling them about malware.

What do you do in a situation like that? For most people, this would mean reaching out to your hosting company and being completely reliant on the ability of their support team to assist you. In most instances, they’ll be able to restore a backup of your website – but this may not have all of the latest data, especially if you have transactional data like E-Commerce.

As a business owner, you need to have a disaster recovery plan. If you don’t have one already, you must take a few minutes out of your day right now and think about what you will do when something goes wrong with your website.


Make a note of key telephone numbers or contact details for your hosting company, domain provider and email provider (if separate e.g. G Suite). If you have any problems with your website, you’ll want to have these contact details easily accessible. Don’t plan on keeping these in the same place as your emails, because it’s possible for your website and emails to be down at the same time.

The most important part of your disaster recovery plan is going to center around backups. With a full backup of your website, you can recover this to ANY hosting provider, even in the worst situations. There are three key things you need to think about with your backup schedule:

  1. Off-site Backup – For proper security and safety, your backups should be stored with an external service. For example – Amazon’s S3 platform, Google Drive or Dropbox. This mitigates against any issue where your current hosting provider is inaccessible.
  2. Regular Schedule – Your backup schedule will vary depending on how often you update your website and the type of audience you serve. For the average small business WordPress website, a full backup once per week and a daily database backup would be sufficient. For E-Commerce a daily full backup and an hourly database backup may be a much better recommendation.
  3. Encrypted – For the safety of your business data, you should choose a solution that encrypts the backup of your website before storing it off-site. This keeps your data, and most importantly your customer data, secure.

2. Security

Good security saves websites

As we mentioned in the introduction to this guide, good website security practices are vitally important for your business.

WordPress powers over 40% of the websites on the Internet. It’s popular and highly powerful. However, with this popularity that also means that you have to be vigilant with the security of your website.

There are thousands of plugins that add functionality to WordPress websites. Your website will have a number of these installed. These will have regular features and security updates released. Likewise, the WordPress software itself will also have regular updates made available.

The security of your website will rest solely on your shoulders as the business owner. Your hosting company will have some security settings that help to protect your website, but these will not shield you from all of the dangers online. If something goes wrong, your hosting company may restore a backup as mentioned before, but aside from that, you’ll likely be on your own.

You need to have suitable security protection on your WordPress website. To get started with a free installation, you can install a plugin such as WordFence or Solid Security. These both have quick start guides to help you get set up, but care should be taken to ensure that you don’t accidentally lock yourself out of your website.

When working with third parties such as developers or designers, you should always retain full control of all password settings. This means not giving out your “master passwords” (main logins) to third parties. If anyone needs access to your website, hosting account or any other digital property, always try and make sure they have a unique login and that this can be disabled by you / your team at any time.

Security is very much a lot of common sense and a little bit of luck. No WordPress website is 100% secure; no website in the world is 100% secure. The simplest point of failure in most cases is a human – whether it’s via a scam or a hacked device, or whether they’ve coded something poorly.


Review the last year and think about third parties that you have worked with. Did you give out a master password to any users? If you did, have you updated it since? Make a list of everything that you’ve either given out a password for or that you haven’t updated in the last 2-3 months. Then update these passwords using a strong password. You can use if you need help with generating a strong password. 

We also recommend using a password tool to store your passwords. Our personal favorite is

3. Maintenance

Your website should never have a sick day

Just like your car, your website needs servicing to stay in the best condition. It’s really important that regular maintenance occurs on your WordPress website.

Without regular maintenance, you run the risk of your website being attacked, going offline through an error or not functioning correctly when future updates are applied.

You’re going to need to schedule regular maintenance time into your calendar or the calendar of your employees.

So what should you schedule? Here’s a list of 4 key items to look at:

  • WordPress Updates – New versions of WordPress are available periodically. These should be installed quite quickly, as they often contain security patches.
  • Plugin Updates – The plugins in use on your website will have regular feature and security updates available. These should be updated often, to ensure that everything is secure.
  • Theme Updates – The theme in use on your website will also have updates available periodically. Make sure you update your theme to keep your website secure.
  • Check Backups – You should check to make sure that your backups are successfully being saved to an external location on a regular basis. If you can’t see the most recent backups at your storage location, you’ll need to fix this as soon as possible. Backups are critical!

Before starting any maintenance work on your website, always make sure that you have a recent backup of your website. You need to be able to restore this if you have any issues with the updates that you are performing.


It is essential that you test your backup and make sure that you are able to restore from this backup. It is best to practice this before you need it.  

Once you’ve made any updates, you will need to test your website to ensure all is performing well. To do this, log-out of your admin dashboard and visit each of the pages on your website. If you have any contact forms, fill these in and check that you’re receiving emails successfully.


Set up a maintenance schedule for your website. You’ll want to schedule this approximately once a week and set aside up to an hour for the work. Make sure that the user you have assigned is able to work on this regularly and document any work completed so that you can refer back to this if you have any issues.

4. Reliability

Is your host up for the job?

Website hosting is one of the most common digital services that you can find online. Every website needs it. Without hosting, your website would not be visible on the Internet. Unfortunately, not every website hosting company offers the same quality and service.

If your hosting currently costs you less than a cup of coffee per month, you are on one of the low-cost hosting plans. Low-cost hosting is on what is known as a “shared environment”. This is when thousands of websites are all squeezed onto the same server. This allows the hosting company to offer low cost plans. Shared hosting is suitable for those who view their site as non-essential, such as “hobby sites”, where a business isn’t reliant on the site. However, a shared hosting plan can have some unfortunate downsides for your business.

When your website is on a shared hosting server you are sharing the same resources as thousands of other websites. If any of these websites stretches the resources available a little too thin or carries out an action that causes a problem on the server, your website may go offline.

Performance issues can be a major factor on a shared hosting environment. Visitors to your website will wait on average around 5 seconds before they get bored and look elsewhere. If your website loads slowly with your hosting provider, which competitor do you think they’ll go to?

Another common issue is when you host your emails and your website with the same hosting provider. With shared hosting your emails are all being sent from the same server as many thousands of other email addresses. If just one person on the server decides to start sending out a lot of spam (voluntarily or involuntarily), this can cause the IP address of the server to be blocked by email providers. 

What this means for you in simple terms is that you’ll find your emails not being delivered to your customers, suppliers and important recipients, which has the potential to be extremely destructive for your business. Emails should be hosted externally to your website. Check out G Suite, Office 365, or Zoho Mail for affordable email solutions.

Realistically, you should choose the best hosting that your business can afford. This is one of the most important options that you should not penny pinch on, as a business owner. As a ballpark, the average website could be hosted very securely for around $25-30 per month online. Yes, this is more than a coffee. But if your business depends on your online presence, you have to consider the cost to fix a website that has trouble on a shared hosting platform. It can be in the hundreds of dollars.


Review how much you’re currently paying for your hosting and where you found this hosting company online. If you’re paying around the price of a large coffee or two per month, it’s quite likely that the company may not be the best option for you. Also, take a serious look at your emails. Switching to G Suite costs around $6/month per user, and it’s on one of the most reliable email platforms on the Internet – run by Google.

5. Proactive Not Reactive

Don’t wait til disaster strikes.

You have two options when it comes to your WordPress website…

Do you want to be proactive, keep your website updated, being ready for any issues that might arise? Or would you prefer to be reactive and only react when there is a problem, often when it’s far too late for a quick fix?

While it makes sense to try and limit your expenses, it’s far more expensive to react to disaster than it is to have proactive monitoring in place and to be able to mitigate issues as they happen.

Do you have the experience to look after your website or do you have an employee who is experienced? As we mentioned in the introduction to this guide, a typical cost for a competent WordPress individual to work in your company could be around $60,000/year. That’s not including a desk in your company and the additional facilities and payroll-related expenses.

If you do have the skill set to look after your website, do you have the time to do so? It’s an hour or so each week, but if there’s an issue that needs immediate attention, this could be another 2-4 hours or more. Can you afford to take time away from key business tasks to focus on the website at these times? Is this how your time is best spent in furthering your business goals?

If you’ve answered no to these things, don’t worry. It’s okay that you’re busy. You have a lot of important tasks to complete every day as a business owner and it’s completely understandable. It’s good that you’re busy as it means your business is doing well.

There’s a better way to look at this. Companies like ours offer WordPress Support Plans. A Support Plan is a monthly service where we look after your website, keep it updated, carry out off-site backups of your data and many other services. They’re designed to give you complete peace of mind about your business website and allow you to focus on the more important tasks that you need to, every single day.


Consider the value of your or your employee’s time to be available for at least 4 hours each month. Also, would any training be needed for these employees to be able to carry out WordPress maintenance tasks? If the total comes to more than $100, then you’ll be financially better off looking at a WordPress Support Plan for your business.

As fun as it can be to race the fuel gauge when the low fuel light is showing on your dashboard, you should never take the same risks with your website. There is always an automated piece of software or a determined hacker who is ready to pounce and make you their latest victim.

Throughout this guide, we’ve talked about the various risks and issues that can occur with your WordPress website and how to create an action plan and a disaster recovery strategy to ensure that you can mitigate these risks.

You may not have had an issue since your website launched, and you may even be one of the lucky few who have never had a website issue, but what happens when it’s your first time?

Taking some time today to start getting your plan together and to know who to contact if something goes wrong is the first step that you can take in ensuring that your website has a great future.

We’ve got a few additional emails and tips coming your way over the next few days, so please look out for these in your inbox.

In the meantime, if you have any questions, please don’t hesitate to get in touch!

Maintenance Checklist

Weekly Maintenance Tasks

  • Check to make sure that a recent backup has been taken of your website and is stored safely off-site
  • Perform any WordPress core updates
  • Perform any WordPress plugin updates
  • Perform any WordPress theme updates
  • Run a security scan
  • Check that all pages are loading without any errors
  • Check all forms on your website to ensure they are functioning and working correctly
  • Remove spam comments or form submissions
  • Check for broken links
  • Check for any 404 errors
  • Review uptime logs – If there are any significant downtime periods, talk to your hosting  provider to ascertain why

Monthly Maintenance Tasks

  • Check WP Admin > Tools > Site Health for any critical errors or recommendations
  • Check Site Health > Info tab > Server for PHP version and compare to latest available
  • Test the loading speed of your website using GTMetrix or Pingdom Tools. If your website is loading in over 2-3 seconds, it needs optimizing
  • Review the security scans from the last month and ensure that all issues are resolved
  • Check your website statistics are being saved in Google Analytics or the tool of your choice
  • Check how your website is performing in search engines. Are you visible locally?


Quarterly Maintenance Tasks

  • Review your website – Is there anything that needs improving?
  • Do you have any new content to add? Is anything outdated?
  • Graphics and photos – Are these all up to date? Do any of these need updating to newer versions?
  • Check your meta titles and meta descriptions – have you correctly set each of these on every page?
  • Do each of the pages of your website have a clear Call to Action (CTA)?
  • Are all of the forms on your website user friendly and giving a clear success or failure message when used?
  • Test your website to make sure it’s loading well responsively – across computers, laptops, tablets and mobile devices
  • Test the health of your backups by restoring a backup on a staging website

Yearly Maintenance Tasks

  • Review uptime logs – are there any worrying trends with your hosting provider?
  • Renew your domain name(s)
  • Check your hosting contract and make sure it’s the most suitable one for your business
  • Update the copyright year in the footer of your website
  • Review each page on your website and make sure that your content is still accurate
  • Review your website and marketing strategy for the year ahead and reflect on the data from the year that has gone
  • Consider updating the design of your website to better suit your target audience.