The 12 must-do tasks.
- Upgrade WordPress core, theme and plugins
Outdated WordPress core, theme and plugins expose your site with the risk of being vulnerable to attackers. You must update your website often to avoid such vulnerabilities that happened everyday.
- Backup your website regularly and stored off site
Backup your website on the cloud so you can recover anytime easily if anything happens to your website. Do not stock the backup in the same server.
- Track your website uptime
You don’t want your website to go down when your customers come to your website. If uptime is less than 99.9%, let us know or consider an alternative web host.
- Delete unnecessary themes
Obsolete and outdated themes are the most common reason for having a website hacked. To ensure your website is secured from such vulnerability, you must delete unnecessary themes from the WordPress directory.
- Uninstall unnecessary plugins
Too many plugins installed can affect your website speed and increase the security threads. Sometimes, you can combine multiple plugins into one and remove unnecessary plugins.
- Review all the plugins used
Not every plugin is developed with a high security standard. Every plugin you installed on your website is like opening a new door for attackers to come in. So, review the plugins you use, make sure it is from reputable developers or companies with good reviews.
- Monitoring site security
On top of the regular backups and website updates, as well as site performance tests, you must monitor your site security permanently to secure your site from hacker attacks. For items to be monitored are brute force attack, failed logins, countries blocked, IP blocked and file modifications.
- Change your passwords frequently and use strong passwords
Make sure you update your passwords frequently (min every 1~2 months) and use a password generator tool. One of the most common attacks in the Internet is sites that use weak passwords.
- Store your password in a password management tool
Use a tool like 1password or LassPass for storing your passwords. Delete all the emails and text files that contain your website passwords.
- Remove inactive website administrators
Do not have admins that are inactive for more than one month. The more admins, the more you need to be aware of in securing your admin who access your website.
- Conduct a malware scan
Conduct a malware scan to check if your website is healthy. We have met many clients whose websites are hacked until we let them know.
- Disable the ‘Debug Mode’
Disable the WordPress “Debug Mode” after your website has been completed and lived. Many developers left this mode enabled and the attackers can use this mode to detect vulnerabilities.
Bonus tasks for maintaining your website
- Test for browser and device compatibility of your website
- Check all forms to ensure they are working properly
- Increase the memory limit
- Remove unused images and files
- Optimize database tables to increase performance
- Check links to social networks
- Review Google Search Console validations and errors
Optimise your website to improve your SEO ranking
- Review meta title and meta description – make sure your website has a proper meta structure
- Compress your images
- Use max one h1 on every page
- Check and resolve all broken links
- Check for 404 errors and resolve these by fixing links or redirecting