Ultimate Wordpress Maintenance Tips

The Ultimate WordPress Maintenance Tips You Should Not Ignore

WordPress website maintenance is difficult to learn, but you will soon realize that it does not require much work. WordPress makes the updating and maintenance process very straightforward. In this article, we will make it even more comfortable with our recommended tips and using tools you should use and apply to your website by using some standard practices and checklists.

What we will be reviewing is the following:

1. Our Recommended WordPress Plugins

2. WordPress Backup Process

3. WordPress Speed and Caching Recommendations

4. WordPress Security Audits and Monitoring

5. WordPress Maintenance Checklist

Why is WordPress Maintenance so Important?

WordPress Maintenance is essential because of security, uptime, and usability. You need to perform periodic updates both to WordPress Core and Plugin files to ensure that there are no security vulnerabilities, display problems, bugs, and functionality issues that can cause a drop in traffic or can ultimately bring down your website.

Our Recommended WordPress Plugins Banner

Our Recommended WordPress Plugins

Trying to determine which WordPress plugins to use is not only hard; it can also be impossible because there are over 50,000 plugins to choose from. When trying to find the right ones, do your homework.

Before we dive into our recommendations, here are some rules which you should follow when trying to find your plugins. As we mentioned before, there are thousands of plugins, so vetting out ones that work well is essential.

Plugin Recommendation #1 – Backup and Staging Plugin

One of the most missed and critical items is backing up the site and doing updates in a staging environment. Most greenhorns will see updates and spray and pray. Nine of ten times, there are no issues with updating a WordPress website. However, it just takes that one time to get to bring down the site, and if you do not know how to debug, access web files, or have no coding legs to stand on, then you are going to have more significant problems with a down site. So we recommend using a tool that will allow you to not only back up the website but also provide a staging area to test these types of tasks.



What is great about this tool is that it allows you to have a back system independently from your current host and add a deployable staging area. We love it because we can back our clients up directly to a Google Drive folder which clients have access to, and it is an Offsite backup, meaning if the host has a catastrophic event and your files are lost, they’re still safe on another offsite location. Also, the staging area is a one-click install on the WordPress backend. You can quickly deploy live to staging or the reverse staging to live any time you chose.

Plugin Recommendation #2 – WordPress Security Plugins

A website that is not secure is an excellent deterrent to customers. Search engines like Google also can penalize sites which have been hacked completely, removing them from search. Adding and SSL do not adequately secure your website. Unfortunately, there is no full-proof way to ensure a vulnerability is caught before a hacker can exploit it. The only way you can combat hackers is by building enough walls that will not make you easy prey and then maintaining those walls every month.

The best way to prevent this is through security plugins. We recommend two reasonably priced plugins that can help secure your site from attacks. WebARX and MalCare will automatically scan your website for any suspicious activity. They even offer one-click solutions to fixing malware problems.


WordPress Security Plugin #1 – WebARX

We started using this tool around two years ago because it removed the need for multiple plugins, which we have been exceptionally pleased with. WebARX helps websites combat against spambots, malicious software, and prevents malware from gaining access and infected the website.

It is known to be one of the most advanced security plugins for PHP applications and consistently communicated patches that are firewall rules protect the website from vulnerabilities.

MalCare Dashboard Image

WordPress Security Plugin #2 – Malcare.com

On sites which we found have been compromised and need an extra layer, which primarily deals with scanning and removing vulnerabilities, we use MalCare. This tool works like antivirus software and does deep scanning of every file to find infections that run in the background and does a great job not overloading the server.

What is the difference between Malcare.com and WebARX?

WebARX is a preventative tool where you’re blocking the malicious attempts to raise havoc on your site. MalCare is a tool used for removing the efforts which have succeeded in compromising your website. Having both is that much better.

Plugin Recommendation #3 – Caching and Speed

WP Rocket Banner

1. WP Rocket

WPRocket is our favorite Caching plugins. Caching is a significant factor in the speed of your website, which also contributes to your SEO and conversion rate.

To keep our sites at top performance, we use WP Rocket. WP Rocket combines all the procedures for WordPress performance optimization in a single plugin. Besides, the plugin is very user-friendly and offers advanced features for those who want to dive deeper into the functionality of their site.

From Brightvessel’s personal experience, our sites sped up by 50% while using this application.

Plugin Recommendation #4 – Form System

Gravity Forms Banner

Gravity Forms

No matter what site you have, It is always important to collect information about your customer’s experience. Through forms, you can add to your email subscriber list, receive user feedback, and allow your customers to contact you.

Custom building your forms require an excessive amount of work. To personalize the way to receive desired information from your customers, you need to do a lot of coding to deal with the functionality and style of the form. However, if you were to use a prebuilt form, you are limiting the personalization factor. By limiting the amount of work and enabling complete customization, Gravity forms allow you to create structures at ease for desired feedback.

Plugin Recommendation #5 – Plugin Families Vs. Many Single Plugins

So not every plugin developer does coding in the same way. Finding plugin families is a great way to ensure compatibility and make things much easier when updating. We are recommending a few Plugin suites which can enhance your website in many different ways.

Here are a few example plugin families we like to use:

YITH Banner


YITH is a Woocommerce suite that not only adds a lot of enhancements and features to a Woocommerce store. It also has a monthly subscription, which allows you to use their entire family of plugins making it very cost useful as an example, when your site is utilizing any booking, subscription, auctions, upselling, and couponing. They also have a few Themes, which are also included in the subscription, making a well-rounded suite of plugins.



WPMUDEV is a WordPress plugin that has been around since 2004, making it one of the oldest WordPress plugins and communities. This suite of plugins has everything. Image optimization, caching, forms, pop-ups, security, SEO, and more. They also have a monthly subscription to be able to access their entire plugin library. Their live support is what makes them stand-out and their large community of users.

Monster Insights Banner

3. Monster Insights

Hands down MonsterInsights is the best reporting plugin that integrates into Google Analytics and Google Search Console. You can track your website stats along with Woocommerce sales on your site. There is additional tracking for users, forms, Google Adsense, events, and EU Compliance.

5. SearchWP

Out of the box, search in WordPress needs a bit of work. It is a very straightforward search for a blog, and they have not done much with it over the years to satisfy the needs of Woocommerce, custom fields, shortcode output, taxonomy terms, and PDF & document content. SearchWP covers all those needed enhancements and has a suite of products you can choose from.

Wordpress Backup Process Banner

WordPress Backup Process

As we mentioned, our favorite tool is WPTimeCapsule.

Before we begin, the one crucial thing to remember is backing up the site. 

Rule #1 – NEVER click on the WordPress updates unless you and your a developer know how to get out of a debugging or file replace situation in which your site breaks, and you cannot apply a backup to fix.

Rule #2 – It is best to perform your WordPress updates in a staging area first before doing them live. This way, you’re not disrupting your live site, and you’re minimizing any impact that may have if you run into issues.

The dilemma: So, staging servers are generally not set up by a traditional host. Which if you’re on a WPengine hosting service, they do have a staging setup, but they force updates on their clients, and we feel this is not an excellent service or practice to impose, especially for enterprise sites. We love WPTime Capsule for this reason because it provides an additional offsite backup and staging area where we can work without disrupting the live site.

WordPress Backup: WPTimeCapsule allows you to quickly backup your WordPress website manually or on a schedule to on the server the site resides on or offsite to a Google Docs folder. We recommend doing both to secure your data.

See full install directions here: http://docs.wptimecapsule.com/article/19-installing-wptc-on-your-wordpress-site

WordPress Staging: You can spin up your staging area on the live site in the settings area for the plugin. It’s a one-click install and one-click deploy. Keep in mind when you create a staging area. You cannot work in the live area, as those changes will not carry over; instead, if you need to add pages or posts while you’re fixing some coding issues, add them to staging.

See full documentation: https://docs.wptimecapsule.com/article/23-add-new-site-using-existing-google-drive-token

Wordpress Speed Caching Recommendations

WordPress Speed and Caching Recommendations

Does the speed of your WordPress website matter?

Repeated research has shown that a faster site increases the conversion rate. The faster loading time you have, the better. Even a few milliseconds will increase the probability of your customer completing the desired task. Faster sites allow you to conquer your competition and keep your customers on your website.

Image Source: Rigor.com

What is WordPress site speed?

Site speed is how fast users can view the content of your site. Site speed reports provide you with your site’s performance. This data can later be used to make improvements on your website for increased speed.

Site speed reports provide you with two perspectives of site latency:

  • Loading times: The loading time is the amount of time it takes for your site’s page to load in the user’s browser. In the Page Timings report allows you to see the load times of your website on many different browsers and countries.
  • Speed of response to user interactions: These interactions can be as simple as clicking a button. In the User Timings report will state the response time to any interaction of the user.

Image Source: https://neilpatel.com/blog/loading-time/

WordPress Speed Statistics:

  • Mobify: Mobify research shows that for every 100-millisecond decrease in homepage load speed, customers see a 1.11% lift in session-based conversion.
  • Digital Commerce 360: Faster page loading contributed to a 12-13% increase in sales
  • Medium: Walmart saw a sharp decline in conversion rate as average site load tie increases 1 to 4 seconds3
  • Think With Google: On average, it takes 15.3 seconds to load a mobile landing page.
  • WebMasters: On mobile, 46% percent of people state that long loading times are their least favorite part of browsing.
  • Akamai: Research by Akamai has shown that a two-second delay in page load time is likely to increase the bounce rate by greater than 100%.
  • Dotcom-Monitor:40% of site visitors who encountered problems are likely to tell their peers. After 3 seconds of page load time, 75% of users will bounce.
  • Neil Patel: 79% of customers who have a bad experience on a site will never revisit that site. A bad experience can include the site’s load time.
  • Royal.Pingdom: Pages with a load time of 5 seconds have a bounce rate of 38% while pages with a 2 second load time have a 9% bounce rate.
  • The main problem that marketers face with loading time is that most of them can’t grasp the importance of improving page speed by a few milliseconds: it’s just not tangible enough.

WordPress Website Performance

The performance of your site primarily has to do with the amount of time it takes for your website to load once opened. You want your site to run as fast as possible. If your site takes a long time to load, customers will move forward on to your competitors. Below, you will find all the main contributing factors to the high-performance site.

Ways to improve performance:

  • Make sure your website has a good hosting server (Shared is never optimal).
  • Images need to be sized to fit and optimized. Make your site simple yet well designed and professional.
  • Reduce the number of plugins your website uses.
  • Use a Content Delivery Network. This gives a large number of users alternative server nodes that enable content to be downloaded simultaneously.
  • Minimize the amount of CSS coding that your site uses.
  • Use cache. This reduces the load on the servers that the site is hosted on. It also decreases the amount of time it takes for your users to download content.
  • Database optimization. Cleaning out all unnecessary data from your website

WordPress Caching Recommendation:

WP Rocket is our favorite Caching plugins. Caching is a significant factor in the speed of your website, which also contributes to your SEO and conversion rate.

To keep our sites at top performance, we use WP Rocket. WP Rocket combines all the procedures for WordPress performance optimization in a single plugin. Besides, the plugin is very user-friendly and offers advanced features for those who want to dive deeper into the functionality of their site.

From Brightvessel’s personal experience, our sites sped up by 50% while using this application.

A significant benefit of WPRocket is that the plugin will provide your site with catching as soon as the plugin is activated. WPRocket also allows advanced users to enable caching on their website exactly how they want it through settings.

WP Rocket appeals to many users by providing various options from beginner to complicated settings allowing them to start small and then go big. Their user-friendly dashboard helps simplify the processes and provides detailed information for each setting.

Quick Review:

For the best settings for WPRocket, click here: https://docs.wp-rocket.me/article/1291-find-the-best-settings-for-your-site

WordPress Database Optimization Recommendations

First, let’s start with why you should optimize your WordPress Database.

WordPress loves to accumulate a lot of useless data in post revisions, trash, transient options, spam comments, orphaned metadata, etc.

The data can increase over time increase space on the server for site files and even backup files.

You’re going to need to clean that mess up, which will significantly reduce your WordPress database size, which will increase the performance overall.

One easy to use the plugin is WP Optimize.

Here is a list of features:

  • Removal of post revisions:
  • Clear post-auto-drafts and empty posts trash
  • Spam comment removal and comment clean up:
  • Remove transient options:
  • Remove pingbacks and trackbacks:
  • Scheduled automatic clean up:

See more details here: https://wordpress.org/plugins/wp-optimize/

Wordpress Security Audits Monitoring

WordPress Security Audits and Monitoring

Many people think websites, in general, do not get attack much. This is very far from the truth. It does not matter if you have a small or large site. Attacks will happen and quite often.

IBM’s Charmain, Ginni Rometty, stated: “Cybercrime is the greatest threat to every company in the world.” 

Let’s break it down into some statistics on security to give an in-depth understanding of the growing issues in security.

  • Every 39 seconds, there is an attack on the web in which users with non-secure usernames and passwords are more vulnerable. (Source: Thycotic.com)
  • 73% of black hat hackers or stating traditional firewalls and antivirus software are becoming obsolete. (Source: Forbes)
  • 30,000 new websites are hacked every day. (Source: Forbes)
  • 300, 000 unique pieces of malware are created daily (Source: McAfee)
  • On average, 75 records are stolen every second. (Source: Breach Level Index)
  • The most vulnerable area of WordPress is the plugins with makeup 98% of the vulnerabilities. (Source: HighCharts.com)

The graph below demonstrates what parts of a WordPress site are the most vulnerable.

(Source: Wordfence)

A statistic from 2017 posted on the Threat Post indicates the most vulnerable WordPress Plugins which, as you can see, are just simple plugins that are downloaded millions of times and used by millions of sites.

(Source: ThreatPost)

Top 10 WordPress Security Audits You Should Perform on Your Site

  • You must always keep WordPress/Woocommerce Core, Theme, and all Plugins up to date.
  • Secure Your wp-config.php
  • Do not keep inactive plugins on the webserver.
  • Make sure your current host is running a security program like Imunify360.
  • Use the latest version of PHP of the server.
  • Use strong usernames and passwords. Never use the user “admin” as an example and try a password generator.
  • Limit the number of login attempts
  • Always update your passwords every 30 to 90 days and store in an app like PassCamp.
  • Use a proactive and preventive Security plugin like WebARX or MalCare.

The following items can be done with WebARX and MalCare. You can also click the links below to free plugins and instructions that can help.

Wordpress Maintenance Checklist Banner

WordPress Maintenance Checklist

In a WordPress Maintenance Checklist, you will find standard operating procedures from updating and maintaining websites. It is essential to know that every website is different, so when creating your SOP, make sure you develop guidelines specific to your website’s theme and plugins so you can ensure the correct information is followed.

  1. Prepare web and database backup on the website.
  2. Preform a compatibility check for WordPress core files, theme, and plugin files.
  3. Review each page of the site and check essential functions such as search and checkout process.
  4. Ensure there are no errors with tracking scripts. Ex: Facebook, Google Adwords, and Google Analytics.
  5. Check for broken links on the website.
  6. Make sure there are no 404 error pages and set up proper redirects if you do have them.
  7. Ensure the server has enough space and resources to grow.
  8. Check to ensure metadata is on all pages.
  9. Make sure Google Analytics is installed and working correctly.
  10. Ensure Google Search Console is set up, and your sitemap has been submitted.
  11. Ensure security audits have been performed.
  12. Make sure caching, lazy load, and minification for load time is active and configured.
  13. Review of desktop and mobile displays.
  14. Call Bright Vessel because they will handle all this WordPress maintenance and let you do you what you do best.
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply