Three Steps to Keep the Cobwebs Out of WordPress

A lot of our web design clients ask about ongoing WordPress maintenance in the proposal stage of our project.  They’ve heard WordPress is easy to use and they want to make sure it will be just as easy to maintain.  They also what to make sure their website will be safe, secure, and free of malware or hacking attacks.

I’m very open with people in these discussions.  And I can be, because I’ve personally had few issues with WordPress maintenance and security.  In the years I’ve worked with WordPress, I’ve only had two clients encounter malware and both were due to poorly maintained plugins and had nothing to do with the WordPress core.  The general rule is if you keep your WordPress website updated and optimized, there should be no problems.  Leave cobwebs lurking about and there absolutely will be problems.

For the average website, WordPress is easy to maintain.  It really boils down to updating the WordPress core and plugins when needed, optimizing your database on a regular basis, and monitoring spam.  None of this takes a lot of technical know how or time.  It just takes spring cleaning a few times a year.

#1 – Upgrade the WordPress Core and Plugins

Many of my clients ask me to sign a non-disclosure agreement prior to beginning our website design project because they are concerned about protecting their informational assets. Many times it is these same people who fail to upgrade their own websites once launched. The irony of this is funnier than people realize and I make sure I express the humor to the clients themselves.  It’s kind of like the doctor who doesn’t seek treatment for his own ailments. They are concerned about the security of their business direction and target market, yet not worried about the security of their website.

Older versions of WordPress are simply dated software packages. The outdated code opens website owners up to vulnerabilities that allow those nasty hackers to quietly insert malicious files (aka malware) into an unsuspecting website.  With over 47 million installations of WordPress worldwide, this is a problem.  So much so that in June of 2011, Google starting warning website owners that their WordPress installation are outdated and that an upgraded is needed.  Why should Google care?  Google wants to deliver high quality websites in its search results, not websites hijacked by some hacker living in his mom’s basement. Malware and hacked websites degrade the user experience and this goes against everything Google and Bing protect.

Upgrading WordPress and the associated plugins is simply not that hard. Website owners just need to do it.  And if they don’t want to do it or are afraid to do it, they need to hire a professional to do it for them.

WordPress Upgrades for the Beginner 

Upgrading WordPress is as simple as backing up your data, upgrading the software, and testing your website or blog.  When we do this for clients, we estimate an hour worth of work.  Depending on the size of the website and the availability of back up files, this could take ten minutes or two hours.

Your WordPress website or blog consists of the following:

• MySql Database
• The WordPress Core
• Your WordPress Theme (or theme framework and child theme)
• WordPress Plugins
• Images
• Additional Files (PDFs)

One of the most important things you can do before beginning any upgrade is to backup the website. This backup should include both files (theme, images, etc.) and your MySQL database.  Even though lots of hosting companies offer free backups, we still recommend saving a backup to your local hard drive or a third party backup service like Dropbox or BackupBuddy.

WordPress is run on a MySQL database. This is what holds all of your posts, pages, links, menu structure, and settings. Backing up this database is the first step in the upgrade process.  I like WP-DBManager, which is a WordPress plugin.  It allows me to create database backups directly from my WordPress admin panel and I can skip the whole phpMyAdmin or cPanel experience. I leave that to my coders.

Once you have that done, you can download a copy of the website files to your hard drive.  I typically do this via Filezilla, which is a robust and free FTP software package for Mac and Windows.

Now that you’ve backed up everything, you can start the upgrade process.  I recommend using the upgrade process available via WordPress’ admin panel.  It is just one click and super easy.  On really out dated WordPress sites this may not work, so you might have to refer to your hosting provider’s upgrade process.  Either way, the novice can quickly do this with ease.  Just remember to watch the upgrade occur so you can read any notices that pop up.  Once WordPress finishes the upgrade (it will take all of a minute), you just need to poke around the admin panel and live website to make sure everything is working properly.  And it should.  I’ve never had an issue with upgrades to the WordPress core.

Finally we move onto upgrading plugins. I recommend upgrading one plugin at a time.  Before upgrading I like to read about the plugin’s new version to see what has changed and so I know what might break.  The vast majority of the time, nothing breaks.  But when it does, it is nice to have a heads up on what is about to happen.  After you upgrade one plugin, test the functionality.  If all is well, continue on and upgrade one plugin at a time.  Notice I’m saying this twice? It is because it is important.  I never recommend the mass upgrade, because it will be difficult to troubleshoot should things occur.

The worst thing you can do is not test your website after upgrading.  When I first launched the firm I had a client hit update all, go to bed, and never check anything.  And by the way, he never backed up anything either.  He had plugin conflicts and broken functionality, but wasn’t sure why or how because he did everything in mass.  He ended up going back to his host to restore the website and then followed the process correctly. Guess what? This time around he could see what went wrong and quickly fix it. Don’t be that guy!

#2 – Optimize the MySQL Database Optimization

If you run a high traffic or large WordPress installation, you’ll want to optimize WordPress and your server to run as efficiently as possible. Scratch that.  That is what others say.  I say every WordPress website or blog should have the MySQL database optimized often.

WordPress is powered by PHP which depends on the MySQL database.  When your WordPress site is visited, the web server will query the database to retrieve information. This is a typical operation for most dynamic websites. Over time, the time required for querying the database will increase and slow down the process on the front end for visitors and the backend for administrators. Whie this is one of the most frustrating experiences possible, all of this is due to overhead in the database, which is easy to correct. Overhead is caused by many inserts, updates and deletions.  When this occurs, you need to optimize the database via phpMyAdmin or by using WordPress Plugin.

Did I scare you with the phpMyAdmin statement? Yep it scares me too.  That is why I use a plugin called WP-DBManager. I set it to automatically optimize the database every day and repair it once a week.  It is a must have plugin in my mind, as it keeps WordPress performance at optimal levels.

#3 – Moderate Comments and Block Spam

When I talk about spam, I refer to those pesky and irrelevant comments left on blog posts. Designed to increase inbound links and alter Google’s search results, spam commenting is a favorite task of black hat SEO consultants and website owners. While spam can be annoying, it is completely controllable and it can be almost irrelevant to website owners.  It’s really all about the set up options and spam protection.

But why does it matter?  Some of my clients have asked why should they care if their blog or website includes spam comments. It matters because it degrades the user experience, it makes your website look unprofessional and unloved.  And more importantly, it will negatively affect you with the search engines and how they rank your content.  Google and Bing want to present high quality websites and blogs in search results.  High quality means the content is not overshadowed by spam comments.

Virtually every time I train a new design client on WordPress, they tell me to just remove the option to comment.  That is their spam defense.  I do my best to counsel them and remind them that blogs are conversational and conversational means you need to allow comments.  Allow comments, but moderate them.  I also encourage them to install spam protection via a plugin.  There are a ton of options available and popular plugins include Akismet, Spam Free, JSSpamBlock, etc. In three years our website has blocked 128,000+ spam comments. The good news is I don’t have to worry about any of it.  My spam blocker does it all for me.  And in that time frame, I’ve only had about five real comments mismarked as spam.

How Many Cobwebs are in Your Website?

As I go to post this article, I’m reminded WordPress just came out with another update in the last few weeks.  This means I, myself, have some cobwebs.  Thanks to BackupBuddy I could quickly create a back up of my website and then update the WordPress core, Genesis core, and a number of plugins. Easy peasy and well worth the effort to protect my website and my online identity.