This guide is your non-techy speak “how to” for looking after your WordPress website. I want to help you understand how to maintain your website so it keeps performing for you, without the tech headache.

There’s a lot of information contained in this post, so in short here’s what we will look at:


WordPress Basics


  • What is WordPress?
  • What does the backend look like?
  • Understanding Plugins and Themes

Then we’ll take a look at the top tasks we recommend you perform to keep your website in tip top shape:


General WordPress Website Maintenance


  • How to keep your website secure
  • How to connect backups
  • Security plugins
  • How to update your plugins and themes

WordPress Basics


If you’re not sure what WordPress actually is, don’t worry, I’ll explain. WordPress is called a CMS, which stands for Content Management System, but it simply means a way you can access and edit your website easily, without understanding code.

WordPress uses themes to control the layout and styling, and plugins to control the functionality (in very simple terms at least!).

This quick video explains what WordPress is and what themes and plugins are.


Hopefully that makes the basics of WordPress a little clearer for you. If you’re also unsure about plugins, be sure to check out my post all about them.

For more info on the backend of WordPress (or rather, how it looks once you log in as an admin to the website), check out this quick video:


WordPress Website Maintenance


The first thing to understand about your website is it shouldn’t be considered ‘finished’ and left to its own devices. You wouldn’t rent a physical storefront and leave the door unlocked, or stop dusting the cash register, would you? New WordPress versions are released, plugins and themes update, your webhost might even change something on their end. Software is constantly changing and for your site to remain secure, you must carry out regular maintenance.

Why do we need to worry about this? For a few reasons – one being if you don’t look after your site, certain functions might stop working which could result in lost business. But the second most important reason is that if your site isn’t up to date, you could leave it open to hackers.

Really can my website be hacked? Absolutely!

There are advanced measures you can take to increase your security, but the most common way hackers can gain access to your website is through outdated plugins and themes. They can open your site to vulnerabilities, which hackers can exploit to gain access. Not what you want.


How do I make sure my website is secure?


By following these very simple, basic best practices:

1. Backups: have automated backups running on your site, stored in a remote location (such as Dropbox – somewhere in the “cloud”, not on a hard drive sitting in your office). Don’t rely on your website hosts backups, PLEASE ensure you have your own solution. Check this periodically to make sure they’re still running, better yet – test they can be restored.

To read more about backups and why you need them, plus how to set them up (video included), please read my post about why you need backups for your WordPress website.


2. Login Security: keep your passwords safe and strong. Never use “admin” as a username. If someone requires access to your site, be sure to only provide the level necessary (and delete their log on afterwards if. Protect your admin level log ons!


3. Plugins and Themes: don’t install plugins that have low downloads and/or reviews or haven’t been updated for some time. This is a red flag and could cause issues later. Don’t go “plugin crazy” and install a million plugins on your site. Technically it isn’t the number you have, but what they do that matters….so always consider whether a new plugin is necessary. Most importantly, always keep your plugins and themes up to date (which I’ll explain below).

4. Additional Security measures: use a security plugin or security service so you can carry out scans for malware and malicious activity. Having something like this set up allows you to rest easy that your site is being monitored for security issues.


Here’s my tips for the best security plugins to use: 

The two plugins I recommend are Wordfence and Sucuri. Both have free and paid versions, however the free version should give you more than enough features. If I had to choose a favourite, it would be Sucuri (prior to this it was Wordfence for sure!).


How to update your plugins and themes


It’s easy to say keep everything up to date, but how do you do that? Here’s a basic process for you to follow to carry out updates with low risk of breaking something! Follow this process weekly or fortnightly to maintain your website security:


1. Check you have a recent back up on hand (just in case) and make sure you know how to restore it

2. If you haven’t visited your site for a while, have a little look around to make sure your familiar with where everything is!

3. Update all your plugins

4. Update your themes (be careful to ensure you have a child theme, if there is any custom code on your site)

5. Update WordPress (if required)

6. Review your site to make sure everything still looks the same, check your contact forms still work and if you have a store, make sure that’s still functioning. Then you can be on your way!


There are of course additional measures you can take to ensure the functionality and security of your website, such as choosing a reputable website host (cheap is not always best!). But if you can follow the best practices above, you are reducing the risks of something happening to your website and ensuring if it does, you have the means to fix it.


I hope this guide makes you feel more confident maintaining your WordPress website!