If you’re managing your WordPress website, here’s our best practices for success.
Earlier this year, the fantastic resource WPMU published “Best Practices for Managing Your WordPress Website: The Ultimate Guide“. It’s one of the best and most comprehensive articles we’ve seen on keeping your WordPress website up-to-date, relevant, and secure. Here are the highlights, but keep the link around for more comprehensive information whenever you need it.
Managing Your WordPress Website
Your Site Content
Updating content is easy with WordPress. But there are a few things you need to do to make it work for you:
- Publish regularly: It’s easy to lose enthusiasm as time goes on. But if you want people and search engines to keep visiting your site, you need to keep your content fresh and current. Having a blog is the best way to do this, and it’s a feature that’s already built-in if you want to enable it on your current WordPress site.
- Sharing content: Subscriptions, RSS feeds, and social media sharing plugins are all great ways to push your content out so that people know about it.
- Managing subscribers and comments: Opening your blog up to subscriptions and comments can be a great way to engage your website users in conversation. You’ll also want to be sure that you configure your site so that you can approve comments before they’re published, and that you take measures to control spam.
Your Site’s Code
Nobody will see it, but your website’s code determines how your site looks and functions. Make sure your code is up-to-date and free of spammy links, security risks, and conflicts by updating your WordPress core, plugins, and theme frameworks regularly. Nearly every WordPress hack is a result of outdated software or sloppy logins (easy-to-guess usernames and passwords). Keeping your code updated will let you easily apply new security patches and optimizations so that your site is safe and speedy.

Managing Your WordPress Website’s Performance
A slow site will drive users away. A high performing site will generate significant traffic and attract more visitors over time.
- Take measures to decrease your site’s bounce rate.
- Know what your objectives are. Make sure that your site is primarily focused on those rather than gumming it up with functions and features that don’t serve them.
- Use Google Analytics to see how people are actually using your site. Use the results to adjust your site architecture and eliminate pages that nobody cares about.
- Optimize your site for all the platforms your visitors use, including mobile devices.
- Use WordPress-specific tools to help with Search Engine Optimization (SEO). But focus equally on Conversion Rate Optimization (CRO—making it easy for site users to do what you want them to).
- Focus less on cross-platform optimization (the most recent versions of major browsers have taken care of this already…and if your users are on old versions they should be encourage to update if for no other reason than to keep their local computers virus-free).
- Focus more on cross-platform optimization (responsive design, larger buttons and typography, more white space, optimized images).
Keeping Your Site Backed Up
Things go wrong, even with the best of sites and servers. Daily backups that are easy-to-make and easy-to restore are vital to helping you sleep at night. Use plugins for backups if you’d like, but know that they can be tricky to configure and require extra space on your server. So make sure your host provides daily backups as part of their regular service (our partner, SiteGround, is great at this), and know how to restore them if you need to. If you want to be doubly sure, secure a third-party support and WordPress maintenance plan to make and keep redundant backups over time and help with restoration.
Enhancing Site Security
Even if you keep WordPress and your themes and plugins up to date, your site may not necessarily be as secure as it could be. When managing your WordPress website, additional steps can make your site even more secure against hackers and spammers:
- Secure site management and administration: official WordPress updates; known-safe plugin use and updates; SFTP instead of FTP; strong usernames and passwords
- Configuring your WordPress installation for added security: adding security keys to the wp-config file; using SSL if your site runs e-commerce
- Locking down part of your installation: password-protecting the wp-admin directory; disallowing file editing via the dashboard;
- Security by obscurity: using WP-hiding techniques via plugins or by changing the $table_prefix from “wp_” in your wp-config file.
- Monitoring your site for attacks: use a service like SiteGround’s Hack Alert Monitoring or Sucuri.net (included in oursupport plans) so you can be alerted to possible attacks and take steps to recover from them instantly if they happen
Take the extra time when setting up your site (or when working with a developer) to make sure it’s configured properly. Then set aside time on an at-least-monthly basis to make sure that other maintenance tasks are taken care of.
No Time for Managing your WordPress Website?
If you don’t feel like doing this yourself, AndiSites offers a WordPress maintenance package to take care of it for you.
Questions? Get in touch–we love to help! You might also like to read our blog post Top Five Crucial Steps for WordPress Maintenance