If you have a WordPress website, whoever is managing it should be actively taking care of the following things:
1. HIGH QUALITY WEB HOSTING – This means the website should be operating on a server which is fast and powerful enough for the website’s size and amount of traffic. Avoid hosting a WordPress on “shared” hosting, which is a cheaper form of hosting where different websites owned by totally separate people rent space on the same web server. This creates a security issue as another person’s failure to keep their site secure can negatively affect your own site.
2. WORDPRESS UPDATES – WordPress sites require regular maintenance which consists primarily of keeping the core WordPress software and any software plugins up to date with their latest version (similar to an iPhone needing to be updated to the latest iOS). Failing to update to the latest version leaves the site vulnerable to security and performance issues. Because WordPress sites combine a variety of software components created by different developers, software updates can sometimes cause issues with or crash the site entirely when one piece of software has an incompatibility with another. Keeping WordPress sites up-to-date is a specialized activity that includes its own standard operating procedure or corrective measures for when something goes wrong.
3. SITE BACKUPS – A WordPress site should have a history of backups on file to restore from if something goes wrong with the live site (such as a hack, a site crash, issues with the web host etc.). For reference, at WorldComm we usually back our sites up daily in two places and keep 30 days’ worth of backups on file. Having a site without keeping backups is very risky!
4. SECURITY MEASURES AND MONITORING – Since a website is open and accessible to anyone around the world with a computer and internet connection, it’s in a pretty vulnerable position. WordPress is especially vulnerable because any user with ‘administrator’ privileges has complete control over the site. There are extra layers of security that should be put in place on a WordPress site therefore such as two-factor authentication for any ‘administrator’ users, a firewall and automated measures that detect and block harmful activity. None of these are included with WordPress and need to be added on top of it.
5. TRANSACTIONAL EMAIL DELIVERY – A WordPress site needs to be able to send out various types of emails, such as when a user needs to reset their password. These are called “transactional emails”. A site needs to have this system properly configured with whatever provider will be sending out these emails (as it does not necessarily work right out of the box). If this is set up incorrectly, emails may fail to arrive, go straight to spam or not get sent out at all.
There are quite a few other actions that go into properly managing a WordPress site, but the above is a basic list of the most vital items that should be actively maintained on your sites.