Disclaimer: Any products/services mentioned or recommended below are suggestions based on our own experiences. We have no affiliation with any of the products or services mentioned and you should always thoroughly and independently research your options to decide what is best for you.
Welcome to the final piece of our 6-part series on how to optimise, protect, and maintain your cPanel hosting and WordPress website!
Check out the other parts of the series here:
– 5 Tips to Optimise your cPanel Hosting for WordPress
– 5 Tips to Protect your cPanel Hosting for WordPress
– 5 Tips to Maintain your cPanel Hosting for WordPress
– 5 Tips to Optimise your Wordpress Website
– 5 Tips to Protect your WordPress Website
– 5 Tips to Maintain your WordPress Website (you are here)
One of the most critical, yet highly neglected aspects of having a WordPress website is keeping it up to date. Keeping WordPress updated can be broken down into four parts: core updates, theme updates, plugin updates, and language updates.
As a website CMS (Content Management System), WordPress dominates the market and is currently being used by over 80% of all CMS websites. This makes it a big, fat, juicy target for hackers. If they do indeed find an exploit, they could potentially gain power over millions of sites. On the other side of the coin, however, WordPress’ staggering number of users means bugs are found, reported, and fixed quickly and thoroughly. The volume of users and developers of WordPress with safety and security in mind far outweigh those trying to exploit WordPress for their own dastardly deeds.
As the technology landscape is ever-changing and evolving, platforms like WordPress constantly need to keep growing too. This may come in the form of adding new features, making old features better, keeping up with the latest coding best practices, adding protection for the latest hacking techniques, and generally making things better.
With this constant evolution, the most important part is patching up any loopholes unintentionally created along the way. This is where you, or your web developer comes in.
Before we get to actually installing the updates, it feels pertinent to first mention that you should always have a way to undo the updates. Updates may not always work flawlessly, and may cause issues with other parts of your website. You may need to investigate or raise these issues with the relevant developers prior to attempting to install the update again.
We would recommend ensuring you have a backup in place before ever running any updates. Better yet, creating a copy of your website and loading it into a staging environment where you can test updates before deploying them to your real website is an even better idea—but realistically not everyone has the time, knowledge or resources to find this practical.
While there is a small risk to consider every time you run an update, an outdated website left wide-open and vulnerable to all future exploits will very likely end up spectacularly worse off and hacked to smithereens. Moral of the story is—if you see a WordPress core, theme, plugin or language update available, make sure you have a backup and then install it as soon as possible.
You’ll find all of your available updates via the left-hand menu in your WordPress admin area (‘Dashboard > Updates’). Generally, this will be found at http://www.YOURWEBSITE.com.au/wp-admin (remember also to adjust the ‘.com.au’ as necessary to match what your domain is).
With all of that in mind, here is a breakdown of the four types of updates that need to be managed with a WordPress website; core, theme, plugin and language.
Core WordPress Updates
Core updates refers to updates to the very foundations of WordPress itself, before any extra themes or plugins even come into the picture. A quick browse of the WordPress profile on GitHub (where code developers work together on projects) shows that there are many new code modifications to WordPress core every single day by a variety of developers; all working together to make WordPress ever-better and more secure. After a while, the developers will bundle up all of these small improvements into one big update package, which will then be pushed out to become available for you to install via your WordPress dashboard.
Theme Updates
Every WordPress website has a theme. If WordPress’ core is the engine of a car, the theme is the glossy racing-stripe body work that goes on top. Theme updates don’t come from the same developers who provide the WordPress core updates (unless you happen to use one of WordPress’ own default themes) but rather get delivered by the developer you purchase your theme from. It’s guaranteed to be a smaller team of developers working on providing theme updates and as such, theme updates can be slightly less reliable or predictable, and not as thoroughly tested in all possible situations.
Therefore, after applying a theme update, you should always comb through your site very carefully and ensure everything still functions as you would normally expect it to.
Unless your theme developer specifically mentions otherwise, your theme updates will most likely appear in your WordPress dashboard whenever they become available—in the same spot you will find WordPress core, plugin and language updates.
Plugin Updates
Possibly the most volatile update type of them all, plugin updates have the power to wreak complete havoc upon your site—but, just as much (if not far more) havoc may be caused by ignoring plugin updates altogether. If WordPress’ core is the engine of a car and the theme is the glossy racing-stripe body work that goes on top, then plugins would be the GPS, stereo, bluetooth, cup holder, and fluffy dice hanging off the rear-view mirror.
Plugins are small packages that you can add on to your WordPress website to extend the features and functionality of what’s included in WordPress. It might be a plugin to add a contact form, or a plugin to run a daily security scan of your site, etc. Plugins vary widely in how well they are built, developed, and supported. They may range from being maintained by an entire team of 100+ developers, to just being one person’s weekend hobby project. As you never quite know for sure, it is definitely important to test the functionality provided by the plugin after running any updates—and also to ensure the rest of your site has not been adversely affected.
Plugin updates are available via your WordPress dashboard in the exact same area as your core, theme, and language updates.
Language Updates
The last and least significant update type is language updates. These are essentially when grammatical or language translation updates have been pushed to the language you are using on your WordPress website. These updates are minor and unlikely to cause issues, so usually pretty safe to run (but no matter what, you should always have backups in place, just in case).
Language updates are available via your WordPress dashboard in the exact same area as your core, theme and plugin updates.
Over time, your WordPress website’s database may accumulate data that is no longer needed or used, which causes clutter that will slowly degrade the performance of your database queries.
Think of it like spring cleaning your wardrobe, and donating anything you no longer wear to charity. It’s going to be a lot easier to find the things you’re actually looking for in a smaller, more organised wardrobe.
There are a whole host of plugins available that are able to tidy this up for you from time to time. WP-Optimize is an excellent and hugely popular option.
Like cleaning up your database in the step above, another little maintenance task to keep the cog-wheels running smoothly would be clearing your spam comments and post revisions from time to time. The build-up of either of these things can cause unnecessary strain on your WordPress website.
Spam comments are comments left by bots, or people trying to sell their own products or services by leaving very generic comments on your posts with links back to their own. WordPress will automatically flag most spam comments, so that they don’t appear on the front-end of your site. Thus, they simply sit there in the database taking up space.
As for post revisions, every time you edit a post or page, WordPress stores a copy of the previous version, creating a revision history in case you need to refer or revert back.
A popular plugin to manage post revisions would be Revision Control, as for Spam comments, you may want to give Spam Comments Cleaner a try (otherwise, you can always set yourself a reminder to manually delete all of your spam comments from time to time).
Broken links on your website can harm your search engine ranking over time and frustrate your users, so it’s best to ensure that all links on your pages take the visitor to the intended places. It can often be the case that you write a blog about something, and include a link to a page on another person’s website. After a while, that person may remove the page or take down their website. It would be very hard for you to track every link you’ve ever written, so having a plugin that does it for you can be a simple and effective way to manage this.
A great option is Broken Link Checker—which is completely free in the WordPress plugin repository.
Most websites have a contact form of some kind, or will need to send alerts to the administrator for certain things, like new comment alerts, customer order receipts or forgotten password reset emails. WordPress has several emails that it needs to send when triggered under certain circumstances.
Out of the box, WordPress uses something called the “PHP mail() Function“ to send email when it needs to, which is a script that sends mail directly and not via any particular authenticated email account. This is absolutely fine, but unlike when you send an email at your computer, emails sent via the PHP mail function aren’t stored or recorded in a sent email folder, so you can’t check what has been sent, nor when, or to whom.
One major reason why you would want to check what is sending from your website is to be able to rescue the data in the event that your contact form stops working properly.
For example, if your contact form settings are not configured correctly, there’s a chance it may still appear to be working at a surface level. But you will sooner or later find you are not receiving any of the forms your potential customers have been filling in. If you at least have a log of the emails sent, you can retrieve any that your website tried to send to you from people filling out your contact form. If you don’t have any sort of logging in place, these emails (and customers) are lost forever.
An easy solution is to install a plugin that will log the details of any emails sent from WordPress via the default PHP mailer function. You will then be able to access a log of sent emails via the WordPress dashboard.
A very simple, yet effective plugin for the job is called Email Log. There are several other free options in the WordPress repository, but we found this plugin to be quick and easy with no set-up required—just install and go, and it handles the job with no fuss.
Check out the other parts of the series here:
– 5 Tips to Optimise your cPanel Hosting for WordPress
– 5 Tips to Protect your cPanel Hosting for WordPress
– 5 Tips to Maintain your cPanel Hosting for WordPress
– 5 Tips to Optimise your Wordpress Website
– 5 Tips to Protect your WordPress Website
– 5 Tips to Maintain your WordPress Website (you are here)
Feature Image Illustration designed by Freepik
Tip Image Illustrations designed by Piktochart