Entropy: The doctrine that says disorder and degeneration is inevitable.

Like a brave man’s efforts to keep a dorm room habitable as it gets steadily filthier by the hour, websites need consistent maintenance and upkeep to stay in top functioning form. WordPress websites, while extremely user-friendly, are no different. You need to make an effort.

In this post, we’ll walk you through a series of steps you need to carry out methodically to maintain your own WordPress website.

Alright. Create a complete backup of your website, turn on the “maintenance mode” switch, and let’s get to work.

1. Remove Debris

Yes, this is almost exactly like dusting your room.

Over time, your website can accumulate an alarming amount of spam, redundant post revisions, orphaned metadata, 404 ‘Not Found’, etc. They take up space on your server, bloat your querying times, and can affect your SEO ratings.

Removing all that crap is necessary before we progress further. This is to be done in 3 steps.

• Fixing 404 errors

Get the plugin: Broken Link Checker and run diagnostics on your website for dead URLs. You get option to fix, remove, or redirect them to somewhere else.

• Cleanup database

You’ll need WP-DBManager to repair and optimize your database. Once that’s done, backup your database (the plugin handles that too) and set a schedule consistent with the rest of your maintenance plan.

• Delete Spam

If you have comments disabled globally, you can forego this step.

The rest of you should recall that not all comment spam plugins (like Akismet or WP SpamShield Antispam) delete spam from your database; they just leave them there for you to deal with as you please.

You can delete the currently spammed comments from your database (where they are just sitting, hogging up space) by running this query through phpMyAdmin:

DELETE FROM wp_comments WHERE comment_approved = ‘spam’

2. Update

Hundreds of dedicated developers contribute to the core. They make it a point to fix errors, improve security, and just generally make the platform more awesome with every version that’s rolled out.

So you’re apprehensive about breaking something on your website if you ‘upgrade’ too hard. I assure you, it’s not that difficult.

Here’s how you upgrade your WordPress website properly:

Step 1. Core

Unless you have manually disabled the feature, WordPress (version 3.7 onwards) will automatically take care of minor security upgrades in the background.

For major upgrades, check out WordPress.org and download the latest available version.

Step 2. Theme

So your theme author released a new version of the theme.

You’ll need to make sure that all your appearance modifications (that were made over the theme) are saved in a child theme. Once that’s done, simply upgrade as your theme author tells you to.

Step 3. Plugins

This is pure grunt work. The tediousness is directly proportional to number of plugins in your WordPress install. So start by uninstalling those plugins and widgets you never use.

Also: Do NOT update all your plugins at once. In case there is a compatibility issue, this only makes it impossible to pinpoint the culprit. Go through them one-by-one.

If you’re really picky about automatic updates and where they should happen, learn How to Manage WordPress Auto Updates. Fair warning: there’s code tinkering and wp-config.php involved.

3. Security Beef-Up

After you’ve run through the usual gamut of security scans via a trusted security plugin (like Sucuri or WordFence) and removed all traces of any malicious activity and blocked the IP address of its origin: you can fiddle with the wp-config.php, functions.php, .htaccess, and phpMyAdmin to harden WordPress security and try out new tricks you learned from around the web.

Keep in mind that no website is completely secure. You can only make the attacker’s job more difficult, but generally speaking, that’s more than enough.

4. Re-test

It’s about reassuring yourself that the maintenance was successful.

Once you have successfully completed everything else, test your website for performance again on Google’s PageSpeed Insights or Pingdom. Also check your W3C Validation to make sure your newly cleaned up website isn’t hiding any errors.

And once that’s done…

5. Backup

Create a new backup.

You already have a backup of the database from WP-DBManager. This time, you are backing up the rest of your website.

Again, I’ll stress: Use only trusted plugins or backup services for your website. VaultPress and UpdraftPlus are great. Backup Buddy from iThemes is amazing. All of them work the same way, but it’s the added features (like Easy Restore or Cloud storage) that sets these plugins on a higher level.

Endnote

That’s it. Your site is spruced up and ready to roll back to the visitors. You don’t have to be a WordPress web development expert to maintain your own website.

Keep in mind that if you have a Managed hosting plan, they’ll take care of everything on this list for you. For the rest of us who can take matters into our own hands, this is the ultimate checklist.

Good luck.