Why Your WordPress Website Needs Regular Updates, Backups, and Monitoring

You might be wondering why a website would need any kind of maintenance. Shouldn’t it just keep working after it is launched?

Well, WordPress is complex software that enables easy content editing of your site and has an unmatched ecosystem of plugins to add almost any kind of functionality you would want!

But with these benefits comes the need for maintenance, just like your phone or computer’s operating system needs updates. Bugs and vulnerabilities are constantly being discovered over time and require patching in an environment where your website is under constant attack from external bots (I can show you server logs to prove it).

Furthermore, your web hosting company’s server infrastructure may change over time, breaking your site if you don’t keep up with the updates.

Why WordPress Sites Should be Updated

So, here are the reasons why any WordPress site’s core, plugins, and theme (as well as the server’s PHP software) should be kept updated:

1. To patch security holes

Left untouched, it’s pretty much only a matter of time before a WordPress website gets hacked, resulting in the site being infected with malware that might redirect users to shady online stores or worse, porn sites. Keeping your site’s software up-to-date is the number one defense against getting hacked!

2. To keep your site functioning

Sometimes, a client asks me to revive a site that hasn’t been touched in years. If it hasn’t been hacked, then often it’s functionally broken because some parts might have been auto-updated while others have not, leading to code incompatibilities. The solution is to update all parts of the site to the latest versions.

3. To get the latest features

A final “bonus” of keeping your site software updated is getting the latest features! These features may not be critical to your site, but sometimes they are really useful.

For example, each new version of PHP has been a little bit faster than the previous version, leading to faster site load times.

Why Backups are Needed

You will find that any experienced web developer is paranoid about backups. I personally recommend three sets of backups, each stored in different locations and taken at different times. Here are some of the reasons why you might need to restore your site from a backup:

1. To restore after a hack

If your site was compromised and perhaps defaced by malware, sometimes the best solution is to completely wipe it and restore from a backup taken before the site was hacked.

2. To recover from a mistake or a malicious employee

You or one of your employees might have made an irreversible boo-boo on the site, such as completely deleting a critical page. Or you may have a previous employee who still has access to your site intentionally mess with it. Luckily, I’ve never seen the latter happen to my clients, but it is possible if you don’t remove an employee’s access to your website when they leave your company or organization.

3. To move your site after getting locked out

I’ve seen it happen where for one reason or another, a client gets locked out of their website and hosting account, sometimes due to a dispute over the site ownership. If they’re absolutely unable to gain access, the only way to recover is to take the most recent backup, restore it on a new host, and point the domain to that host.

4. To recover from a bad update

This used to happen a lot more often, but sometimes a bad update can break a website in a bad way, making it necessary to revert to a backup. That’s why I always take a backup immediately before doing updates.

5. To recover from a disaster at your hosting company

This is rare but not unheard of. A while ago, a web hosting company’s server building burned to the ground, resulting in the loss of all sites hosted by that company! Even though we say the sites are in the “cloud”, they’re actually still here on Earth and subject to acts of God such as fire, earthquakes, flood, war, etc.!

6. To reference older content

Sometimes a client will want to access some content that only existed on an older version of their website. When that happens, I can restore an old backup somewhere and get them the content they want.

Why Site Monitoring is Needed

How often do you visit your own website? 24/7 site monitoring is needed to instantly inform you if your site goes down for any of the reasons previously mentioned. Without monitoring alerts, you might go hours or even days without realizing your website is down!

In addition to the problems mentioned above, here are some things that can cause your site to go down or lose functionality spontaneously:

1. Hosting problems

For a properly maintained site, the number one reason it might still go down is a problem at the web hosting company. Now, sometimes a short five-minute period of downtime is normal; that’s just the host rebooting the server to do an upgrade or something. No biggie.

But, if the downtime lasts longer, there could be a hosting problem that requires getting on chat with them to fix. This is common with some hosts but very rare with Siteground hosting, which is why I recommend them to my clients.

2. Domain problems

Another common problem I see my clients have is domain name issues. Most often, the problem is that their credit card expired at their domain host, so the host took down the DNS records for their domain, resulting in the site going down (not to mention email too).

GoDaddy has a documented problem that happened to one of my clients, where they spontaneously wiped the DNS records of a domain just because another service wasn’t renewed. Pretty crazy! See my recommended domain name hosts who don’t have this problem!

3. SSL renewal problems

Websites need to have an “SSL certificate” or else it will get flagged as risky by most modern browsers. This certificate needs to be renewed on a periodic basis. Your web host usually handles this but sometimes things go awry. When that happens, visitors to your site will be faced with an error message saying something like “This site is unsafe. Are you sure you want to proceed?”, which is pretty disastrous for you if your site is important.

That’s why it’s critical to have 24/7 monitoring to detect SSL errors on your site.

4. DDoS attack

Having your website come under attack is way more common than you might think, especially for religious or political organizations, or any organization that is controversial in some way. A Distributed Denial of Service (“DDoS”) attack is when your site is bombarded with so many page requests that your server can’t keep up, resulting in your site not loading or being extremely slow for your legitimate users.

Once detected, there are steps that can be taken to mitigate the attack.

5. Transactional email failures

A really deadly problem that happens with websites is when transactional email from the site fails. Unless you set up monitoring, there’s no indication of a problem other than you stop getting contact form submissions. You may not notice for days, weeks, or even months!

That’s why I set up Slack notifications that tell me when any outgoing email from a site fails.

Additional testing

In addition to monitoring for these time-sensitive problems, you should also periodically check your site for SEO problems (no longer showing up in Google search) and accessibility problems.

Conclusion

I hope this article has helped you become aware of the problems that your website might be facing at this very moment, and why updates, backups, and monitoring are important for any website that is mission-critical.

Are you interested in my site maintenance services (care plans)? If so, please contact me!

Please leave any comments or questions below! – Brian