How to Do an Annual WordPress Security Review (2024)

Whether you run a personal blog or a business website, you can’t afford to ignore your website health. The start of the year is a perfect time to review your website security with this handy checklist.

Updated for 2024

January is a time to make new goals and set milestones for the upcoming months. This year, I’m focusing on self-care and health — including the health of my websites.

WordPress websites require ongoing maintenance and updates. Leaving your site unprotected puts you at risk and is a major security vulnerability for your audience.

I recommend that all WordPress website owners (including you!) review their website health at the beginning of the year.

Whether you run a personal blog or a business site, you can’t afford to ignore your website — after all, it’s an extension of your business.

In fact, your website may be the first place a potential customer or client interacts with your business. Trust me, it’s worth spending 20 minutes now to be sure your WordPress site is in tip-top shape.

Now is a perfect time to review your WordPress site with five steps to enhance your website security for the new year.

And if you’re crunched on time? Check out the Studio Anansi WordPress Care Plans. We’ll take care of your site so you can focus on what you truly love in your business.

1. Update WordPress and Plugins

You are probably already aware of how important it is to keep your WordPress core files and plugins up-to-date.

Outdated plugins on your site can be serious security issues, and all plugins and files should be updated as soon as possible.

| studio anansi

To automatically update this plugin, click the “update now” link.

It’s important to know that updating WordPress files and plugins can affect site functionality.

I always recommend updating in a staging environment if possible, especially if it’s been awhile (more than a month) since your last updates.

If you don’t have access to a staging site, update each element individually and test the site visually between updates.

Want help updating your plugins and themes? Check out our WordPress Care Plans for monthly support or book a 1:1 session for us to handle the updates ourselves.

When you’re done updating your site, your WordPress install will tell you that you have the latest version installed.

| studio anansi

You want to see this “You have the latest version of WordPress” notification to confirm that your website is up-to-date.

2. Audit Users

Keeping unnecessary users on your website is another huge security risk. I frequently work on websites with working user logins from months or even years ago — and these users can still log in to your site!

If somebody should no longer have access to your site, make sure their WordPress user is deleted from your website.

At least once per year, review your user accounts. If a user isn’t necessary (for example, an ex-employee who has now left the company), remove them.

You may choose to keep users who are no longer part of your website. For example, guest bloggers who no longer post on your site, but their user identity is important for archival records. In cases such as that, be sure to downgrade their user status to the lowest possible user role, such as “subscriber.”

3. Review Backups

WordPress backups are incredibly important. In fact, I tell clients that backups are the highest priority investment you can make in your WordPress website.

There are many reasons to backup your WordPress website:

  • A new plugin or theme update may “break” your site
  • A malicious attack may corrupt files
  • Your web host may suffer a server problem and lose data.

If your content is lost or corrupted, a backup is the single best way to quickly restore your site to normal functionality. Many web owners overlook backups until something goes wrong.

Make sure your website is backed up on a regular basis. I suggest backing up your site weekly, if not daily!

Read more: The Essential Guide to WordPress Backups

Also confirm that backup files are stored in a secure location, not just to your website hosting. I suggest cloud storage such as Google Drive, Dropbox, or Amazon.

4. Remove Unnecessary Themes and Plugins

Do you have deactivated WordPress themes and plugins on your site? If so, it’s time to remove them.

Deactivated themes and plugins can still be backdoor security risks. Rather than leaving deactivated themes or plugins on your site, it’s better to delete them whenever possible.

| studio anansi

A double whammy — this plugin is both outdated and deactivated. There’s no need to keep it hanging around as a potential security threat.

If you’re using a child theme (and you better be using a child theme!) make sure you do NOT delete the parent theme of that child theme.

| studio anansi

This site has three themes: Avada, Avada Child (the active theme) and the default WordPress Twenty Twenty theme. Because it uses the Avada Child theme, only that theme and the Avada Parent theme are necessary. Twenty Twenty can be deleted.

5. Test Contact Form

This last suggestion is an often-overlooked element of website health — testing any existing forms.

Yes, your website should include a contact form.

Powerful website design means making your website easy for your customers to find answers — or get in touch with you if they still have questions.

One of the most user-friendly website features is a contact page and simple contact form. However, software or hosting updates have been known to affect contact forms.

Don’t miss out on months of contact just because you didn’t check whether your form was working.

Instead, be sure to send a test message to ensure that everything is working as expected.

Final Thoughts

Reviewing your WordPress website health is crucial to protecting your investment, data, and audience. At least once per year, be sure to….

  1. Update WordPress and Plugins
  2. Audit Users
  3. Review Backups
  4. Remove Unnecessary Themes and Plugins
  5. Test Contact Form

Want someone else to handle your site maintenance? Let us keep your website secure and up-to-date with specialized WordPress Care Plans. Includes daily backups, uptime website monitoring, plugin and core file updates, and spam comment review. Inquire now.


Services & Pricing Guide

Download the guide now.

Join Us

Systems strategy & web tips straight to your inbox.