Updated for 2025
January is a time to make new goals and set milestones for the upcoming months. This year, I’m focusing on self-care and health — including the health of my websites.
WordPress websites require ongoing maintenance and updates. Leaving your site unprotected puts you at risk and is a major security vulnerability for your audience.
I recommend that all WordPress website owners (including you!) review their website health at the beginning of the year.
Whether you run a personal blog or a business site, you can’t afford to ignore your website — after all, it’s an extension of your business.
In fact, your website may be the first place a potential customer or client interacts with your business. Trust me, it’s worth spending 20 minutes now to be sure your WordPress site is in tip-top shape.
Now is a perfect time to review your WordPress site with five steps to enhance your website security for the new year.
And if you’re crunched on time? Check out the Studio Anansi WordPress Care Plans. We’ll take care of your site so you can focus on what you truly love in your business.
1. Update WordPress and Plugins
You are probably already aware of how important it is to keep your WordPress core files and plugins up-to-date.
Outdated plugins on your site can be serious security issues, and all plugins and files should be updated as soon as possible.
It’s important to know that updating WordPress files and plugins can affect site functionality.
I always recommend updating in a staging environment if possible, especially if it’s been awhile (more than a month) since your last updates.
If you don’t have access to a staging site, update each element individually and test the site visually between updates.
Want help updating your plugins and themes? Check out our WordPress Care Plans for monthly support or book a 1:1 session for us to handle the updates ourselves.
When you’re done updating your site, your WordPress install will tell you that you have the latest version installed.
2. Audit Users
Keeping unnecessary users on your website is another huge security risk. I frequently work on websites with working user logins from months or even years ago — and these users can still log in to your site!
If somebody should no longer have access to your site, make sure their WordPress user is deleted from your website.
At least once per year, review your user accounts. If a user isn’t necessary (for example, an ex-employee who has now left the company), remove them.
You may choose to keep users who are no longer part of your website. For example, guest bloggers who no longer post on your site, but their user identity is important for archival records. In cases such as that, be sure to downgrade their user status to the lowest possible user role, such as “subscriber.”
3. Review Backups
WordPress backups are incredibly important. In fact, I tell clients that backups are the highest priority investment you can make in your WordPress website.
There are many reasons to backup your WordPress website:
- A new plugin or theme update may “break” your site
- A malicious attack may corrupt files
- Your web host may suffer a server problem and lose data.
If your content is lost or corrupted, a backup is the single best way to quickly restore your site to normal functionality. Many web owners overlook backups until something goes wrong.
Make sure your website is backed up on a regular basis. I suggest backing up your site weekly, if not daily!
Read more: The Essential Guide to WordPress Backups
Also confirm that backup files are stored in a secure location, not just to your website hosting. I suggest cloud storage such as Google Drive, Dropbox, or Amazon.
4. Remove Unnecessary Themes and Plugins
Do you have deactivated WordPress themes and plugins on your site? If so, it’s time to remove them.
Deactivated themes and plugins can still be backdoor security risks. Rather than leaving deactivated themes or plugins on your site, it’s better to delete them whenever possible.
If you’re using a child theme (and you better be using a child theme!) make sure you do NOT delete the parent theme of that child theme.
5. Test Contact Form
This last suggestion is an often-overlooked element of website health — testing any existing forms.
Yes, your website should include a contact form.
Powerful website design means making your website easy for your customers to find answers — or get in touch with you if they still have questions.
One of the most user-friendly website features is a contact page and simple contact form. However, software or hosting updates have been known to affect contact forms.
Don’t miss out on months of contact just because you didn’t check whether your form was working.
Instead, be sure to send a test message to ensure that everything is working as expected.
Final Thoughts
Reviewing your WordPress website health is crucial to protecting your investment, data, and audience. At least once per year, be sure to….
- Update WordPress and Plugins
- Audit Users
- Review Backups
- Remove Unnecessary Themes and Plugins
- Test Contact Form
Want someone else to handle your site maintenance? Let us keep your website secure and up-to-date with specialized WordPress Care Plans. Includes daily backups, uptime website monitoring, plugin and core file updates, and spam comment review. Inquire now.
