How to maintain your WordPress website in 2022 (A guide for small business)

There’s a reason that WordPress powers over 40% of the Internet.
Actually, there are plenty:

  • It’s easy to set up, yet infinitely extensible.
  • It has a huge ecosystem of plugins and themes.
  • It’s free – you just need to pay for hosting.
  • It’s supported by almost every web developer – in your area and worldwide.
  • It can be integrated with just about every tool you use in your business.

WordPress is a fantastic platform, and it makes sense to use it if you are a small business.

However, even the nicest car requires regular servicing, right?
In the same vein, even the best WordPress website requires regular maintenance.

This guide is going to explain what areas of your WordPress site need maintenance, WHY they need maintenance – and the basic things you can do yourself to keep things running smoothly.


This is by far the most important tool in your WordPress maintenance arsenal.

If the proverbial s*** hits the fan , having a recent and functional backup of your WordPress files and database will save your bacon, every time. And trust me, no matter how hard you try to stop it – s*** will hit the fan sooner or later, so you best be prepared.

With a functional backup you can be back online in minutes without needing to figure out what went wrong in order to do so.
Then you can perform preventative work to ensure it doesn’t happen again – without the pressure of downtime in the middle of the day.

You should set up at least one periodic backup to an off-site location, and ideally have at least two in different locations for redundancy.
They should run at least weekly, preferably daily – or even more frequently depending on the nature of your site.

Your web host may support this (ask their support to help you set it up), or you can use a WordPress plugin such as UpdraftPlus or VaultPress.
My recommendation is do both.


Now that you have your backups ready to go if s*** hits the fan, it’s time to make sure you’re the first one to notice if it does.

The best way to do that is to use an automated tool to ping your website at a set interval and make sure the lights are still on.
This is called ‘uptime monitoring’ – it’s super easy to set up and free for most use-cases.

Check out UptimeRobot which is a free service that takes about a minute to set up, and checks your website every 5 minutes.


Perhaps the Achilles’ heel of the vast ecosystem of themes and plugins available for WordPress…software updates.

Your WordPress site is almost certainly running with anywhere from 5-30 plugins, most of which are built and maintained by separate third party developers. Installing updates as they are released by the developer is important as the update may contain security patches to prevent your site from being hacked.

However, since plugins are built and maintained by a huge amount of third party developers who are not likely to be coordinating with each other for every update, sometimes an update to one plugin on your site can cause it to go ‘out of sync’ with another plugin – which can result in anything from small annoyances to complete site-wide disasters.

So, while a vast majority of the time it will be a simple case of logging into your WordPress Dashboard and clicking “Update”, there is a chance something can go wrong. This is where your backup system becomes extremely important.

Before you perform updates, take a fresh backup of your site to be used as a snapshot directly before the updates were performed.

Then, after updating, use a Private/Incognito window to review your site as a visitor and ensure everything looks/works as it should.

Test any functions in the WordPress Dashboard that you rely on (eg. adding a new post), and if something isn’t working right:

  • If you’re not a developer, you should roll back to your latest backup and seek advice as to the best way to proceed.
  • If you’re a developer, you can enable and review WP_DEBUG_LOG and attempt to fix the issue.
    Depending on your situation and the severity of the issue, you may choose to roll back to the latest working backup to your production environment while you attempt to resolve the issue on development/staging – or you may choose to fix it directly in production.


As we mentioned above, your typical WordPress site is a combination of “Core WordPress” and potentially dozens of plugins, most of which are shipped and maintained by separate developers. That’s a lot of moving parts, and a lot of code with differing levels of testing and quality standards – aside from breaking things when you update, this also poses a security risk.

If there is one line of vulnerable/exploitable code somewhere in the tens of thousands of lines of code that make up your website, there’s a potential for a bad actor to gain unauthorised access to your website for malicious activity. Regardless of what they do with this access, a security breach is bad for business.

So, on top of installing every update as soon as possible (with backups!) it is also important to have a system in place to block dodgy actions on your website and alert you if this happens.

For this, we recommend WordFence, which is a free firewall & security plugin for WordPress. Their firewall identifies malicious code in real-time and prevents it from being run on your server. The plugin also features a security scanning tool which can alert you to any potential vulnerabilities on your site. WordFence alerts you via email when it finds something.

Again, your regular backups are important when it comes to managing security issues.

If, by chance, something does make it through WordFence protections (which is possible) and you end up with a hacked website, your first port of call is to restore to the latest “clean” backup (which is a backup of before your site was hacked). Your second port of call is to figure out as quickly as possible how your website was breached and lock it down before it happens again.

The full steps for cleaning a hacked WordPress site warrants a guide of its own, which we will cover in the future.


Spam is the worst. You don’t need that in your life, on your website, or in your inbox!

Generally, spam comes in the form of bots programmatically filling out contact forms or posting comments on posts on your website.

Bots are quite smart these days and we’ve found using reCAPTCHA technology (like the I’m not a robot checkbox you see all over the place) is only moderately effective in stopping spam.

We’ve found a plugin called CleanTalk to be the most effective at preventing spam while still making it easy for real humans to reach you with legitimate enquiries.

CleanTalk is super smart when it comes to figuring out what’s spam and what isn’t. It’s also very cheap at about $10 per year for a single site, and reasonably simple to set up.

We include a free CleanTalk license with our WordPress Care Plans.
Across our clients using service, we see thousands of spam comments and emails blocked every week.


With plugins, you can easily extend the functionality of WordPress and make it do just about anything without having to write a single line of code. However, it is a balancing act and you should always stop and think before installing additional plugins.

You don’t want too many plugins on your site because:

  • Every plugin is a potential “attack vector” and can increase your risk of getting hacked.
  • The more plugins you have on your site, the more likely you are to run into compatibility issues.
  • Having a large number of plugins on your site can slow things down for your visitors.

As such, you want to avoid adding complexity as much as possible.

To find the balance, we suggest answering these questions when deciding whether you need a plugin or not:

  • What problem does the plugin solve for your business, and can you quantify the value it will provide?
  • How well maintained is the plugin?
  • Is there another way of solving this problem/gaining this functionality?

You should also review the plugins on your site regularly with these same three questions to keep things in check.


This is not technical, but if you want your website to provide tangible business results it remains a crucial part of website maintenance.

You need to keep your content up-to-date, relevant and useful to your website visitors. This does two things:

  • Saves you time, since if your website content is up-to-date you will need to spend less time explaining how your business works to customers.
  • Gets you in Google’s good-books, since they LOVE showing regularly updated, relevant information in their search results.

We suggest setting a time once a month to review the content on your website and ensure it’s still current.
If things are out-of-date, it is worth the time it takes to update it.


These are the basic steps to maintaining your WordPress website in 2022 as a small business owner:

  • Backups
  • Uptime Monitoring
  • Software Updates
  • Security Hardening
  • Spam Protection
  • Plugin Management
  • Content

Most of these tasks can be completed by anyone (perhaps with the help of the occasional Google Search). That said, it does take time, and if you’re a small business owner – it can take time out of your day that may be better spent in other areas.

At Sarox, we offer a WordPress Care Plan which covers all of the above – and a few extras – to ensure you never have to worry or think about your website. It will just work, as it should, all the time.

If you’re interested in offloading the maintanence of your WordPress site to a bunch of geeks with a proven system, please Contact Us and we will be happy to help.

Kobi Colman
Kobi Colman

Operations Manager @ Sarox

Access our free resources + monthly content via our newsletter.

Unsubscribe at any time.