Updates
Obviously, if your site is newly launched it should be running fairly new code, but without knowing the details of your building process I always suggest you check if your site and plugins are up to date. With all the various plugins and code from different sources that comprise a WordPress site, keeping things up to date is just a good habit to be in. At Solid Digital, we generally update our clients’ sites on a monthly basis, except when WordPress rolls out a security patch to fix some vulnerability. We push those updates out to all our sites immediately, when they occur.
SEO
There are plenty of basic guides to SEO and how to conduct and SEO audit out there so I won’t go into the details of this dark art. Suffice it to say that if you are the sort of person who wants others to see your website, this is something that’ll need some thought. Since we’re all talking about WordPress here, I’d recommend using one of the popular plugins that handle this. Aside from making your site cozy for web crawlers, those plugins usually include other functionality that’s pretty handy, such as:
Generating nice link share previews…
which is probably a carryover from the page previews you see at the top of Google’s search results, but I’ll take it. This ensures that if someone shares a link to your site on social media the final post includes a link preview card, usually with an image and excerpt. This aids visibility and definitely gathers more clicks and is handled automatically by SEOPress.
Providing an interface to create redirects…
as well as notifying you of any missing or changed pages that require redirects. Even if you somehow want your site to remain a secret from all search engines, you probably still don’t want visitors landing on 404 errors.
Managing your robots.txt file…
so you can make changes to it from the WordPress dashboard. Whether you need a complicated set of rules in there or not, it’s nice to streamline the editing process. Extra nice that if you change web hosts the process is the same, right there in the dashboard.
Having handwritten code to do all of the above I would recommend just installing SEOPress. Let that handle it for you. Spend the time you saved reading Nnedi Okorafor’s latest.
Comments
Turn them off, site-wide unless you:
A. are providing content you specifically want people to comment on, and
B. have a strategy in place for dealing with spam.
Your anti-spam strategy doesn’t have to be all that involved. You could just use Recaptcha or Akismet to weed out most of the spambots and hold all comments until you (or an admin) approve them.
I am surprised to find that people do still run WordPress sites with the built-in comment system enabled (not Discourse). So maybe comment spam isn’t as bad as it used to be and I’m just showing my age here. Either way, whether it’s comments or really any other form soliciting visitor input when it comes to spam mitigation: don’t sleep.
Bonus unsolicited professional recommendation:
Don’t google image search “spam costume” on your work computer.
Security
If yours is the only administrative account, you practice good security culture, and nobody’s specifically targeting your site, WordPress is reasonably safe and secure, you’re good. If any of those aren’t the case, if you have unmaintained plugins or any major customizations on your site, you might want to get a security plugin. A plugin will make it easy to do things like disable problematic interfaces (xmlrpc.php), or require 2-factor authentication for login. More advanced features include keeping a log of access attempts, ip-banning brute force attackers, even sending you an email if there’s an uptick in malicious and dastardly activity.
Again, if you’re just trying to run a sleepy little website about your model train collection, something like iThemes Security is probably overkill. Just use a good password, and don’t log in as admin on the Motel 6 lobby computer. If you’re part of a team running this site, watching analytics, and trying to get your content in front of more eyeballs, it’s a good time to think about beefing up security, if you haven’t.
Maintenance, or “tying it all together”
For updates, I would recommend implementing a schedule. Run your updates on the 1st of the month, or whenever makes sense for you and your team. From a developer’s perspective, this makes it easier to work on a site. But even for non-devs, if some collision between plugins brings your site down, figuring out what went wrong and when will be much easier if all updates have been done on a set date.
Bonus pro tip: If you aren’t the only admin, make sure everyone on your team knows to ignore the desperate pleas for attention by “outdated” plugins. They will get updated when it’s time. And make it one person’s job to run the updates.
Other than that you can pretty much handle stuff as needed. WordPress is really good about keeping you well apprised of what’s going on.
Generally speaking, plugins are also very open with their concerns, too.
So just making sure to log in to your site at least once a week, you’ll probably catch most tasks that need handling as they come up. Like if there’s a vulnerability that needs immediate patching, some comment spam that needs deleting, or redirects that need to be in place.
Looking for more pro tips for your WordPress site? Give us a shout! We’re happy to dig in right along with you to improve your website’s performace.
