WordPress sites constantly evolve as new content is published, new pages are created, and plugins and themes are installed or removed. Most of the time, those changes are for the good and don’t cause any problems for the health of the site.
But WordPress is a complicated piece of software, and, as with any complex system, it’s hard to predict how the parts interact. Any modification can cause a regression, a change for the worse. That’s why I like to run through regular health checks on any WordPress site I’m managing.
If something is wrong, I want to know about it sooner rather than later, so it’s not enough to deploy a site that works wonderfully and leave it at that. Every month or so, I run a series of tests to reassure myself that all is as it should be.
I use Pingdom Tools to perform a comprehensive scan of the site’s performance from various locations around the world. Pingdom provides the information I need to identify performance regressions and their likely cause.
Last year, a security researcher published a list of eCommerce stores infected with credit card swiper malware capable of capturing card numbers and sending them to criminals.
Many of the stores had been infected for months.
It’s impossible to be completely certain that your WordPress site hasn’t been infected with malware or otherwise compromised. Prevention is better than cure, but if preventative measures have failed, I want to know about it as soon as possible.
There are several WordPress malware scanners available, but Sucuri’s free SiteCheck does the job quickly and well.
Links have a tendency to break and 404 errors are a common occurrence on sites that change frequently. They’re bad for both user experience and search engine optimization. I use the excellent Broken Link Checker plugin to scan for broken links so I can repair or redirect them.
I’m going to assume everyone reading this article makes regular backups of their WordPress site and keeps those backups for an appropriate amount of time.
But going through the motions of keeping a backup isn’t enough. Site owners should also verify that backups are actually being made and that they’re viable. There’s nothing quite so frustrating as trying to restore a site from an earlier backup only to find it empty, corrupt, or otherwise useless.
To check backups, I do a full restore of a recent backup on a brand new WordPress installation. It’s possible to do this manually or with your existing backup plugin. It’s not really important how you check backups, but not checking them can lead to nasty surprises.
Altogether, running through these steps takes no more than half an hour, and I find the peace of mind well worth the time invested.