the wordpress maintenance checklist every small business should follow
wordpress powers about 43% of the web and is the most common platform for small business sites. it's also the most frequently hacked — not because wordpress is insecure by design, but because most wordpress sites aren't properly maintained. plugins get outdated, databases bloat, backups don't get verified, and then something breaks or gets compromised.
here's a practical checklist organized by frequency. use it as a standing routine or share it with whoever manages your site.
monthly tasks
update wordpress core, themes, and plugins go to dashboard → updates. apply all available updates. the exception: before updating major versions of wordpress core (e.g., from 6.4 to 6.5) or major plugin updates, take a backup first. most updates are safe but occasionally something conflicts.
verify your backup is working don't just have a backup configured — confirm it's actually running and creating valid files. log into your backup plugin (updraftplus, backwpup, etc.) and check the most recent backup timestamp and file size. download and spot-check a backup file at least every few months.
check for 404 errors log into google search console. under "indexing" → "pages," look for 404 errors. a broken link or removed page that's still being linked to from other sites or your own content should be fixed with a redirect.
review user accounts if you had contractors, former employees, or freelancers with admin or editor access to your site, remove their accounts or downgrade their access. don't leave unnecessary admin accounts active.
spam comment review if you have a blog, check your spam queue and clear it. also ensure akismet or another anti-spam plugin is active.
quarterly tasks
test all forms submit your contact form, quote request form, and any other forms on your site. make sure the submissions arrive at the right email address. forms break silently — the page looks fine but the emails are going to a deleted inbox or getting caught in spam.
check site speed run your site through pagespeed insights quarterly. note your mobile and desktop scores. if a recent plugin addition or theme update has degraded performance, you'll catch it early.
review google analytics look at your traffic trends, top pages, and bounce rates. if something has changed significantly, investigate.
check for broken links use a tool like brokenlinkcheck.com or install a plugin that scans for broken internal and external links. fix or remove broken links.
database optimization over time, wordpress databases accumulate unnecessary data — post revisions, spam comments, transients. plugins like wp-optimize can clean and optimize the database, improving query performance.
annual tasks
review and audit your plugins deactivate and delete any plugins you're not actively using. review each active plugin: is it still being maintained by the developer? when was the last update? a plugin that hasn't been updated in two years is a risk.
review your hosting plan is your current hosting still appropriate for your traffic and needs? are you on the cheapest shared plan when your traffic warrants a managed wordpress plan? an annual hosting review prevents you from staying on a plan that's limiting your performance.
ssl certificate renewal most ssl certificates renew automatically, but verify yours is current. a lapsed ssl certificate causes browser warnings that immediately undermine trust with visitors.
review and update your content check your services pages, about page, and team bios for outdated information. update your footer copyright year. remove references to anything that's no longer accurate (old promotions, former employees, discontinued services).
test your disaster recovery at least once a year, actually restore from a backup — either to a staging environment or a local copy. knowing that your backup works before you need it is far better than discovering it doesn't during an actual crisis.
the option to outsource this
if going through this list feels like too much to manage, most wordpress-focused agencies and freelancers offer managed maintenance plans that cover backups, updates, uptime monitoring, and security scanning for $100–$300/month. for businesses where the website is important, this is a reasonable cost of operations.
nanushi offers maintenance support for wordpress sites as part of ongoing client relationships. if you'd like to discuss options, reach out.