Every website running WordPress, or just about any other CMS for that matter, should have some security and backup system in place. Whenever I log in to a new client’s WordPress site, these are the very first things that I check.

I am continually surprised by the number of client sites I access that have no security or backup system in place.

I would estimate that roughly 60–75% of WordPress sites that I log in to for the first time have neither of these elements set up. Given the proportion of the web that’s built on WordPress, that is a ridiculously high percentage.

I understand that when a site is first built, the budget is often tight. This might mean the owner creates the site, or that it’s put together by someone with limited experience (that’s ok, everyone starts somewhere).

Many of my clients don’t have huge budgets to work with, and they can be some of the most enjoyable and rewarding projects I take on.

The basics

That said, there are a few elements that should be in place on every WordPress site. If you’ve hired someone to develop your site, I would encourage you to ask whether they will be implemented.

If you’re building the site yourself, these are things that are worth hiring a developer for. Implementing them could prevent some severe headaches, financial or otherwise, further down the line.

Must-haves

Ok, no prizes for guessing these two: backups and security.

Without these features, the site owner is in an awkward position if something goes wrong. In the worst case scenario, the owner may need to rebuild their website altogether.

It frustrates me that this situation is so common when the implementation so easy and that’s why both of these topics crop up on my blog so regularly.

Backups
If your site isn’t regularly backed up, you risk losing your web presence overnight. Not only could this result in the entire website needing to be rebuilt from scratch, but you could lose all of your content, too.

It’s possible that your host may offer an automated backup of your site, but I wouldn’t rely on this.

Security
I’ve written about WordPress security before.

TL;DR: get some security in place.

The combination of a decent security setup and regular, automated, off-site backups should help to prevent you losing your site or needing an unplanned site rebuild. Don’t risk it!

Other things to watch out for

Aside from these essentials, there are a couple of other things you will want to keep an eye on.

Use a professional theme
If your site has been built on a bootstrap budget, it may not have been built using a custom WordPress theme. This is something to check with your developer. If it isn’t, make sure that it’s being developed on top of a professional theme. Many free themes contain malware or may be vulnerable due to a lack of maintenance, so avoid them wherever possible.

Use a good host
There are lots of well-known hosts that fill Google results pages with ads whenever users search for common hosting terms. Many of these, but not all, offer poor customer service and/or website performance, especially for WordPress sites. Ask your developer for a recommendation or check out this guide on how to choose a web host.

Performance
Your choice of host will have a significant impact on your site, but your developer can take lots of steps to help a site load quickly.

I’ve previously written about the tools you need to monitor a site’s performance and how caching can reduce your website’s load time.

Don’t store multiple versions of a site
This is a biggie, and I see it all too often. Don’t store old or development versions of a site in the same directory structure as your live site.

I regularly see different WordPress installations in folders labelled /old/ or /2010/ or similar. These sites are almost never adequately maintained, and, if any one of these installations were exploited, every other site on your account could also be hacked. Just don’t do it.

If you must keep a copy of your site, either archive it offline, set it up on a subdomain or create a static version of it.

Typography
Poor typography can make a website illegible. Aside from common accessibility issues, an ill-chosen font could make your site difficult to read on devices or browsers that render your typeface differently. Here are some tips on improving your website’s typography.

SEO
Installing an SEO plugin won’t necessarily make your site rank any higher, but it should help your content be more search engine friendly. That has to be a good thing. Check out Yoast.

“I don’t have time for this!”

When you run a website, either as a freelancer or a small business, it’s easy for your site to slip down the list of priorities.

Once you’ve finished your client work, general admin and keeping on top of finances, amongst other day-to-day tasks, there isn’t a lot of time left to manage your site. If there is, you’ll likely need to spend that time writing a new blog post or updating other content.

Start by setting aside a few minutes to check your site has security and backups in place. Fire off an email to your developer if it’s easier - they’ll likely be more than happy to check.

Once these are in place, you’ll be in a solid position to start checking the other items off your list and making other improvements to your site. If the changes help to prevent a website hack or worse, it could be the most valuable time you ever spend on it.

Want more help? Consider a WordPress maintenance package.