What to Do If You’re Not on a WebCami Care Plan
WordPress websites need regular care. That doesn’t mean you need to be afraid of your website, and it doesn’t mean something bad will happen the minute you skip an update. But it does mean your site should not sit untouched for months while updates, backups, security scans, and plugin notices pile up.
I originally wrote about this over a decade ago after helping clean up hacked websites for clients. A lot has changed since then, but the basic issue is still the same: when a WordPress site is ignored for too long, small maintenance tasks can turn into bigger problems. Please note that all suggested links have been updated in 2026.
If your site is on a WebCami Care Plan, I handle this work for you. If you decide not to enroll, that’s completely okay. I just want you to understand what you’ll need to keep up with on your own.
This is not meant to scare you. It’s meant to give you a realistic picture of what goes into keeping a WordPress website healthy.
Keep Your Website Login Secure
A good place to start is with your login.
Use a strong password for your WordPress account. Don’t use “admin” as your username, and don’t share your login with other people. If someone else needs to work on your website, they should have their own user account.
When you’re done working in WordPress, log out. This is a small step, but it matters, especially if you are using a shared computer, working in a public place, or logging in while traveling.
You should also review the users on your site from time to time. If someone no longer needs access, remove them. If someone only needs to write posts or make small edits, they should not have full administrator access.
Password manager recommendation:
Make Sure You Have a Current Backup Before You Update Anything
Before you run updates, make sure you have a current backup of your website.
This is one of the most important parts of maintaining your site. If an update causes a problem, your backup gives you a way to restore the site. Without one, a small issue can become a much bigger and more expensive project.
Your backup should include both your website files and your database. Your database is where your pages, posts, settings, and other important site content live.
You’ll want to know where your backups are stored, how often they run, how long they are kept, and how to restore one if you need it. Don’t assume your hosting company is handling this for you. Some hosts include backups, some do not, and some charge extra to restore a site.
I recommend daily backups, stored for at least 30 days.
Backup recommendation:
SolidWP Backups (formerly BackupBuddy)
Run WordPress, Plugin, and Theme Updates Weekly
WordPress sites need updates. These updates may include WordPress itself, your plugins, your theme, and sometimes translation files.
Updates often include security fixes, bug fixes, and compatibility improvements. Letting them pile up can make your site more vulnerable and harder to maintain later.
Before you update, confirm that you have a backup.
After you update, check your site. This is the part many people skip. Updating is not just clicking the update button. You also need to make sure the site still works afterward.
Pay Attention to What Each Plugin Does
Plugins add features to your website, such as forms, calendars, SEO tools, image optimization, security, backups, spam protection, and page layouts.
Before you update or install a plugin, know what it does. Avoid using more than one plugin for the same job, such as two caching, security, or image optimization plugins. These can conflict and cause issues.
Choose plugins that are widely used, actively maintained, and well-reviewed. Avoid plugins with very few installs or no recent updates.
If you buy a premium plugin, track the renewal date, account login, license key, and payment card used. If the license lapses, you may stop receiving updates, which can create security and compatibility risks.
After updates, check the parts of the site those plugins control.
Plugin reference:
Be Careful With Theme Updates
Your theme controls the overall design and structure of your website, so theme updates should be handled carefully. Some updates are routine, but others can affect how your site looks, especially if your site is older or has custom theme work. Before updating your active theme, make sure you understand how your site was built. You can usually remove old themes you are not using, but it’s smart to keep one default WordPress theme installed as a fallback.
Installing a new theme is not the same as redesigning your website. Clients often think a new theme will make everything snap into place, but that is rarely how WordPress works. A theme may change the look of your site, but it will not automatically organize your content, fix layouts, match your branding, or make old pages look polished. In many cases, changing themes creates more work, not less.
Theme reference:
Check the Site After Updates
After updates are finished, visit your website like a regular visitor would. You don’t need to inspect every page, but check the parts that matter most: your homepage, main service pages, contact page, navigation menu, footer, buttons, forms, and any special features like calendars, maps, galleries, donation forms, booking tools, or membership areas.
Look for anything that seems off, including missing images, broken layouts, strange spacing, forms that don’t submit, menus that don’t open, or pages that load unusually slowly.
If you don’t see your updates right away, refresh your cache. If things still look odd, open the site in an incognito or private browser window and check again.
Test Your Forms
Forms can look fine on the page and still fail behind the scenes, so test your important forms once in a while.
When testing, don’t use the same email address that receives the form notification. Use a different email address, submit the form, then check the inbox and spam folder for the address that should receive it.
If one inbox stops receiving form notifications, the issue may be tied to email filtering. Contact your IT provider or email provider to check whether the messages are being blocked, filtered, or sent to spam.
If form delivery is a repeated issue, you may need an SMTP plugin to help your website send email more reliably.
One important note: never mark a form notification from your own website as spam, even if the submission itself is junk. The message may show the visitor’s email address, but it is usually being sent by your website or web server. Marking it as spam can train your email provider to block future form notifications.
To reduce junk submissions, use CAPTCHA or another form spam protection tool.
SMTP reference:
Scan For Security Issues Daily
Use a security tool to scan your website for malware, suspicious files, login attempts, and known plugin or theme vulnerabilities. No security tool can promise your site will never have a problem. Regular scanning simply helps you catch issues sooner.
You should also pay attention to anything unusual on your site. Strange redirects, popups you didn’t add, unfamiliar users, missing content, increased traffic or pages you didn’t create are all signs that something may need attention.
Security recommendation:
External scan option:
Keep Spam Under Control
Spam can show up in comments, forms, user registrations, and other places depending on how your site is set up.
If you do not need comments on your site, turn them off. If you do use comments, review your settings and keep an eye on the spam folder.
If you are getting a lot of junk form submissions, you may need stronger spam protection.
Spam protection recommendation:
Keep Your Database Cleaned Up
Over time, your WordPress database can collect extra clutter. This can include post revisions, spam comments, deleted comments, expired temporary data, and old plugin data.
A database optimization tool can help clean this up, but only do this after you have a current backup. Don’t delete database tables manually unless you know exactly what they are.
Database tool recommendation:
Know What Your Hosting Company Will and Won’t Do
Hosting support varies a lot, and this is something you want to understand before there is a problem.
Ask your hosting company if they run backups, how long they keep them, whether they will restore your site, whether they scan for malware, and whether they clean hacked websites. Some hosts will help. Some will point you to a paid service. Some will only tell you there is a problem and leave the cleanup to you.
Write down what your host provides so you are not trying to figure it out during an emergency.
Keep Track of Premium Licenses
Many WordPress sites use premium plugins or themes. Websites built by WebCami may include access to some premium licenses, and those details should be listed in your website handbook.
If you purchase any additional premium plugins or themes, keep track of where they were purchased, when they renew, who owns the account, the license key, and which payment card is on file.
For organizations or businesses with more than one person involved, make sure more than one trusted person can access those accounts. If the only person with the login leaves the organization or company, you may lose access to renewals, updates, support, or license details.
If a license expires, you may stop receiving updates, which can lead to security or compatibility problems.
Know What You’ll Do If the Site Is Hacked
This is the part people don’t like to think about, but it matters.
If you are maintaining your own website, you also need to know what you’ll do if the site is hacked, infected with malware, or taken offline.
That may mean contacting your hosting company, restoring from a clean backup, scanning the site, removing infected files, changing passwords, replacing compromised plugins or themes, and checking Google Search Console for security warnings.
It may also mean hiring someone to clean it up. I am available at my regular hourly rate to help with hacked or infected websites when my schedule allows. Please note that clients enrolled in WebCami Care Plans receive priority during website emergencies, especially if multiple urgent issues come in at the same time.
I don’t want that to sound scary, but I do want it to be clear. Maintenance is not just about clicking update buttons. It also includes knowing what your next step is when something goes wrong.
If Something Breaks
If your site breaks after an update, stop and take notes before trying random fixes.
Write down what changed. Take screenshots. Note which updates were run. Check whether the issue affects one page, one feature, or the whole website.
If the site is completely down, first check this website, downforeveryoneorjustme.com. If is is, contact WebCami or your hosting company first.
If you need WebCami to troubleshoot, repair, or restore the site, I’m happy to help when I can. Hourly rates apply unless your site is enrolled in a care plan that includes emergency restoration.
The Easier Option
You can maintain your own WordPress site. But you do need to stay on top of it. You need backups, updates, security scans, form checks, spam control, license tracking, and a plan for what to do if something breaks or gets hacked.
If that sounds like more than you want to manage, that’s exactly why I offer WordPress Care Plans.
I take care of the behind-the-scenes work so you don’t have to remember what needs updating, whether your backup ran, when to scan for malware, or what to check after an update.
Your website still needs care either way. The only question is whether you want to handle it yourself or have WebCami handle it for you.
