WordPress Maintenance Onboarding Process

If required, Install and Setup Really Simple Security plugin (formerly called Really Simple SSL), and force SSL certificate.

If the website is on one of our website maintenance plans, install and activate Malcare and apply Geoblocking for the following countries:

• Belarus
• Bulgaria
• Cambodia
• China
• Indonesia
• Iran
• Lithuania
• Myanmar
• Nigeria
• North Korea
• Philippines
• Romania
• Russia
• Syria
• Thailand
• Ukraine
• Vietnam

If the website will not be on one of our maintenance plans, install Wordfence and activate the free firewall.

Ideally, you can configure this setting using Admin and Site Enhancements (ASE) by Bowo. If not, you can use a specific plugin for this called WPS Hide Login.

Replace the /wp-admin login url with something unique – for example: /secure

At the end of the onboarding process, we need to email the client with the new login link.

Hide all emails from bots using one of the following methods:

1. Automated: Configure this setting using Admin and Site Enhancements (ASE) by Bowo.
2. Manual: Email Obfuscation.

Most business sites don’t require comments on posts and pages. For these sites, install and setup Disable Comments.

Apply disabling to the whole site.

Options:

1. Wp Forms:
   Our preferred contact form plugin is WP Forms. When using WP Forms, you can setup Google ReCAPTCHAv3. Ensure that the email weaverbirdmarketing@gmail.com is either used to create the Google ReCAPTCHA or made an admin collaborator.
2. Contact Form 7: 
   If the site uses Contact Form 7 plugin for contact forms, setup Google ReCAPTCHA v3 or use the Contact Form 7 add-on Honeypot for Contact Form 7,
3. Optional additional Anti-Spam for Blog Post comments:
   If you feel additional spam protection is required, you can install Akismet or Anti-Spam Bee.

1. Avoid having a user with the username “admin” as this is a default username which hackers know to exploit.
2. Delete all unnecessary users.
3. Ensure all users have strong passwords.

1. Navigate to Admin and Site Enhancements (ASE) via Tools > Enhancements > Security.
2. Enable Limit Login Attempts to prevent brute force attacks.

1. Navigate to Admin and Site Enhancements (ASE) via Tools > Enhancements > Security.
2. Protect your site from brute force, DOS and DDOS attacks via XML-RPC.

Nb. This also disables trackbacks and pingbacks.

Clients love to visually see the speed and performance improvements on their site, so before we apply speed & performance processes, we need to generate a “before” Google Page Speed report which we can later share with client for a comparison with the “after” report.

Using Updraft+, create and download a backup or store on a cloud service.

Before applying any speed plugins and processes, we normally try to work with the premium theme’s inbuilt performance settings to disable unnecessary settings.

Nb.
Ensure the theme’s performance settings are not applied if the same performance settings will be applied through the 3rd party plugin. For example; with Salient, one of the theme performance settings you can activate is to delay Javascript Execution, however, a plugin such as Airlift or Nitropack might also run that setting and this could cause a conflict if enabled.

Important.
This step must only be performed with client’s approval as it is not covered by the onboarding process. It can only be performed with use of monthly time allocation.

Subtle UX animations can make a site LOOK & FEEL amazing, however, these can impact the website speed and performance. So it is our preferred process not to use much animation. If we feel animation is required  to give a site a more premium feel, then we can use animation as required.

Important.
This step must only be performed with client’s approval as it is not covered by the onboarding process. It can only be performed with use of monthly time allocation.

Run a Media and Database Cleaner plugin to remove unused files and data.

• Media Cleaner (optional)
• Database Cleaner (optional)

Be careful not to remove PDFs or other media that the website or client might be linking to via other communication methods such as email or social media.

WordPress media cleaners pickup images that are not linked to on the website, but they don’t pickup if those media files are being utilised elsewhere on the web.

If the website is on one of our website maintenance plans, we can install and activate Malcare and apply Airlift.

If not, we use one of (or a combination) the following:

• Nitropack:
  Setup & test Nitropack’s optimisation settings and manage necessary Nitropack exclusions. It’s very important to manage exclusions such as Instagram feeds, and other advanced features such as Booking Engines, and eCommerce functionality.

• Siteground Optimiser for websites hosted on Siteground.

• Alternatives:
  In the past, we’ve also used WP Super Cache or W3 Total Cache for free, beginner-friendly caching. For database optimization we’ve used WP Optimize, but have experienced a few issues in the past.

Important.
This step must only be performed with client’s approval as it is not covered by the onboarding process. It can only be performed with use of monthly time allocation.

If the speed plugin doesn’t handle image compression, we can install & setup TinyPNG Image Compression which automatically compresses images uploaded to the website. 

This plugin can also automatically resize large images by setting a maximum width and/or height for more reasonable browser display.

Alternatives:
We’ve also used image optimisation plugins such as Smush, Optimole, and ShortPixel.

Generate an “after” Google Page Speed report to share with client for a “before & after” comparison report.

Recently we’ve been using Rankmath instead of Yoast SEO as our preferred SEO plugin as it has a couple of additional features which can be beneficial.

Once installed, apply the following settings:

1. Site appearance
2. Social media links
3. Breadcrumbs (if client is ok with this added module on their site)
4. 404 Monitor
5. Instant indexing
6. Link counter
7. Redirections
8. Sitemap

Check images throughout the site and ensure each image has a relevant applied.

Here is a guide:

• Be descriptive but concise:
  Keep alt text under 125 characters while forming a clear mental image of the content.
• Focus on purpose, not just appearance:
  Describe what the image conveys rather than listing visual details.
• Avoid unnecessary phrases:
  Skip “image of” or “picture of”—screen readers already indicate that it’s an image.
• Use keywords naturally:
  Incorporate relevant keywords without stuffing; align with user search intent.
• Handle decorative images properly:
  For purely decorative images, use an empty alt attribute (alt=””) so screen readers can ignore them.
• Complex images need extra context:
  For maps, charts, and infographics, follow W3C Web Accessibility Initiative guidelines and provide a full explanation in surrounding text or linked descriptions.

For more info read the following MOZ guide.

Source: https://moz.com/learn/seo/alt-text

This might be handled already through the SEO plugin, but if not, be sure to apply the correct Site Title, Tagline, and Site Icon in the WordPress appearance settings.

Ensure all key pages and key blog posts have the following meta data applied:

• Meta title
• Meta description
• Thumbnail image

Automatically check for 404 page errors and batch redirect using Rankmaths 404 Monitor.

Manually check the following and verify that each link/button leads to the correct destination and that the linked content loads successfully:

• Page Links:
  Check all internal and external links on each page and post of the website.
• Buttons:
  Click every button on the site, including form submission buttons, call-to-action buttons, and interactive elements.
• Menu Items:
  Test all navigation menu items, including dropdowns, sub-menus and footer menu.

Install and Setup Google Site Kit plugin and then create or connect the following Google services:

• Google Analytics
• Google Search Console
• Google Tag Manager
• Google Ads (if client requires)

Find the XML sitemaps in the Rankmath or Yoast sitemaps settings and submit to Google via Google Search Console, and Bing via Sitemaps – Bing Webmaster Tools.

Nb.
Submit all relevant sitemaps, not just the parent sitemap, for example:

• https://weaverbird.co.za/sitemap_index.xml
• https://weaverbird.co.za/post-sitemap.xml
• https://weaverbird.co.za/page-sitemap.xml
• https://weaverbird.co.za/portfolio-sitemap.xml
• https://weaverbird.co.za/category-sitemap.xml

Check/apply correct H Tags (Heading tags) on every key page & key post:

• Page Title: H1 (Not to be used more than once)
• H2 for key headings
• H3 for secondary headings & FAQs