This is an image portraying cybersecurity.

Thank you for trusting us with your WordPress maintenance again this year. We wanted to give you some insight into what maintaining your website means for us and what you can expect for the new year.

Great things to know about WordPress maintenance and reliability:

WordPress powers 35% of the internet at this point in 2020. That is an increase of 2% compared to early 2019 and a 4% rise from the previous year. If you count only the CMS-built sites, or sites that use a content management system, then about 60% of them are WordPress.

  • Over 400 million people visit WordPress sites each month
  • In 2016, nearly 118 billion words were published on WordPress

WordPress drives e-commerce – nearly 28% of all e-commerce goes through WooCommerce (this is a WordPress plugin)

WordPress continues to be the platform of choice.

  • 281 new WooCommerce shops appear on average every day
  • 661 new WordPress sites pop up daily
  • offers over 50,000 plugins and over 3,500 GPL-licensed themes

All of these factors make regular WordPress maintenance imperative and we take maintenance and security very seriously.

We strongly discourage installing plugins yourself. We only install proven plugins and themes from reputable developers, many of whom our own developer keeps in personal contact with. When a plugin or theme stops being actively maintained by its developers, we will research and recommend similar alternatives so these out-of-date elements don’t put your site at risk.

Additionally, we are still unwilling to move forward with the WordPress Gutenberg Block editor and have taken steps to lock in the Classic Editor which works well with the various page builders in place dependent upon your WordPress theme.  We have tested the Gutenberg editor and are unimpressed at this time.

What we are doing to keep you safe and up to date:

  • We have very robust software installed, with many redundancies, to block numerous standard malicious attacks with a security firewall. We monitor email several times per day and also receive a summary report of activity weekly.
  • We receive daily notifications related to security and any software that requires an update. We also receive an immediate notification if anyone successfully logs in to the WordPress admin dashboard.  Likewise, we receive notice of failed login attempts.
  • If there is any unusual activity such as an actual attack or the firewall has temporarily blocked actions (maximum of two months), we have a springboard from which to permanently block those IP addresses or IP address ranges to prevent any further site access. We do this at both the WordPress level by placing IPs on a type of blacklist, and also at the server level via an IP deny manager for the most flagrant attempts.
  • If there are any problems with Google, we receive notifications from them. These are rare, but if there is an issue with mobile display or a 404 file not found errors, we get a flag alert so we can take swift action to resolve any issues that may arise.
  • Our Maintenance Service clients enjoy complimentary installation of a variety of exceptional, premium plugin licenses that enhance performance, security and functionality. Purchasing these licenses is a major annual investment for Sullivan Solutions, but we have peace-of-mind in the quality and excellence these best-in-class tools provide.

Once each week, or as mandated by security imperatives, we:

  • double-check front-end site performance
  • ensure we have proper site backups
  • evaluate any software updates posted, research first for stability/compatibility and then take appropriate action. This might be to update or to defer until we are happy with ongoing research results. Sometimes we opt to deactivate and remove/replace
  • double-check front-end site performance to ensure we have proper site backups, evaluate any software updates posted, research first for stability/compatibility and then take appropriate action. This might be to update or to defer until we are happy with ongoing research results. Sometimes we opt to deactivate and remove/replace after any updates or modifications, we purge all caches and again double-check front-end performance examine site traffic and look for unusual activity. We prioritize those visitors – whether human or bot that have attempted some type of malicious action. With how we have set up security firewalls, we’ve yet to see a successful penetration or compromised access. However, it must be understood that allowing the same agents to repeat their attempted access is also detrimental to site performance. Their actions can actually cause an overload to the server and any limits to resource usage that your specific host has in place based on your hosting plan. We take necessary action to permanently block these agents at both the WordPress and server level.

At least once each month we:

  • review host server performance.
  • run third-party scans for security.
  • run performance scans for ongoing optimization.
  • deeply examine a variety of logs and error reporting files to ensure that we don’t have any specific plugin in place that is creating problems.
  • send a complete backup of the website to an external DropBox.

WordPress, an open-source software, has a published development roadmap.  The schedule is always subject to modification based on how new version beta testing phases are running.  In 2020, we have major new releases expected in March, September, and December. In March, we expect a major new release and possible core update.

We generally block a host from updating automatically to a brand new version of WordPress. We only allow them to update subversions after a few days of its release.

We always do our homework BEFORE we upgrade your site. Pressing the “update” button is not something we take lightly.

Therefore, in March when we are notified that WP 5.4 is available, we may opt to keep you at version 5.3.2 or the latest subversion release, rather than an upgrade until we are 100% certain it is stable and relatively bug free.  Generally, Automattic – the organization that controls and develops WordPress — releases a new subversion candidate at the same time as a major new release for those who might be reticent to upgrade, but want the security patches that have been put in place on the new version.

Further, we have to make sure that not only WordPress itself is stable, but also that your theme and installed plugins are compatible with the new version. Depending upon the sophistication of your website, we may test on a staging copy of your site before making these critical changes to your live or what we call a production site.

What to look for if there is something wrong:

  • We have uptime alerts in place to notify us immediately should your website go offline for any reason. This is an extremely rare occurrence.
  • So far, none of the sites that we maintain have been hacked. That does NOT mean they won’t be hacked. Contact us immediately if you cannot access the front-end of your site or you see anything unusual such as new pages, odd links, or receive word that Google is reporting your site unsafe, etc. Chances are we’ll know first due to the numerous levels of hard security we keep in place. Our developer has been maintaining WordPress sites for many years. We’ve successfully cleaned hacked sites to restore them in recent years, however, none of those were under a maintenance plan.

We keep backups for all sites we maintain so we can restore quickly.  This is also independent of any backups that a hosting provider may have on the server. Some hosts charge extra for this service (GoDaddy) while others (SiteGround) provide 30 days of backups as part of the hosting plan.  We believe in having the option for redundant processes.

Please let us know if you have any questions or concerns.

* Statistical Source: Hosting Tribunal (

Print Friendly, PDF & Email