Create an ownership and access register
Record who controls the domain, DNS, hosting, business email, analytics, search tools, payment accounts and website administration. Use business-owned accounts wherever possible instead of relying on a former employee or external vendor’s personal login.
Store recovery information securely and review access when staff or service providers change.
Use tested updates instead of automatic assumptions
Content management systems, plugins, themes, server software and application dependencies need updates, but updates can also introduce compatibility problems. Maintain a staging or backup process before changing production.
After each update, test the homepage, navigation, forms, login, checkout and any custom workflow that affects customers.
Maintain recoverable backups
A backup is useful only when it contains the required files and database and can be restored. Keep more than one recent copy and avoid storing the only backup on the same server as the live website.
For frequently changing ecommerce or booking systems, the backup frequency should reflect how much recent data the business can afford to lose.
Review security signals and suspicious activity
Check login attempts, unexpected admin users, changed files, spam submissions, malware alerts and unusual resource usage. Use strong unique passwords and multi-factor authentication where supported.
Security requires layered controls and ongoing monitoring; no plugin or configuration can guarantee that a website will never be compromised.
Test forms, email and conversion paths
Submit every important form regularly and verify that the business receives the message. Check spam folders, SMTP delivery, confirmation messages and validation errors.
For ecommerce, test cart, payment status, order notifications and stock behaviour. For booking systems, test slot selection and confirmation messages.
Monitor speed and user experience
Track slow pages, oversized images, layout shifts, broken scripts and mobile usability. Performance can degrade gradually as content, plugins and third-party services grow.
Optimise based on real pages and user journeys rather than chasing a single score without context.
Keep content and search information accurate
Update services, contact details, pricing explanations, team information and policy pages when the business changes. Remove expired offers and redirect replaced pages instead of leaving broken links.
Review sitemap coverage, indexing reports and important search queries periodically. Maintenance should preserve both user trust and crawl clarity.
Practical checklist
- Domain and hosting ownership confirmed
- Off-server backups completed and restore process tested
- Software updates applied after backup or staging checks
- Admin users and access permissions reviewed
- Forms, email and customer notifications tested
- Broken links and outdated content corrected
- Mobile layout and important journeys checked
- Security logs and unusual activity reviewed
- Sitemap and Search Console coverage reviewed
Common questions
Routine monitoring can be continuous, while content, updates, forms, backups and search reports should be reviewed on a schedule appropriate to the website’s change rate and risk.
No. Hosting keeps infrastructure available; maintenance includes updates, testing, backups, monitoring, content corrections and support.
Some updates can be automated, but critical websites still need backups, compatibility checks and post-update testing.
The business should normally retain ownership and provide controlled access to service providers.