The Components of Site Health That Really Matter

A website can seem like a big, complex machine — and they often are. Because of the number of moving pieces, programming languages, and services involved, having confidence your site is in peak condition can feel elusive. We've seen under the hood of a lot of websites over the years. Here are the key elements of site health that are essential to stay on top of.


This may seem obvious, but many organizations struggle to stay on top of the credentials for the dozens of services that make their websites work. Having quick access to credentials in house (not just with third parties like that agency you worked with 4 years ago) as well as redundancy is very important in the event there are site issues, or someone leaves your organization. Make sure you're using a shared password manager for credentials for hosting, SSH/SFTP, your CMS, DNS, domain registrar, repository hosts (e.g. GitHub), as well as license keys for purchased plugins.

Software Versions

Is all your software up-to-date? This includes things like the WordPress core, plugins, PHP, and mySQL. Bonus points if you have a system in place for automatic updates and testing.


Besides keeping plugins up-to-date, check for the number of plugins your site relies on (fewer is generally better). We also recommend using a tool like Wordfence to automatically monitor plugins that may have been abandoned by their developers, as this can pose a security risk.

For more info on plugins, check out 5 questions to ask before installing a plugin.


You're likely aware of any front-end (visible) issues on your site, but it's also important to confirm none of the code on your site has become infected with malware. Here again, we rely on Wordfence.

Best Practices

Part of site health is protecting against future problems and making sure your development workflow is safe. At a minimum, you should have automated, off-site backups (kept for at least 30 days), one-click restores, as well as access to a staging environment where you can test all updates.

Yellow/Red Flags

Here's a shortlist of factors that may not be problems at all, but ought to raise an eyebrow for further investigation:

  • Tech debt. If you don't know what this is, check out our article on the topic.
  • All-in-one plugins. We're talking about plugins that provide a wide range of functions. LMSs are a good example.
  • Page builders. Think Divi or Elementor. While not inherently problematic, these can cause problems if not implemented with care.
  • Lots of users. The more users who have access to your site (even subscribers), the greater the security risk.
  • Third-party integrations. If your site connects to outside APIs, great! However, this is one more “moving part” that may need inspection.

Performing a periodic review of these elements is a great practice, and crucial to site reliability. Though sometimes time consuming, a site health check can save you even more time (and money) in the long run. And don't worry — if you need guidance when it comes to looking under the hood of your site, we’re here to help!

Monthly newsletter: Interviews with experts, websites doing it right, and recommended tools.

Sign me up

Hire us: exceptional websites and a better project experience.

Get started today
× strategy-guide-graphic

Free eBook: The Website Strategy Guide

Develop an air-tight plan for a winning website.

Learn more