Regardless of the purpose or complexity of your website, maintenance is always necessary. Without it, your site will surely fall apart sooner or later, giving your business an unstable image or putting your personal site's files at risk of being irretrievable.

This weekly web maintenance checklist is the first of four in a series of weekly, monthly, quarterly, and yearly processes.

You can get the full 4 checklists here.

In this checklist, we'll go through the vital regular tasks that will ensure your backups are safe, your CMS is up to date, and your site is free of spam and vulnerabilities.

(This checklist was adapted from a template created by Simon Kelly, a Process Street user. Simon expanded upon his checklist in a post here.)

Check your monitoring tool for uptime reports

Is your host as stable as you first thought? Has something gone horribly wrong and taken your site offline?

Check your monitoring tool ( and UptimeRobot are both free), and take note of the uptime %.

Tools like Pingdom also offer performance testing and more robust monitoring tools.

You can track your uptime percentage over time by logging it in this checklist every week:

Check search console for any error reports

If your site isn't being crawled properly by Google, you're losing a huge chunk of your traffic. A major priority for website maintenance is to check for crawl errors, 404s, and other accessibility and crawling problems.

  • 1
    Go to
  • 2
    Check recent messages for the site
  • 3
    Take action on the notifications

Save backups to your computer

You can save backups via SSH using Terminal.

Whether you're using a tool that saves backups straight to the website's server, or pushing backups to the cloud, you should always keep a local copy. If you don't have a cron job set up to do this, it'll need to be done manually.

Go into your site's server root and download a local copy of the most recent backup. You can do this with SFTP, or SSH in Terminal.

With a paid cloud backup tool like BackupGuard or CodeGuard, you can access backups through a user-friendlier interface than SFTP, and be safe in the knowledge that recent backups are accessible from any computer at any time.

CodeGuard can store backups to the cloud automatically.

Update plugins and CMS

Outdated plugins and CMSs can contain security vulnerabilities that allow hackers to gain access to your site, insert malware, and copy sensitive information.

WordPress is an especially big target for hackers. Plugin and theme updates  are developed regularly to fix vulnerabilities that have been exploited in the past.

Plugin updates will be available via your CMS' interface, but you can also set up something to automatically manage your updates.

WordFence for WordPress, for example, will email you whenever a plugin, theme, or CMS is out of date. You can also edit funcitions.php to set updates automatically, but make sure you know how to roll back changes if anything happens.

On WordPress, just go to the Updates page in your site's back end.

Check all forms to ensure they are working properly

Automated user testing with Grunt

You have no way of capturing the emails, feedback, comments, and messages from your site's users if your forms are broken. If you just one form, go ahead and test it manually.

If you have a ton, there's no way you're going to want to pick through them one by one. Set up a testing tool like Selenium or Grunt, or use this simple guide with TestingWhiz.

  • 1
    Contact forms
  • 2
    Lead generation forms
  • 3
    Special promotion forms
  • 4
    Survey responses

Check deliverability of emails sent from the web server

You can use a free online tool like Wormly or DNSstuff to check whether your mail server is working properly.

If your mail server is down, your marketing, support, and sales emails aren't getting through to your users, and they also can't reach you. You can diagnose mail server issues through cPanel if your tests bring up errors.

DNSstuff's Mail Server Test Center

Use the form field below to log any error messages for future reference:

Process spam comments

Popular websites can attract thousands of spam comments every day, which is far too many to effectively manage.

Akismet, a free plugin by the creators of WordPress, catches spam comments and puts them in the spam queue for processing. You can either choose to manually process spam, or to automatically clear it out after 15 days.

Another tool you can use to manage comments is Disqus. It works no matter which CMS you use, or if you don't use a CMS at all, and uses Akismet's leading technology.

Process form submissions

The Typeform dashboard lets you track the traffic and completion rate of your site's forms

Forms can seem like a 'set it and forget it' tool, but you do need to be monitoring form inputs. Tools like Typeform, Wufoo, or GravityForms (WordPress) all can integrate with 750+ other apps via Zapier so you can collate form responses in a Google Sheet, CRM, or mySQL database.

Learn more about automating your pesky repetitive tasks with Zapier with our free complete Zapier guide ebook.

  • 1
    Contact forms
  • 2
    Lead generation forms
  • 3
    Special promotion forms
  • 4
    Survey responses

Check remaining space on server disk

Log into your server (using cPanel, SSH or your usual method), and check how much disk space is available. Disk space is always necessary to keep tabs on because if it hits 100% your site will go instantly go offline until you free space up.

In cPanel, you can check storage with the Disk Space Usage tool:

Alternatively, log into your site via SSH and use the df -h command.


Sign up for a FREE account and
search thousands of checklists in our library.

Sign up for a FREE account and search thousands of checklists in our library.