If you're a Performance Foundry hosting client, we do all sorts of things to keep your site healthy, including backups, security scans, and updates of various sorts.
However, there are certain things you can do to make sure your site is fit and well! Run through this checklist every six months or so for best results.
This one is so important that we wrote a whole article about it. Please note that we don't recommend the Broken Link Checker plugin.
You might also want to read this article about 404s.
Some theme authors/services email you when an update comes out, but some don't, so you need to check with the service (e.g. Themeforest) to see if you have the most up-to-date version. If you don't, download the theme files, send them to us, and we'll update the theme for you.
If you had your theme custom-built for you by Performance Foundry, we'll do updates for you behind the scenes. If there's a problem with a custom theme built by another developer, and you're on our hosting package, we can probably help you with fixing that up. Depending on the changes that need to be made, we may have to put a quote together for you.
We recommend all sites have a full redesign every three or four years, to make sure they are in line with new developments in software and security, as well as to keep them looking fresh and modern -- just like everything else, there are fashions in web design! A full redesign means that you get a site that is designed especially for you and your site users. Performance Foundry specialises in creating well-performing sites, and have a range of site redevelopment options depending on your budget and timeframe.
If you're not interested in full site redevelopment, changing your theme to a more-modern one could also be an option.
Go through all your comments thoroughly and weed out any spam. All Performance Foundry clients have access to a professional-level Akismet licence key for spam checking. This service learns from billions of spam reports each year, so is pretty good at detecting spam!
If you have the Akismet plugin, the licence key is automatically available. If you would like access to this feature, just install the Akismet plugin on your site.
Firstly, make sure none of your administrator users are called "admin", and that you have a very limited number of users with admin or editor privileges. Downgrade users if appropriate! Then, ensure all users with admin or editor access have strong passwords since no security can ensure that a password like "password" isn't broken!
Read more about changing your WordPress username from admin to something more secure in this blog post.
A virus on your computer can be used as an attack vector to get into your site, so make sure to keep your computer squeaky clean too. Also, always use a secure connection when logging into your site as admin, for the same reason.
Using a VPN and encrypting your hard drive are also recommended.
If you need to log in on a dodgy connection or from a less-than-awesome computer, consider using a login with fewer privileges -- perhaps set yourself up an "author" login for situations like this.
Take a quick look at the static pages on your site and make sure they are up to date. "About" pages, in particular, tend to need a quick refresh. If your theme doesn't automatically update your footer's copyright date, set up an annual task to review that too.
It's worth taking some time to look at your oldest or worst-performing posts and deciding if they are still relevant. If they are, update them with things like up-to-date links and prices; you might need to replace old photos with larger ones. If you want to, you can republish some of these articles so they reappear on your homepage -- this can give a good SEO boost.
If the post really has no value anymore, you can delete it. If the page doesn't have any links pointing to it, you don't need to set up a redirect to another page.
You can check for inbound links for individual posts on Moz's Link Explorer. This can trail real data by a couple of weeks but is great for older posts which are really unlikely to have been linked to during that time. Also, check for internal links within WordPress by copying and pasting part of the URL of the post into your search bar. You can remove internal links by going into the posts/pages where they appear and deleting them!