Recently one of our readers asked what are some of the things we recommend doing immediately after inheriting a WordPress site?
Whether you’re a business owner who recently acquired a new website, or an office assistant who’s inheriting your company’s existing website from another team member, you might be wondering what are the most important next steps.
In this article, we will show you the top things you need to do when inheriting a WordPress site.
1. Get All The Passwords
When inheriting a WordPress site, the first thing you must do is gather all the username and password information. This includes your web hosting password, FTP password, CDN password, domain management password, email marketing service passwords, and password to all third party premium plugins or services that the website is using.
From our experience, scheduling a video call with the old developer or site owners works best because they can explain everything in detail.
The best way to manage all your website passwords is by using a password manager. We recommend using LastPass because it works with all your devices and allows you to store passwords in a group, share them securely, and use stronger passwords.
2. Change All Admin Password and Emails
Once you have received all the passwords, you need to change all of them.
This ensures that the previous developer or site owner cannot modify anything. Another thing you want to do is update all admin contact emails, so only you have the ability to reset passwords in the future.
You can do this by going to Users » All Users page in WordPress admin area and editing all user passwords along with contact details.
Next, you need to change the WordPress site admin email address. WordPress uses it to send important website notifications. Simply go to Settings » General page and enter a new email address there.
3. Take Notes and Familiarize Yourself
Before you make any other changes to the site, it is important to take notes and familiarize yourself with the website. If you’re not familiar with WordPress, then we recommend that you watch our WordPress 101 videos.
It is very important that you understand the importance and functionality of each WordPress plugin used on the website.
You would also want to review theme settings and the widgets you’re using.
You can take notes of different functionalities, features you would like to change, and more.
Note: please write all these notes down in Google Docs, Dropbox Paper, or somewhere else that you won’t lose it.
This information will help you understand everything. If you need help understanding something, then you can try contacting the previous owner or developer.
4. Setup an Automated Backup Solution
Backups are your first layer of defense against any online mishap. The previous site owner may have their own backup plugins setup which may be storing backup files to one of their remote storage accounts.
You would want to set up your own backups. There are plenty of excellent WordPress backup plugins that you can choose from.
You need to make sure that you set up your backups on a remote location like Google Drive, Dropbox, etc.
You also need to create a complete WordPress backup before making any further changes to your website. This would help you revert back your website in case anything goes wrong.
5. Update User Roles and Permissions
If you are a developer working on a website, then you’ll need to work with your client to assign user roles and permissions to their staff.
Your goal should be to limit the administrator user role to people who actually need to perform admin tasks. These tasks include things like changing the theme, installing new plugins, or adding new users to the website.
If you are working on your own site, then you will need to review user access. Create a new user account for your authors if needed.
If there are older author and editor accounts that you will not be working with, then you need to edit those user accounts and change their email address and password. See our guide on how to disable user accounts without deleting them.
6. Run Security and Performance Scans
Next, you need to make sure that your new WordPress website is secure and performing well.
For security scans, we recommend using Sucuri. It is the best WordPress security plugin on the market and allows you to easily scan your website for malicious code, security threats, and vulnerabilities.
For performance, you can use any of the online website speed test tools. We recommend using IsItWP website speed test tool which is easy to use and gives you a detailed overview of your website speed.
It is also important that you check to see that caching is configured properly.
Many WordPress hosting companies like Bluehost and SiteGround offer built-in caching solutions that you can turn on from your hosting account. You can also use a WordPress caching plugin like WP Rocket to instantly improve your website speed.
If the site is not running a CDN, then you should consider using a CDN service. Although this is not required, we always recommend users to use a CDN. For more details, see our guide on why you should use CDN.
7. Check for Proper Tracking and SEO Integration
If you have inherited the ownership of a new website, then old website owner may have transferred the Google Analytics property to you.
A lot of website owners simply add the Google Analytics code to their WordPress theme. This code disappears as soon as you update the theme or install a new one.
Make sure that the Google Analytics is properly installed on the website by either using MonsterInsights plugin or by adding the tracking code outside WordPress theme.
Similarly, they may have also transferred Google Search Console property to you as well.
Make sure that your site has XML Sitemaps in place for search console. You may also want to look at Google Search Console reports making sure there are no crawling issues or errors on the site.
8. Implement Version Control and/or Staging Site
If you’re a developer, then it is highly recommended that you implement version control for the site. It is fairly easy to use GitHub or BitBucket.
If you’re not a developer, then at the very least we recommend setting up a WordPress staging site which ensures that you have a stable testing environment before pushing things live. We recommend this step for all users.
For those who’re scared to set this up, then WP Engine a managed WordPress hosting provider offers a robust staging environment and git version control integration.
Other small business hosting providers like SiteGround and Bluehost are also offering staging features at affordable prices.
9. Run a Website Clean up
Now that you have familiarized yourself with the project, it is best to clean out all the unnecessary things. Delete all inactive themes and plugins. Delete all user accounts that are not needed.
Login to your WordPress database and optimize the database. Some bad plugins leave their database tables even after they’re deleted. If you notice any of those, then it is best to delete them. See our beginners guide to WordPress database management to safely optimize WordPress database.
10. Review Plugin Settings
A typical WordPress website uses several plugins that may still be referring to old owners. If you have taking the ownership of a website, then you would want to change that.
For example, the contact form plugin on the website may still be sending notifications to old email addresses. WordPress SEO plugin may still be pointing to previous owners’ social media profiles.
You can discover some of these things by looking at the website and testing all its features. You can also review plugin settings and update them if needed.
11. Upgrade Your Hosting Service
After running the website speed test, if your website is still slow despite using caching, then it is time to upgrade your hosting.
If it is a client website, then your performance tests would help you convince the client for the move. If you own the website yourself, then you just need to choose the right move.
We recommend using SiteGround or Bluehost as they are one of the biggest hosting companies and officially recommended WordPress hosting provider.
If your website has outgrown shared hosting, then you may want to consider using a managed WordPress hosting service like WP Engine.
See our guide on how to move WordPress to a new host for step by step instructions to move your website.
We hope that this article offered some insights on what you should do when inheriting a WordPress site. You may also want to see our guide on the must have WordPress plugins for business websites.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
This is a great prelaunch checklist as well! Thank you!
You’re welcome, glad our checklist was helpful
I have just inherited a wp site for a B&B group that I’m a member of. I have checked out the .css files, tried to standardize the main page, but find it frustrating that I cannot access the html files. The problem is, that there is only one paragraph style, which restricts my ability to get a break [single line] and instead I’m restricted to [double line] break . Is there any way I can add other paragraph styles with the current .css stylesheet, or is there another way?
Hi Hilary,
Please see our guide on how to add single/double line spacing in WordPress.
Thanks,
I’m about to takeover a site now and this is exactly what I’ve been looking for! I’ll probably have lots more questions to come!
Sure we would love to help out.
Very helpful tips.
This is really a good post. I never got any relevant info from former webmasters when taking over a wordpress installation (other projects as well)
I use to write docs with all necessary info, and send them as PDF to the site owner and the new webmaster (if I have contact info)
by that, you can always point to that info when questions arrive…
whith this policy I earn money, as any help, where the info is in the doc, brings cash…
Very real usefull information about inherit WP websites.. I’ve had bad experiences. Tks a lot!
I would immediately generate new WordPress security keys, like you explained here: https://www.wpbeginner.com/beginners-guide/what-why-and-hows-of-wordpress-security-keys/
Great post. The thing I notice most often are the obvious ones. Leaving wp version there for all to see, old version of wp and plugins, and as you suggested, having admin as the user name for admin. I also recommend scanning the theme for base64 code, links to external sites using TAC plugin.