Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
25 Million+
Websites using our plugins
Years of WordPress experience
WordPress tutorials
by experts

11 Things You Should Do When Inheriting a WordPress Site

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Have you just inherited an existing WordPress site, and you are wondering what you should do first?

Whether you are a business owner who recently acquired a new website or an office assistant inheriting your company’s existing website from another team member, you might be wondering what the most important next steps are.

In this article, we will show you the top things you need to do when inheriting a WordPress site.

Things to do when inheriting a WordPress site

What Challenges Could You Face When Inheriting a Site?

Inheriting a new WordPress website can bring a lot of challenges.

Whether you have acquired the site from another business or been assigned a company website, getting up to speed with the workflow and familiarizing yourself with WordPress can take time.

Similarly, running a website requires other tools like email marketing software or third-party plugins. When inheriting a website, you should have login credentials to all the software.

Other than that, your newly inherited website might not be secure. One of the best practices is to create a backup and scan your site for threats. This will help highlight areas that could lead to a potential attack and allow you to fix them quickly.

That said, let’s look at the things you should do when inheriting a new WordPress site. You can click the links below to jump ahead to your preferred section:

1. Get All The Passwords

Update all the passwords

When inheriting a WordPress site, the first thing you must do is gather all the username and password information.

This includes your web hosting password, FTP password, CDN password, domain management password, email marketing service password, and the passwords for all third-party premium plugins or services that the website is using.

We suggest scheduling a video call with the old developer or site owners so that they can explain everything in detail.

The best way to manage all your website passwords is by using a password manager. We recommend using 1Password because it works with all your devices and allows you to store passwords in a group, share them securely, and use stronger passwords.

2. Change All Admin Password and Emails

Once you have received all the passwords, you need to change them.

This ensures that the previous developer or site owner cannot change anything. Another thing you want to do is update all admin contact emails so only you can reset passwords in the future.

You can do this by going to the Users » All Users page in the WordPress admin area and editing all user passwords along with contact details.

Add new users to WordPress

Next, you need to change the WordPress site admin email address. WordPress uses it to send important website notifications.

Simply go to the Settings » General page and enter a new email address.

Change admin email address

Note: We recommend installing WP Mail SMTP before changing the email address to make sure all the notification emails reach their recipients.

3. Take Notes and Familiarize Yourself

Take notes when inheriting a website

Before making any other site changes, taking notes and familiarizing yourself with the website is vital. If you are unfamiliar with WordPress, then you can see our beginner’s guide on what WordPress is.

It is very important that you understand the importance and functionality of each WordPress plugin used on the website.

You will also want to review theme settings and the widgets you use.

You can take notes of different functionalities, features you would like to change, and more.

Note: Please write all these notes down in Google Docs, Dropbox Paper, or somewhere else so that you won’t lose them.

This information will help you understand everything. If you need more help, then you can try contacting the previous website’s owner or developer.

4. Set Up an Automated Backup Solution

Backup your website

Backups are your first layer of defense against any online mishap. The previous site owner may have their own backup plugins set up, which may be storing backup files in one of their remote storage accounts.

You will want to set up your own backups. There are plenty of excellent WordPress backup plugins that you can choose from, including Duplicator.

You need to make sure that you set up your backups in a remote location like Google Drive, Dropbox, or similar.

You also need to create a complete WordPress backup before making further changes to your website. This will help you revert your website in case anything goes wrong.

5. Update User Roles and Permissions

If you are a developer working on a website, then you will need to work with your client to assign user roles and permissions to their team.

Your goal should be to limit the administrator user role to people who actually need to perform admin tasks. These tasks include things like changing the theme, installing new plugins, or adding new users to the website.

To change a user role, simply go to Users » All Users from your WordPress dashboard and edit a user profile. Next, scroll down to the ‘Role’ section and select the user role you wish to assign.

Edit user roles in WordPress

If you are working on your own site, then you will need to review user access. Create a new user account for your authors if required.

If there are older author and editor accounts that you will not be working with, then you need to edit those user accounts and change their email address and password. See our guide on how to disable user accounts without deleting them.

6. Run Security and Performance Scans

Run scans and secure your site

Next, you need to make sure that your new WordPress website is secure and performing well.

For security scans, we recommend using Sucuri. It is the best WordPress security plugin on the market and allows you to easily scan your website for malicious code, security threats, and vulnerabilities.

You can see our ultimate WordPress security guide for more details.

For performance, you can use any of the online website speed test tools. We recommend using the IsItWP website speed test tool, which is easy to use and gives you a detailed overview of your website speed.

IsItWP speed test tool

It is also important to check that caching is configured properly.

Many WordPress hosting companies like Bluehost and SiteGround offer built-in caching solutions that you can turn on from your hosting account. You can also use a WordPress caching plugin to improve your website speed instantly.

If the site is not running a CDN, then you should consider using a CDN service. Please see our guide on why you should use a CDN to learn more.

For more tips and tricks, you may want to see our ultimate guide to boost WordPress speed & performance.

7. Check for Proper Tracking and SEO Integration

Set up website tracking

If you have inherited the ownership of a new website, then the old website owner may have transferred the Google Analytics property to you.

A lot of website owners simply add the Google Analytics code to their WordPress theme. This code disappears as soon as you update the theme or install a new one.

Make sure that Google Analytics is properly installed on the website by either using MonsterInsights or by adding the tracking code to the WordPress theme.

Similarly, the previous site owner may have also transferred the Google Search Console property to you.

Make sure that your site has XML Sitemaps in place for the Search Console. You may also want to look at the Google Search Console reports to make sure there are no crawling issues or errors on the site.

We recommend using All in One SEO (AIOSEO) because it is the best SEO plugin for WordPress. You can easily optimize your site for search engines without hiring an expert.

8. Implement Version Control and/or a Staging Site

Implement version control

If you are a developer, then it is highly recommended that you implement version control for the site. It is fairly easy to use GitHub or BitBucket.

If you are not a developer, then at the very least, we recommend setting up a WordPress staging site that ensures that you have a stable testing environment before pushing things live. We recommend this step for all users.

If you are scared to set this up, then WP Engine, a managed WordPress hosting provider, offers a robust staging environment and git version control integration.

Other small business hosting providers like SiteGround and Bluehost also offer staging features at affordable prices.

9. Run a Website Cleanup

Now that you have familiarized yourself with the new website, it is best to clean out all the unnecessary things. Delete all inactive themes and plugins, along with all unneeded user accounts.

You also need to log in to your WordPress database and optimize it. Some bad plugins leave their database tables even after they are deleted. If you notice any of those, then it is best to delete them.

You can read our beginner’s guide to WordPress database management to learn how to optimize the WordPress database safely.

10. Review Plugin Settings

Review plugin settings

A typical WordPress website uses several plugins that may still be referring to old owners. If you have taken ownership of a website, then you will want to change this.

For example, the contact form plugin on the website may still be sending notifications to old email addresses. WordPress SEO plugins may also still be pointing to previous owners’ social media profiles.

You can discover some of these things by looking at the website and testing all its features. You can also review plugin settings and update them if needed.

11. Upgrade Your Hosting Service

Upgrade your website hosting

After running a website speed test, and if your website is still slow despite using caching, then it is time to upgrade your hosting.

If it is a client website, then your performance tests should help you convince the client to move. If you own the website yourself, then you just need to choose the right web host.

We recommend using SiteGround or Bluehost as they are some of the biggest hosting companies and officially recommended WordPress hosting providers.

If your website has outgrown shared hosting, then you may want to consider using a managed WordPress hosting service like WP Engine.

See our guide on how to move WordPress to a new host for step-by-step instructions to move your website.

We hope that this article offered some insights on what you should do when inheriting a WordPress site. You may also want to see our list of important metrics to measure on the WordPress site and how to set up WordPress form tracking in Google Analytics.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

13 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Jiří Vaněk says

    Inheriting someone’s website can be a nightmare. This list is really very valuable as a ToDo list to follow. Really great summary. Thank you so much for this great list.

  3. Hilary says

    I have just inherited a wp site for a B&B group that I’m a member of. I have checked out the .css files, tried to standardize the main page, but find it frustrating that I cannot access the html files. The problem is, that there is only one paragraph style, which restricts my ability to get a break [single line] and instead I’m restricted to [double line] break . Is there any way I can add other paragraph styles with the current .css stylesheet, or is there another way?

  4. saymay says

    I’m about to takeover a site now and this is exactly what I’ve been looking for! I’ll probably have lots more questions to come!

  5. Connie says

    This is really a good post. I never got any relevant info from former webmasters when taking over a wordpress installation (other projects as well)

    I use to write docs with all necessary info, and send them as PDF to the site owner and the new webmaster (if I have contact info)

    by that, you can always point to that info when questions arrive…
    whith this policy I earn money, as any help, where the info is in the doc, brings cash…

  6. Penelope Cruz says

    Very real usefull information about inherit WP websites.. I’ve had bad experiences. Tks a lot!

  7. RW says

    Great post. The thing I notice most often are the obvious ones. Leaving wp version there for all to see, old version of wp and plugins, and as you suggested, having admin as the user name for admin. I also recommend scanning the theme for base64 code, links to external sites using TAC plugin.

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.