What to Do When You Inherit an Existing WordPress Website

Once you’ve found the active theme, it’s a good idea to look through its functions.php file. This is most often home to calls for any outside scripts and styles that are being used, along with other theme and plugin customizations. This is vital to know if you plan on redesigning the site using a different theme.
Taking over maintenance duties on an existing website is a big deal. The last thing you want to do is wander into it blindly. Making the effort to learn as much as you can about the site’s makeup and overall health will make the process much easier.
Even if a theme is up-to-date, it still may be using deprecated or unsupported code. One easy way to find out is to install the Theme Check plugin. It will make you aware of any potential issues with outdated code.

Project Requirements

  • Administrator Access to the WordPress Dashboard
  • Access to theme files (preferably through FTP)
  • Text Editor

1. Login and Explore

Check Performance
So when taking over a site, it is good practice to hunt down any possible intrusions. There are a couple of simple tasks to carry out:
Look for Unfamiliar File Names & Modified Dates
Browse through your install via FTP or a hosting control panel and look for any file names you don’t recognize. Telltale signs of a hack can include file names that are simply nonsensical gibberish. Open them up in a text editor (be sure to scan for viruses/malware before opening up on your local system) and check for any strange code that doesn’t look like it belongs.
Of course, security is quite a vast subject and volumes have been written on it. The tasks above aren’t a complete strategy, but they will give you a general idea of the website’s health.
Don’t forget to check in any subfolders. Important template code and scripts may be found there.

2. Review Theme Files

Inheriting a website built by someone else can be intimidating for even experienced web designers. That holds especially true for sites built with WordPress. The fact is that there is any number of themes and plugins a site could be running – not to mention all the customization possibilities.
Look for Signs of Malicious Code
They’ll look for any signs of compromised files. It’s not a bad idea to leave Wordfence enabled, as it will routinely perform scans and email you with any security risks it finds – including outdated software. If you only do one thing for security – this should be it.
Review Theme Files
Beyond that essential file, it’s also worth viewing other theme files as well. Check out template files and compare them to the WordPress Template Hierarchy. See which templates have been customized and study their code. You may find custom fields, queries or other useful information.

3. Look for Signs of Malicious Code

Even files that look legitimate can be compromised. Check the last-modified dates in search of anything suspicious. For example, if you know the theme hasn’t been updated in several months, a theme file with a modified date from last week should raise a red flag. Again, look for any signs of code that doesn’t belong.
Lastly, be on the lookout for any custom fields or post types being used. Try to determine whether they are part of a specific plugin or custom built for the site.
If nothing else, you’ll find out more about them and how they like to work. That’s important to know for getting things done in the future.
Run a Security Scan
Use a security suite to scan through your WordPress install and see if anything turns up. You can do this by installing the free version of the Wordfence plugin or through a third-party service like Sucuri.
You’ll also want to note if the theme being used is a child theme. You can do this by visiting Appearance > Themes, hovering over the active theme and clicking the Theme Details button that appears. If the site is running a child theme, it will be stated as such in the details window. This is important information as it will help you to diagnose any potential problems.
Talk with Stakeholders
Taking over someone else’s creation is definitely not for the faint of heart. But there are some specific steps you can take right from the very beginning to get a sense of the situation you’re faced with. The following is a checklist of items to check when forming an analysis on an existing WordPress site. It may be a good idea to run through the list before sending any cost estimates over to your new client.
Login and Explore

4. Check Performance

When you inherit a website, it’s because stakeholders in the organization believe you can do the job. But they’re not always forthcoming about all the details associated with their site. It’s not because they have anything to hide, rather, they simply may not have been asked about all the specifics.
The first step is a simple one. Take a cursory glance through the WordPress administration area (aka Dashboard) and make note of the active theme and plugins used by the site.
You may not catch every issue or know how every bit of functionality works, but you’ll gain insight that will help you figure it all out down the road.

5. Talk with Stakeholders

Assessing site performance is another key to learning more about what you’ve inherited. While the simple process of opening the site in your browser and clicking through the navigation will give you a general idea if things are working, you should go a bit deeper. Don’t worry, though – it’s easy!
Another thing you’ll want to find out is what, if any, items are in need of an update. If WordPress core, themes or plugins are severely out of date, this could further complicate the situation.
A simple way to gauge performance is by running the site’s URL through a service like GTmetrix or Pingdom. They’ll tell you how well optimized the site is and point out any items that are slowing things down.
It’s no secret that sites running WordPress are constant targets of malicious bot attacks. They hammer away with login attempts and try to sniff out virtually anything that can be compromised. They’ll look for vulnerable themes, plugins and outdated versions of the WordPress core.

It’s your Baby Now

Start a dialogue with them and ask about what’s working and what isn’t. If they haven’t provided you with a specific task list, inquire about the things they’d like to change. You may be surprised how much you can learn from this simple step.
While the ability to create something in multiple ways is part of the beauty of WordPress, it also makes it feel darn near impossible to decipher all the ins and outs of a particular site.

Posted by WordPress Guru