WordPress Backup, Migration & Maintenance Guide

📋 Introduction

This comprehensive guide provides professional-level instructions for managing WordPress installations on Ubuntu servers using Nginx, PHP-FPM, and MariaDB. The following sections cover critical maintenance tasks, security configurations, backup strategies, and system optimization techniques essential for maintaining robust and secure WordPress deployments.

🔄 System Updates & Maintenance

Basic Update Commands

Regular system updates are fundamental to maintaining server security and stability. The following commands should be executed regularly to keep your Ubuntu server current with the latest security patches and package updates.

Update package lists

sudo apt update

Upgrade installed packages

sudo apt upgrade

Remove unnecessary packages

sudo apt autoremove

Combined Update Commands

For efficiency, you can chain these commands together using the && operator, which ensures each command executes only if the previous one succeeds.

Combined update without automatic confirmation

sudo apt update && sudo apt upgrade && sudo apt autoremove

Combined update with automatic confirmation (-y flag)

sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y

Creating a Bash Alias

To streamline the update process, you can create a bash alias that executes all update commands with a single keyword. This significantly reduces typing and makes system maintenance more convenient.

Navigate to home directory

cd

Edit bash aliases file

nano .bash_aliases

Add the following alias to the file:

alias server_updates='sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y'

Activate the alias (exit and log back in, or use source)

exit

After logging back in, you can simply type server_updates to execute all update commands.

Creating an Update Script

For more complex update scenarios or when you need additional control, creating a dedicated bash script provides flexibility and reusability.

Create the update script

sudo nano server_updates.sh

Script Contents:

#!/bin/bash

# Check if script is run as root
if [ "$EUID" -ne 0 ]; then
  echo "Please run this script with sudo or as root."
  exit
fi

# Update package lists
echo "Updating package lists..."
sudo apt update

# Upgrade installed packages
echo "Upgrading installed packages..."
sudo apt upgrade -y

# Remove unnecessary packages
echo "Removing unnecessary packages..."
sudo apt autoremove -y

echo "Update, upgrade, and autoremove completed."

Make the script executable

chmod +x server_updates.sh

Run the script

sudo ./server_updates.sh

🔧 WordPress Updates & Permissions Management

⚠️ Important Note

Replace PHP_POOL_USER with your actual PHP-FPM pool user (typically the domain name or site-specific user) and example.com with your actual domain name in all commands below.

Standard Permissions for WordPress Updates

Before performing WordPress updates through the dashboard, you need to set appropriate permissions that allow the web server to write to files. The following sequence demonstrates the complete process.

Navigate to site directory

cd /var/www/example.com/

List directory contents and permissions

sudo ls -l public_html/

Change ownership to PHP pool user

sudo chown -R PHP_POOL_USER:PHP_POOL_USER public_html/

Set directory permissions to 770

sudo find /var/www/example.com/public_html/ -type d -exec chmod 770 {} \;

Set file permissions to 660

sudo find /var/www/example.com/public_html/ -type f -exec chmod 660 {} \;

After setting these permissions: Open the WordPress Dashboard and perform all necessary updates. The permissive settings allow WordPress to modify files during the update process.

Reload PHP-FPM after updates

sudo systemctl reload php8.3-fpm

Hardened Permissions (Post-Update)

After completing updates, it's crucial to implement hardened permissions to enhance security. This configuration restricts write access while maintaining necessary functionality for the wp-content directory where uploads and caches are stored.

WordPress Permission Workflow

Set Permissive Permissions (770/660)

→

Perform Updates

→

Apply Hardened Permissions (550/440)

→

Reload PHP-FPM

Navigate to site directory

cd /var/www/example.com/

List directory contents

sudo ls -l public_html/

Ensure correct ownership

sudo chown -R PHP_POOL_USER:PHP_POOL_USER public_html/

Set restrictive directory permissions (550 - read and execute only)

sudo find /var/www/example.com/public_html/ -type d -exec chmod 550 {} \;

Set restrictive file permissions (440 - read only)

sudo find /var/www/example.com/public_html/ -type f -exec chmod 440 {} \;

Set permissive permissions for wp-content directories (770)

sudo find /var/www/example.com/public_html/wp-content/ -type d -exec chmod 770 {} \;

Set permissive permissions for wp-content files (660)

sudo find /var/www/example.com/public_html/wp-content/ -type f -exec chmod 660 {} \;

Reload PHP-FPM

sudo systemctl reload php8.3-fpm

Complete Update Process with Hardened Permissions

The following sequence represents the complete workflow for updating WordPress with security-hardened permissions.

Step 1: Set Permissive Permissions

sudo find /var/www/example.com/public_html/ -type d -exec chmod 770 {} \;

sudo find /var/www/example.com/public_html/ -type f -exec chmod 660 {} \;

Step 2: Perform WordPress Updates

Log into your WordPress Dashboard and complete all necessary updates (core, plugins, themes).

Step 3: Apply Hardened Permissions

sudo find /var/www/example.com/public_html/ -type d -exec chmod 550 {} \;

sudo find /var/www/example.com/public_html/ -type f -exec chmod 440 {} \;

sudo find /var/www/example.com/public_html/wp-content/ -type d -exec chmod 770 {} \;

sudo find /var/www/example.com/public_html/wp-content/ -type f -exec chmod 660 {} \;

Final step: Reload PHP-FPM

sudo systemctl reload php8.3-fpm

🔒 Security Scanning Tools

ClamAV - Antivirus Scanner

ClamAV is an open-source antivirus engine designed for detecting trojans, viruses, malware, and other malicious threats. It's particularly useful for scanning web server directories and uploaded files.

Installation

Update package lists

sudo apt update

Install ClamAV

sudo apt install clamav

The ClamAV virus definition database will update automatically after installation.

Disable Automatic Updates (Optional)

If you prefer to manually control when virus definitions are updated, you can disable the automatic freshclam service.

Stop freshclam service

sudo systemctl stop clamav-freshclam

Disable freshclam from starting on boot

sudo systemctl disable clamav-freshclam

Manual Database Updates

Manually update virus definitions

sudo freshclam

Scanning Directories

Perform a recursive scan of a directory

sudo clamscan -r /path/2/scan

Complete Manual Workflow

Update database and run scan

sudo freshclam

sudo clamscan -r /path/2/scan

Rootkit Hunter (rkhunter)

Rootkit Hunter is a Unix-based tool that scans for rootkits, backdoors, and possible local exploits. It compares SHA-1 hashes of important files with known good ones in online databases.

Installation

Install rkhunter

sudo apt install rkhunter

Initial Configuration

Update rkhunter properties database

sudo rkhunter --propupd

Running Scans

Perform comprehensive system check with skip-keypress

sudo rkhunter --checkall --sk

Flag Options:

--checkall: Performs all available tests
--sk or --skip-keypress: Runs scan without pausing for user input

Viewing Scan Results

View log file with cat

sudo cat /var/log/rkhunter.log

View log file with less (paginated)

sudo less /var/log/rkhunter.log

Disable Automatic Scheduled Scans

By default, rkhunter may be configured to run automatically. If you prefer manual control, remove the cron jobs.

Navigate to daily cron directory

cd /etc/cron.daily/

Remove daily rkhunter job

sudo rm rkhunter

Navigate to weekly cron directory

cd /etc/cron.weekly/

Remove weekly rkhunter job

sudo rm rkhunter

💾 Database Performance Tuning

MariaDB/MySQL Performance Monitoring

Proper database tuning is essential for WordPress performance. The following queries help you understand your database memory usage and optimize the InnoDB buffer pool configuration.

View InnoDB Buffer Pool Actual Memory Usage

This query shows how much memory the InnoDB buffer pool is actually using, which helps determine if your buffer pool size is appropriate.

SHOW GLOBAL STATUS LIKE 'Innodb_buffer_pool_bytes_data';

View Total Database Size

Understanding the total size of each database helps in capacity planning and buffer pool sizing.

SELECT table_schema AS "Database", ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS "Size (MB)" FROM information_schema.tables GROUP BY table_schema;

View InnoDB Database Size

This query specifically shows the size of databases using the InnoDB storage engine, which is the default for WordPress.

SELECT table_schema AS "Database", SUM(data_length + index_length) / 1024 / 1024 AS "Size (MB)" FROM information_schema.tables WHERE engine = 'InnoDB' GROUP BY table_schema;

View Buffer Pool Usage by Database

SELECT table_schema AS "Database", SUM(data_length + index_length) / 1024 / 1024 AS "Size (MB)" FROM information_schema.tables WHERE engine = 'InnoDB' GROUP BY table_schema;

View Table I/O Statistics

This query provides detailed information about read and write operations on database tables, helping identify performance bottlenecks.

SELECT object_schema AS 'Database', object_name AS 'Table', COUNT_READ AS 'Reads', COUNT_WRITE AS 'Writes', SUM_TIMER_READ / 1000000000 AS 'Read Time (ms)', SUM_TIMER_WRITE / 1000000000 AS 'Write Time (ms)' FROM performance_schema.table_io_waits_summary_by_table ORDER BY SUM_TIMER_READ + SUM_TIMER_WRITE DESC;

Database Tuning Best Practices:

Set InnoDB buffer pool to 70-80% of available RAM for dedicated database servers
Monitor buffer pool hit ratio (should be above 99%)
Regular optimization of tables can improve query performance
Keep WordPress database clean by removing post revisions and transients

MySQLTuner

MySQLTuner is a Perl script that analyzes your MySQL/MariaDB performance and provides recommendations for optimization.

Navigate to home directory

cd

Navigate to MySQLTuner directory

cd MySQLTuner/

List directory contents

ls -l

Run MySQLTuner with sudo (required for database access)

sudo ./mysqltuner

Note: MySQLTuner must be run with sudo privileges as it needs to authenticate with MariaDB to gather performance metrics.

💿 Disk Space Management

Effective disk space management is critical for server stability. Running out of disk space can cause system crashes, database corruption, and service failures. Regular monitoring and cleanup are essential maintenance tasks.

Check Available Disk Space

Display disk usage in human-readable format

df -h

The -h flag displays sizes in human-readable format (KB, MB, GB) rather than blocks.

Package Cleanup

Over time, package managers accumulate cached files and unused dependencies. Regular cleanup frees significant disk space.

Remove unused packages and clean package cache

sudo apt autoremove && sudo apt clean

System Log Cleanup

System logs can grow substantially over time. The journalctl vacuum command removes old log entries based on time or size constraints.

Remove journal logs older than 1 day

sudo journalctl --vacuum-time=1days

Alternative vacuum options:

--vacuum-time=7days: Keep only the last 7 days of logs
--vacuum-size=100M: Limit total log size to 100MB
--vacuum-files=10: Keep only 10 most recent journal files

Analyze Directory Sizes

When investigating disk space issues, identifying the largest directories helps pinpoint where cleanup is needed.

Navigate to root directory

cd /

Display directory sizes sorted by size

du -ah --max-depth=1 | sort -h

Command Breakdown:

du: Disk usage command
-a: Include files as well as directories
-h: Human-readable format
--max-depth=1: Only show immediate subdirectories
| sort -h: Sort results by size (largest at bottom)

You can navigate to any directory and run the same command to drill down into subdirectories and identify space consumers.

🌐 Network & Nginx Configuration

Connection Backlog Configuration

The backlog parameter defines the maximum number of pending connections that can be queued. For high-traffic sites, increasing this value helps prevent connection drops during traffic spikes.

Recommended Backlog Setting:

backlog=2048

Nginx Listen Directive Configuration

Add the backlog parameter to your Nginx server blocks for both HTTP and HTTPS listeners.

listen 80 backlog=2048;

listen 443 ssl backlog=2048;

System Configuration: You may also need to increase the system-level backlog limit by editing /etc/sysctl.conf and setting net.core.somaxconn=2048, then running sudo sysctl -p to apply changes.

⚡ PHP OPcache Optimization

Monitoring PHP Files Per Pool

The OPcache max_accelerated_files setting determines how many PHP files can be cached. Setting this appropriately prevents cache thrashing and improves performance.

OPcache File Count Script

This script analyzes your PHP-FPM pool configurations and compares the configured max_accelerated_files value with the actual PHP file count for each WordPress site.

Create the OPcache monitoring script

nano opcache_files.sh

Script Contents:

#!/bin/bash

round_to_prime() {
    local value=$1
    primes=(223 463 983 1979 3907 7963 16229 32531 65407 130987 262237 524524 1048793)
    closest=0
    min_diff=$((value - primes[0]))
    for prime in "${primes[@]}"; do
        diff=$((value - prime))
        if [ $diff -lt 0 ]; then
            closest=$prime
            break
        elif [ $diff -lt $min_diff ]; then
            min_diff=$diff
            closest=$prime
        fi
    done
    echo "$closest"
}

echo ""
echo "Checking for opcache.max_accelerated_files directive in PHP pool files..."
echo ""
echo "The value used (actual value) will be the first number in the set of prime numbers"
echo "223, 463, 983, 1979, 3907, 7963, 16229, 32531, 65407, 130987, 262237, 524521, 1048793"
echo "that is greater than or equal to the configured value (value set)"
echo ""
POOL_DIR="/etc/php/8.3/fpm/pool.d/"
for file in "$POOL_DIR"*.conf; do
    filename=$(basename "$file")
    if grep -q "opcache.max_accelerated_files" "$file"; then
        value=$(grep "opcache.max_accelerated_files" "$file" | awk -F'=' '{print $2}' | tr -d ' ')
        rounded_value=$(round_to_prime "$value")
        echo "File: $filename - opcache.max_accelerated_files: set value ($value) actual value ($rounded_value)"
    else
        echo "File: $filename - opcache.max_accelerated_files directive not found"
    fi
done
echo ""

echo "Listing domain names and number of PHP files in public_html directories..."
echo ""
WWW_DIR="/var/www/"
for domain_dir in "$WWW_DIR"*/ ; do
    if [ "$domain_dir" == "/var/www/html/" ]; then
        continue
    fi

    domain_name=$(basename "$domain_dir")
    public_html_dir="$domain_dir/public_html/"

    if [ -d "$public_html_dir" ]; then
        php_file_count=$(find "$public_html_dir" -type f -name "*.php" | wc -l)
        echo "WordPress site: $domain_name - PHP files: $php_file_count"
    else
        echo "Domain: $domain_name - public_html directory not found"
    fi
done
echo ""

Make the script executable

chmod +x opcache_files.sh

Run the script

./opcache_files.sh

Understanding OPcache Prime Numbers

PHP's OPcache uses the next prime number greater than or equal to your configured value. The script displays both your configured value and the actual prime number PHP will use. The available prime numbers are: 223, 463, 983, 1979, 3907, 7963, 16229, 32531, 65407, 130987, 262237, 524521, 1048793.

OPcache Best Practices:

Set max_accelerated_files to at least 2x your actual PHP file count
Monitor OPcache hit rate using opcache_get_status()
Allocate sufficient memory (opcache.memory_consumption) based on site size
Consider using opcache.validate_timestamps=0 in production for maximum performance

💾 WordPress Backup Strategy

🎯 Critical Importance of Backups

The importance of WordPress backups cannot be overstated. Regular backups are crucial for protecting your site's data and ensuring its swift recovery in the event of an issue. Whether it's due to a failed update, compatibility conflict, security breach, or human error, backups provide a safety net that allows you to restore your site to its previous state quickly. This minimizes downtime and prevents data loss, ensuring that your content, settings, and customizations are preserved. By making regular backups as part of your maintenance routine, you safeguard your site against unforeseen problems and maintain the continuity and reliability of your online presence.

Why Plugin-Based Backups Are Not Recommended

⚠️ The Golden Rule of WordPress

Use as few plugins as possible. With each additional plugin added to your site, the possibility of vulnerabilities being introduced increases, and you are adding more bloat, which in turn will slow down your site.

🔒 Security Vulnerabilities

A Google search for "WordPress backup plugin vulnerability" returns between 200,000 and half a million results. Top results often display backup vulnerabilities that have impacted over 3 million sites. Do not put your sites at risk with plugin-based backup solutions.

⚡ Performance Issues

Backup plugins consume server resources during backup operations, potentially causing performance degradation during peak traffic times. They also add overhead to your WordPress installation, increasing page load times.

🎯 Server-Level Advantages

Server-level backups are performed using native tools available on the server. They are significantly faster than plugin-based backups and offer none of the security issues that accompany using plugins.

🔧 Reliability

Server-level backups operate independently of WordPress, meaning they can capture your site even if WordPress itself is corrupted or inaccessible. Plugin backups may fail if WordPress encounters critical errors.

Automated Server-Level Backup Solution

While this guide focuses on server administration, a comprehensive standalone course is available that covers creating an automated, all-in-one backup solution without using any WordPress plugins. This server-level backup solution can backup your database and site files to either the server hosting the site or to a remote server.

Key Features of Server-Level Backups:

Fully Automated: After initial setup, the backup process requires no manual intervention
Plugin-Free: No WordPress plugins required, eliminating security risks
Flexible Storage: Backups can be stored locally or on remote servers
Scheduled Operations: Automated via cron jobs for consistent backup schedules
Database & Files: Complete backup of both database and file system
Quick Restoration: Designed for rapid, error-free restoration when needed

Server-Level Backup Architecture

WordPress Site

↓

Automated Backup Script

↓

Local Storage

Remote Server

Backup Best Practices

Practice	Description	Frequency
Regular Schedules	Implement automated daily or weekly backups based on site update frequency	Daily for active sites, weekly for static sites
Off-Site Storage	Store backups on remote servers or cloud storage for disaster recovery	Every backup
Retention Policy	Keep multiple backup versions (30 days recommended)	Continuous rotation
Test Restorations	Regular restoration tests ensure backups are viable	Monthly
Pre-Update Backups	Always backup before major updates or changes	Before each major change

✅ Backup Implementation Checklist

Implement automated server-level backups (avoid plugins)
Configure both database and file system backups
Set up remote backup storage for redundancy
Establish backup retention policy (minimum 30 days)
Schedule automated backup jobs via cron
Test restoration process quarterly
Document restoration procedures for emergency scenarios
Monitor backup completion and storage space

🚀 WordPress Site Migration

WordPress site migration is a complex process that requires careful planning and execution. A dedicated migration course is available that teaches you how to become a WordPress migration professional, covering the complete migration process without using any WordPress migration plugins.

Migration Scenarios Covered

🏠 Local to Apache/LiteSpeed

Migrate WordPress sites from local development environments (XAMPP, Local, MAMP) to live production servers running Apache or LiteSpeed web servers.

🏠 Local to Nginx

Transfer sites from local development to production Nginx servers, including proper configuration of rewrite rules and PHP-FPM integration.

🔄 Apache/LiteSpeed to Apache/LiteSpeed

Migrate between production servers where both use Apache or LiteSpeed, maintaining .htaccess configurations and mod_rewrite rules.

🔄 Nginx to Nginx

Transfer sites between Nginx production servers, including migration of server block configurations and FastCGI settings.

Critical Migration Consideration: SSL Certificates

⚠️ HSTS (HTTP Strict Transport Security) Challenge

An important and often overlooked aspect of site migration is the SSL certificate. Due to the HTTP Strict Transport Security header, downtime is almost guaranteed when you migrate a site, as returning visitors will not be able to access your site until you have reinstalled and configured the SSL certificates.

Zero-Downtime Migration Strategy

The migration course focuses on a seamless, quick, easy, plugin-free, and zero-downtime migration process. SSL certificate migration is included to ensure continuous site availability throughout the migration process.

Migration Workflow with SSL Certificate Transfer

Prepare Source Server

→

Backup Site & Database

→

Export SSL Certificates

→

Transfer Files to Destination

→

Import SSL Certificates

→

Update DNS

→

Verify & Test

Migration Best Practices

Pre-Migration Backup: Always create complete backups before migration
Database Preparation: Export database with proper character encoding (UTF-8)
URL Replacement: Use search-replace tools for database URL updates
File Permissions: Set correct ownership and permissions after transfer
SSL Certificate Transfer: Migrate certificates to prevent HSTS-related downtime
DNS Planning: Update DNS records with minimal TTL before migration
Testing: Thoroughly test site functionality post-migration
Monitoring: Monitor site performance and errors for 24-48 hours after migration

✅ Migration Success Factors

Successful WordPress migrations require understanding of:

Web server configuration differences (Apache vs Nginx)
PHP-FPM pool configuration
Database import/export procedures
SSL certificate management
DNS propagation timing
WordPress database structure

⌨️ WP-CLI: WordPress Command Line Interface

💡 The Power of Command Line Administration

The WordPress Command Line Interface (WP-CLI) makes WordPress site administration quick and easy. What would take minutes using the dashboard will take seconds using WP-CLI. For administrators managing multiple WordPress installations, WP-CLI is an indispensable tool.

WP-CLI Advantages

⚡ Speed & Efficiency

Execute complex operations in seconds that would take minutes through the dashboard interface. Batch operations on multiple sites become trivial.

🤖 Automation Capability

Automate repetitive tasks like updates, user management, and database operations. Schedule maintenance tasks via cron for unattended execution.

📊 Scalability

Manage 10, 20, or 30+ WordPress sites with standardized commands. Apply updates across all sites with single commands or scripts.

🔧 Precise Control

Direct database access, advanced search-replace operations, and granular control over WordPress core, plugins, and themes.

Common WP-CLI Use Cases

Operation	Description	Time Savings
Core Updates	Update WordPress core across multiple installations simultaneously	90% faster than manual updates
Plugin Management	Install, update, activate, or deactivate plugins via command line	85% time reduction
Database Operations	Search-replace, export, import, and optimize databases	95% faster than phpMyAdmin
User Management	Create, update, delete users and manage roles programmatically	80% time savings
Cache Management	Clear object caches, transients, and page caches across sites	Instant execution

Example: Automated Update Workflow

Question: How long does it take you to update your WordPress site?

Traditional dashboard updates: 5-10 minutes per site

WP-CLI updates: 30-60 seconds per site (or all sites simultaneously)

WP-CLI Automation Workflow

Single Command

↓

Update Core

→

Update Plugins

→

Update Themes

→

Clear Caches

→

Verify

Unattended Updates with WP-CLI

✅ Automated Update Configuration

With WP-CLI, you can configure completely unattended updates that run automatically on schedules you define. This ensures your sites remain secure and up-to-date without manual intervention.

Schedule automatic core updates via cron
Auto-update minor security releases
Batch update plugins across multiple sites
Generate update reports via email
Rollback capability for failed updates

WP-CLI Course Benefits

A dedicated WP-CLI course is available that covers comprehensive site administration using the WordPress Command Line Interface. The course teaches:

WP-CLI installation and configuration
Core WordPress management commands
Plugin and theme administration
Database operations and search-replace techniques
User and role management
Automated update scripts and cron configuration
Multi-site management strategies
Custom command creation for specific workflows

⚠️ Professional Time Investment

Learning WP-CLI requires an initial time investment, but the efficiency gains are substantial for anyone managing more than 2-3 WordPress sites. For professional developers and system administrators, WP-CLI proficiency is an essential skill.

🎓 Conclusion

✅ Professional WordPress Server Administration

This guide has covered the essential aspects of professional WordPress server administration, including system maintenance, security scanning, database optimization, backup strategies, migration techniques, and command-line administration. By implementing these practices and leveraging server-level tools rather than plugins, you'll achieve:

Enhanced Security: Reduced attack surface through minimal plugin usage
Improved Performance: Optimized database, caching, and PHP configuration
Greater Reliability: Comprehensive backup and disaster recovery capabilities
Increased Efficiency: Automated maintenance and administration workflows
Professional Standards: Industry best practices for WordPress hosting

                🎯 Key Takeaways
                Server-Level Operations: Always prefer server-level solutions over WordPress
                        plugins for critical functions like backups and security scanning
Automation is Essential: Implement automated maintenance routines to ensure
                        consistent system health
Security First: Regular updates, proper permissions, and security scanning are
                        non-negotiable
Monitor & Optimize: Continuously monitor performance metrics and optimize based
                        on actual usage patterns
Prepare for Disaster: Comprehensive backup and migration strategies protect
                        against data loss and enable rapid recovery
Embrace Efficiency Tools: WP-CLI and other command-line tools dramatically
                        improve administration efficiency

            

📚 Further Learning

This guide provides foundational knowledge for WordPress server administration. For comprehensive coverage of specialized topics, dedicated courses are available for:

WordPress Backup & Restore: Automated server-level backup solutions
WordPress Site Migration: Zero-downtime migration strategies with SSL certificate transfer
WP-CLI Administration: Command-line mastery for efficient site management

Professional WordPress hosting requires continuous learning and adaptation to new security threats, performance optimization techniques, and best practices. Stay current with server administration trends and security advisories to maintain robust WordPress deployments.

📖 Quick Reference

🔧 Essential Commands

System update: sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y
Check disk space: df -h
Reload PHP-FPM: sudo systemctl reload php8.3-fpm

🔒 Security Tools

Update ClamAV: sudo freshclam
Scan directory: sudo clamscan -r /path
Run rkhunter: sudo rkhunter --checkall --sk

🔐 File Permissions

Permissive directories: 770
Permissive files: 660
Hardened directories: 550
Hardened files: 440
wp-content always: 770/660

💾 Database Tuning

Run MySQLTuner: sudo ./mysqltuner
View InnoDB usage: Check buffer pool
Monitor I/O: Use performance_schema

                ⚡ Pro Tip: Maintenance Schedule
                Daily: System updates, log monitoring, disk space check
Weekly: Security scans (ClamAV, rkhunter), backup verification
Monthly: Database optimization, permission audit, performance review
Quarterly: Full system audit, restoration testing, documentation update

            