Most WordPress users open their dashboard, check their posts, and never venture into the tools section. That’s understandable — the tools section doesn’t announce itself, and nothing breaks if you ignore it. But buried in there is a diagnostic feature that checks your site’s security, performance, and configuration in one place, flags issues by severity, and tells you exactly what to fix.
It’s called Site Health, and it’s been part of WordPress core since version 5.2. If you’ve never run it, you’re likely sitting on a list of fixable issues you didn’t know existed — outdated PHP, inactive plugins, missing security settings, or performance configurations that could be improved without installing anything new.
How to Access the WordPress Site Health Tool
Go to Tools → Site Health in your WordPress dashboard. You’ll land on the Status tab, which runs a series of checks automatically and displays the results in two sections: Critical issues and Recommended improvements.
There’s also an Info tab, which doesn’t flag issues but gives you a detailed readout of your site’s configuration — server environment, database, active plugins, file permissions, and more. This is the tab to open when a developer or support team asks for your site’s technical details.
The WordPress documentation on the Site Health screen gives the full technical breakdown of what each check covers.
Understanding the Status Tab
The Status tab groups results into two priority levels:
- Critical issues — items that need attention now. These are genuine problems that affect security, performance, or core functionality. WordPress won’t stop working if you ignore them, but these are the issues most likely to cause real problems down the line.
- Recommended improvements — lower-priority items that are worth addressing but won’t immediately cause harm. These often cover configuration best practices and optional performance improvements.
Each item is expandable. Click on any result to see a description of the issue, why it matters, and in most cases a direct link or instruction for how to fix it. WordPress does a good job of making these actionable rather than just listing problems.
Common Critical Issues and What They Mean
PHP Version
If your server is running an outdated version of PHP, Site Health will flag it. PHP is the language WordPress runs on, and older versions receive no security patches. Most hosts let you update PHP from your hosting control panel without affecting your site — check cPanel or your host’s dashboard for a PHP version selector. Always test on a staging site before updating PHP on a live site if you’re unsure about plugin compatibility.
WordPress and Plugin Updates
If WordPress core, your active theme, or any plugins are out of date, Site Health will flag them. Keeping everything updated is one of the most important ongoing maintenance tasks for any WordPress site. The guide to updating WordPress safely covers how to approach updates without breaking your site.
Background Updates Disabled
WordPress can apply minor core updates automatically in the background. If this is disabled — either by a constant in wp-config.php or a plugin — Site Health flags it. For most sites, re-enabling minor auto-updates is sensible. Major version auto-updates are off by default and should generally stay that way.
REST API and Loopback Requests
The WordPress REST API and loopback requests are used internally by core features and many plugins. If Site Health can’t reach these, it often means a security plugin or server configuration is blocking requests to your own site. This can cause issues with scheduled tasks, auto-saves, and plugin functionality. The fix usually involves adjusting your security plugin’s settings or whitelisting your own domain.
HTTPS Not in Use
If your site isn’t serving over HTTPS, Site Health will flag it as a critical issue. An SSL certificate is essential for security and for user trust. Most hosts include free SSL via Let’s Encrypt — if yours does, enabling it takes a few minutes in your control panel.
Common Recommended Improvements
Inactive Plugins and Themes
Site Health flags inactive plugins and themes as a security concern — deactivated plugins and themes still exist on your server, still receive no active attention, and can contain vulnerabilities. The recommendation is to delete anything you’re not using. This is one of the easiest housekeeping tasks and worth doing regularly.
Optional Modules
Site Health checks for PHP extensions and server modules that WordPress recommends but doesn’t require. Items like imagick (for better image handling) or intl (for internationalisation) may show up here. These are genuine improvements, but lower priority — your site works without them. If you’re on managed hosting, your host may be able to enable these without you needing server access.
Scheduled Events
WordPress runs scheduled tasks via WP-Cron — things like checking for updates, sending scheduled emails, and running plugin background tasks. If WP-Cron isn’t running correctly, Site Health flags it. This can happen on sites with low traffic (cron runs are triggered by page visits) or when a plugin has created too many scheduled events. Check the details panel for specifics.
Using the Info Tab
The Info tab is a read-only snapshot of everything about your site’s technical environment. It’s organised into expandable sections covering:
- WordPress — version, site URL, home URL, active plugins and themes
- Directories and Sizes — WordPress directory, uploads, themes, plugins sizes on disk
- Active Theme — theme name, version, and whether a child theme is in use
- Active Plugins — every active plugin with its version number
- Server — PHP version, memory limits, max upload size, server software
- Database — MySQL/MariaDB version, table prefix, database size
- File System Permissions — whether WordPress can write to key directories
There’s a Copy site info to clipboard button at the bottom of the Info tab. Use this when raising a support ticket — it gives the support team everything they need in a structured format without you having to answer a dozen individual questions.
How Often to Run a Site Health Check
Run Site Health at least once a month as part of your regular maintenance routine. In practice, the Status tab updates automatically — WordPress runs these checks in the background and the results are waiting for you whenever you open Tools → Site Health. You don’t need to trigger a manual refresh.
The times when it’s most useful to check Site Health proactively are after installing a new plugin or theme, after a WordPress core update, or after migrating your site to a new host. Any of these can introduce new configuration issues that weren’t present before.
Practical Tips
- Fix critical issues first, then work through recommended ones. Don’t feel you need to resolve everything in one session. Critical items are genuinely more important — address those before spending time on recommended improvements.
- Some items may not apply to your setup. Site Health runs a fixed set of checks, and not every recommendation is relevant to every site. A multisite-specific recommendation on a single-site install, or a performance suggestion for a feature your site doesn’t use, can be noted and deprioritised.
- Use it after security incidents. If your site has been compromised or behaved unexpectedly, the Info tab gives you a baseline to work from and may reveal misconfigured permissions or unexpected software. Pair it with the guide to securing your WordPress website for the full picture.
- Include it in your maintenance schedule. Adding a Site Health review to your monthly WordPress maintenance routine takes less than ten minutes and catches issues before they become problems. The WordPress website maintenance plan guide covers what else belongs in that routine.
Common Mistakes
- Ignoring the critical issues section entirely. Some site owners open Site Health once, see a list of items, feel overwhelmed, and close the tab. The critical section is small — usually three to five items at most — and most have clear, direct fixes.
- Confusing “recommended” with “optional”. Recommended improvements are worth addressing. The label means they’re lower urgency than critical, not that you should dismiss them permanently.
- Not deleting inactive plugins after deactivating them. Deactivating a plugin removes it from your site’s operation but leaves the code on your server. Site Health flags this correctly — delete plugins you’re not using rather than leaving them deactivated.
Conclusion
Open Tools → Site Health, work through any critical issues, and note the recommended items for your next maintenance session. It takes fifteen minutes the first time and less than five on subsequent visits. It’s one of the most underused features in WordPress and one of the most practical for keeping a site in good shape. Start at Veravix for everything else you need to build and maintain a well-run WordPress site.
Etienne Basson works with website systems, SEO-driven site architecture, and technical implementation. He writes practical guides on building, structuring, and optimizing websites for long-term growth.