As a developer, it kills me to see an awesome website that goes astray due to common, easily fixable WordPress mistakes. In an effort to ensure you don’t make the same mistakes, I present to you my list of the top ten WordPress mistakes.

Mistake #1: Choosing a design before creating content
This is the mistake that I see nearly every day. A client inquires about a custom website. When I ask about their business goals and the content they will have on their site, I get silence. “Let’s just set up the site and then I’ll figure that out” is a common response.
If you are designing your site before you have content, you are putting the cart before the horse. Your site should display your content in a way that works best for you and your site’s visitors. If you are an interior designer with a lot of images to display, your site should be designed very differently from an academic blogger with virtually no images. If you are building your mailing list, your site should visually guide users to your signup form. You get the idea.
Right now, many clients are looking for sites with large, full-screen images on the homepage. Visually, this looks awesome, and it works well for many people. However, you must have an amazing, high-quality image that fits with your site’s content in order for this to work. I’ve had too many clients set up their sites this way, only to find that the free stock photos they have don’t have the effect they are looking for.
Mistake #2: Not backing up
For goodness sakes, please back up your site! You can do it on your own, or hire someone else; just be sure to do it!
I have a handy guide on backing up your site, including some horror stories I’ve seen over the years.
It might seem like your site will never be hacked, and you’ll never need a backup. Maybe, but why take the chance?
Mistake #3: Not regularly updating plugins
You should be updating your plugins regularly. I like to update weekly, but you can probably get away with monthly updates if you have a good backup system in place. Outdated plugins open your site up to security vulnerabilities. Hackers notoriously love to target holes in popular (and sometimes not-so-popular) WordPress plugins.
Mistake #4: Not regularly updating themes
You should also regularly update your site’s theme. Themes tend to be updated less than plugins, but you should check for updates at least monthly.
If you downloaded a free theme from the WordPress.org theme directory, you should automatically see updates available in your WordPress dashboard. If you have a premium theme, check your theme’s documentation to see how you can set up update notifications.
Mistake #5: Not regularly updating WordPress
Are you seeing a pattern here? Just like plugins and themes, WordPress itself must be updated regularly.
WordPress is constantly adding security features and patching security holes. Luckily, most sites now utilize the WordPress auto-updater. However, the auto-updater does not cover major release updates, and some hosts turn off the auto-updater by default. So I highly recommend keeping up with WordPress updates. Check for updates weekly or monthly whenever you are updating your themes and plugins.
Shameless plug: With my WordPress Care Plans, I’ll update everything for you, backup your site and monitor for security breaches for as little as $17/month.

Mistake #6: Too many (unused) plugins
There is no magic number of plugins that you should or should not run on your site, but in general, the fewer plugins, the better off you are. The more plugins you have, the more likely something will go wrong: a plugin conflict will crash your site, your site will run super slowly or your site will be hacked.
You should regularly audit your site’s plugins and deactivate and delete any plugins you are not using. That’s right; be sure to delete unused plugins. Until a plugin is deleted, the files for the plugin are still on your site, meaning hackers can access those files if a security vulnerability is detected.
Mistake #7: Not using a child theme
There are lots of WordPress code snippets out there, and I’ve found that it’s relatively common for site owners to find and utilize simple code snippets. That’s awesome! I’m all about people learning to code.
However, there is a right way and a wrong way to add custom code to your site. The correct way is to utilize a child theme. While setting up a child theme may seem daunting, it’s actually relatively simple, especially if you are already comfortable writing simple code.
Why use a child theme? When you update your site’s theme (which you are doing regularly, right?), any files with new content are overwritten and replaced with the latest available version of those files. This means that if you’ve added custom code to a file that is overwritten, you will lose all of your customizations. With a child theme, all of your custom code is stored outside of your core theme, allowing you to update you theme and retain any custom code you’ve created.
Mistake #8: Weak passwords
I am constantly shocked and amazed by the weak passwords that site owners use to access their WordPress dashboard. Just last week, I had someone tell me that their username was “admin” and their password was “admin1234”. Eeeeeeeek!!
Guys, it is important to realize that hackers are constantly targeting WordPress sites. WordPress powers 1 out of every 4 websites today, and the popularity of WordPress unfortunately makes it a target for hackers as well. It is super common for hackers to access sites via weak wp-admin or FTP passwords.
I’m sure you know all about strong passwords, so use them! Personally, I use LastPass to store my passwords, and I use their password generator to generate strong, unique passwords. Be sure to inform any users of your site to use strong passwords as well.
While you are at it, you should install and activate Limit Login Attempts, which will lock users (or hackers) out of your site after three incorrect password attempts.

Mistake #9: Unused users
Regularly audit and delete any users that no longer need access to your site. I’ve seen sites with over a dozen unused administrative accounts. It’s common for theme or plugin support teams to need temporary admin access to your site. That’s fine, just be sure to delete the users after you are done. Similarly, if you hire a developer or have a friend help you with your site, delete their user information when it’s no longer needed. You can always add them back later if needed.
Mistake #10: Unoptimized images
Large images are super popular on websites right now. That’s totally fine, but be sure to optimize your images before sticking them on your site. If you are downloading images directly from your camera and inserting them, I can guarantee that they are huge and will take forever to download on a slow internet connection. Speed is essential to both user engagement and SEO, so you don’t want large images dragging you down. The size of your images will depend on your site, but in general, images should be no larger than about 2000px wide. You can use any photo editing program, such as Photoshop, to resize your images. There are many free online options available as well.
P.S. If you are tired of constantly worrying about updates, backups and security, check out my WordPress Care Plans.
What do you think? Any other common mistakes that I left out? Let me know below!
Leave a Reply