When it comes to WordPress website management, you have two options – to do it properly or let someone do it for you. Maintaining a successful WordPress website is a serious task and requires following the industry’s best practices and techniques to ensure your site is always up-to-date and constantly improving. No wonder that in 2020 WordPress powers a whooping 38,8% of all websites on the Internet.
WordPress’s open-source nature is both a blessing and a curse as it provides many functionalities and opportunities for growing and scaling, but also leaves many open doors for hackers to breach the security of the site. Of course, this all can be prevented if you avoid the most common mistakes that website owners usually make.
Incorporating bad habits into the management of your website often results in losing organic search rankings, poor site performance, less conversions and alienated customers. This leads to losing revenue and puts your overall brand reputation at risk. We bet you don’t want this to happen.
So, how do you stay safe?
There are many risks arising from bad WordPress management habits, so we want to tackle each of them and help you improve your webmaster skills.
In this article, we will outline several maintenance habits that you need to avoid in managing your WordPress site. But as you know, every bad habit can be replaced with a good one, so we’ve also included a pro tip on how to do it right.
The following are things you shouldn’t do.
1. Sticking to an Old WordPress Version
WordPress is an open-source content management system that has been running for more or less 17 years now. It has an awesome community that keeps the system up to date, contributes to its improvement, releases bug patches and keeps it safe from constant online threats such as adware, malware, spyware, you name it. This means that WordPress is alive, evolving and changing, just like your website should be.
No matter the reason, your WordPress site should never be left on an older version. You should also never leave your website on the same version as on the day you first launched it.
Those are really, really bad ideas. You shouldn’t underestimate the ever-evolving complexity of cybercrimes. Sticking to an older WordPress version often leaves an open door, so the bad guys can enter your website, steal your ideas, compromise your brand or even worse, compromise your customers’ private information, an act that may land you in court.
Pro tip: Be responsible and update your WordPress regularly, BUT do it on your staging site first.
You must keep the WordPress Core version, your active theme and all plugins that you are using up to date! WordPress releases all year round updates for improvements and bug fixes that you should take advantage of. To make sure you don’t miss any important update, we recommend that you activate your notifications and setup email reminders.
You may think that this is an easy task, “I just go to the Dashboard, then go to Updates and hit all those Update buttons and everything will be fine, right?”
Well, technically speaking, yes. It’s as easy as hitting those buttons, but for the best practices in managing your WordPress site, the answer is “no”.
First and foremost, you need to test the updates on your staging site first and confirm that there are no regressions before you hit those buttons on your production site. We always suggest checking the compatibility of these updates on a test server before applying changes to the live website.
2. Using Unverified and Excessive Plugins
Aside from having an awesome community that consistently patches updates to its core, WordPress also supports plugins built from other developers. These plugins are available in the official WordPress Plugins Directory and although WordPress moderates it to make sure each plugin passes the standards, it still does not guarantee that everything will work smoothly on your website. So make sure you carefully check and do your research on where the plugins come from.
Another bad practice is to just install plugins you find on random platforms without verifying the functionalities and features, authors or even the codes (if you are experienced with PHP).
Using free WordPress plugins is not a bad idea. In fact, we recommend that if you find an existing solution that meets your requirements, you should use it to save time and resources, instead of developing it from scratch.
However, you should keep a few things in mind! Some plugins may come with additional features which you may not need. This can be an additional burden to your WordPress site that can slow it down or even break it. Other plugins may run hidden processes in the background, which may be intrusive or may do more than what you actually need from that tool.
Example of such processes are:
- API usage and cron job abuses.
- Silently scraping your data and sending it over to third party platforms.
- Having redundant features that you don’t need.
- Cross site script vulnerability.
- Bad coding practices slow down your website.
Pro tip: Choose your plugins wisely and check for flaws.
If you choose to use free plugins, install them from the WordPress Plugins Directory as much as you can. While most of these have been assessed by the WordPress plugins review team in terms of code standards, security issues, etc., you should always read the reviews of the plugins you are using. By checking out what other people say about their experience with the plugins will give you an idea on how good or bad they are. Don’t forget to check the support forum as well. The more responsive the plugin author is, the better. That simply means, the plugin author keeps his plugin up to date and is supportive when there are problems or when issues arise.
You can use premium plugins as another alternative. These are plugins created by developers and are being offered either in a subscription or as a one time download. By buying premium plugins you also are guaranteed support for a certain period of time, depending on the package.
Again, we strongly suggest verifying the plugin author, checking the reviews, and googling the plugin name to check for any issues. A paid product doesn’t always necessarily mean a good product which is why many businesses prefer to have a custom WordPress solution.
Custom solutions give you the features that you actually need and want and ensure you have on your website only what should be there.
The best way to do this is by hiring WordPress developers who can build you the ideal custom plugin. You should find experienced and reliable WordPress developers or an agency to ensure that you have a top-notch tailor made plugin that meets your needs.
3. Not Doing a Periodic Backup
Even if you already apply the best practices in managing your WordPress site and keeping it secured and optimized, this does not guarantee you are 100% safe. A simple coding mistake can create a hole in your security architecture and this poses a risk of your data being compromised or stolen by “some bad guys on the internet”. And any data leak can lead to a negative impact on your brand reputation.
So what should you do to prevent this?
Remember that Data is sacred! It’s the soul of your WordPress site, as the saying goes. You cannot never ever afford to lose your WordPress site data, especially the sensitive information such as login credentials, personal user data, etc.
Pro tip: Adjust your backup settings and have regular backups.
Most of the WordPress hosting providers these days offer backup features included in their packages which you should set up. In the event of a website failure, be it a server crash, outages, a coding flaw from a recent update, any information that is lost can be restored right away!
WordPress has several backup plugins in the directory as well. Some of them have more than hundreds of reviews submitted and have high ratings. Find the plugins that best suits your needs, especially if you do not opt for the backup feature from your host.
4. Not Taking Advantage of Caching Mechanisms
Website caching is one of the most important online technologies to have. It makes your WordPress site load faster, which in return will make you rank better in searches, decrease the probability of outbound visitors and potentially increase conversions on your website.
Pro tip: Setup the caching feature or install a plugin on your WordPress site
If your WordPress site is running on a “managed WordPress hosting” package, your host may already have a caching feature ready that you can simply set up and use. These features are optimized specifically for WordPress and will help your website load faster.
Another way to optimize the cache is by using a WordPress plugin. Keep in mind that you should only use one caching plugin at a time. Activating more than one caching plugin can break your site instead of making it faster.
Also, be smart and test the caching plugin on your test environment. Some of the most popular solutions out there have a number of settings and you should try them out carefully.
If you’re wondering which of the two options we’d recommend, we tell you to choose the caching feature of the “managed WordPress hosting” package, but only if your hosting provider supports this.
Why this over the WordPress plugin? Well, as we said, it’s a more efficient caching mechanism as it is especially optimized for WordPress.
Important note: Do not mix them up! You should only choose one of the caching options to avoid any conflict. Also, keep in mind your website speed relies on a number of factors and having a caching plugin might be one part of the solution.
However, each website is unique and there is no one-size-fits-all solution. Besides these standard options, you can also choose a custom tailored solution created specifically for your project. For that, you’ll need to hire a WordPress professional or an agency that is experienced enough to understand your business needs and provide a reliable solution.
In fact, when experiencing issues with caching, there might be many options to optimize your website and resolve them. This includes removing or reworking some of the functionality with a more optimized approach, applying coding caching mechanisms and the like.
5. Skipping Comments Moderation
If you have comments enabled on your WordPress website, then you probably already know that most of the submissions lack context and are promotional spam messages with links to suspicious sites. That is usually done by lazy marketers trying to gain new links and promote their services the easy way.
So here comes your job, as a WordPress website manager, moderate these comments before they become visible to your visitors. In fact, only a small percentage of those comments are genuine opinions by real people and they are the ones you should be paying attention to and responding to.
Pro tip: Adjust comments settings to manually approve and regularly check.
WordPress allows you to moderate the comments on your site. In order to enable that, go to Settings and then select Discussion. Check the necessary settings on your site and most importantly, make sure that comments must be manually approved before they appear.
Watch out for the comments that have the pattern of praising how great your content and website are. These are spammy submissions and their authors just want to advertise products by inserting suspicious links in the comments that may lead to external sites (most probably medicine promotion, adult shop offers, pornographic content, etc).
Make it a habit of periodically moderating your WordPress site comments from your Comments tab in the Dashboard area, at least once or twice a week. If your site has a large number of visitors and they actively interact with content, moderate the comments every day and as much as possible.
6. Neglecting the Mobile Version of Your Website
Given the possibilities of advanced mobile technology these days, it’s hard to imagine people not using their smartphones daily for productivity management, emails and chats, website browsing and even online shopping. According to an article from Think With Google, 79% of people say that they are more likely to revisit a website and share with friends if it is mobile-friendly and easy to navigate and use.
That number is quite a huge percentage of people who you can easily target if you provide your visitors with a pleasant mobile experience.
Remember to always keep in mind the mobile version when creating your website design and choosing your theme. Simply picking a layout and interfacing it d is not enough to attract users. As a WordPress website manager, you need to ensure your theme is mobile friendly and provides a smooth experience to your website visitors across all devices.
Another benefit of having a mobile-friendly WordPress site is that it helps improve your search engine optimization (SEO) and rankings. Most search engines prioritize mobile page load speed as an important aspect in determining search result ranking. So if your WordPress site is not mobile-friendly yet, you should consider taking action now!
Pro tip: Pick a mobile-friendly theme or develop a custom one.
If you are using free themes from the WordPress theme directory, make sure that you choose a theme that matches your business or industry and is mobile friendly and responsive. If you choose to develop your own theme, make sure you are aware of the best practices in developing mobile-friendly themes.
7. Using Silly Login Credentials
Your login credentials are as important as your life. While this is figuratively speaking, it should be clear as day why! Having a weak username and password combination makes it easy to hack your site. This makes your data vulnerable, puts your site content at risk, can cause revenue losses, and causes your visitors to question their trust in you. Not to mention that you may end up in a legal battle depending on how strict the data privacy laws are in your country and how bad the crime was.
Having strong login credentials has several benefits, which includes:
- Security – This is no brainer and the reason why we have login credentials in the first place.
- The ability to avoid financial fraud and identity theft.
- Keeps sensitive information safe.
Pro tip: Choose a complex username with a strong password.
Strong login credentials are key to your website security:
- Your admin access password should be unique, complex and long. People tend to neglect that, and it is a very bad habit that must be avoided.
- The login password should be at least double digits long and have a combination of special characters, numbers and letters.
- Do not use common usernames such as admin, administrator or your domain name which are obvious. We suggest you use the first letter of your name followed by your surname. E.g. John Smith as jsmith.
Bonus points in securing your WordPress site:
- Use two-factor authentication.
- Change your WordPress login URL address path from the standard /wp-login.php/wp-admin to restrict public access.
8. Leaving Unused Plugins and Themes on Your Site
In the development phase of your WordPress site, you may have experimented and downloaded different plugins to test here and there to see if they fit your requirements. That’s great! But oftentimes, the plugins you’ve decided not to use and have simply deactivated are still there, in your website’s plugin directory… left there alone, forever.
If you’ve done this on your staging site, eventually, you are going to delete the unused ones at some point as you don’t need to push them on the production environment. But if, for example, you have inherited the WordPress site from a previous owner and you are the website manager now, you need to review all your plugins as well as the overall condition of the website, so you don’t push anything you don’t want to go live.
Any unused assets clutter your server and your Dashboard, and may have a tendency to slow down your site because of database bloat. This may cause website vulnerability and create holes where the bad guys can enter.
Pro tip: Delete, delete, delete.
If you’ve decided not to use a certain plugin anymore, you should simply delete it. Deactivate it first and then uninstall it. Once you’ve done that, make sure you optimize your database with a third-party solution. Make sure you have a backup of your site before diving into database optimization.
9. Forgetting to Install and Protect a Contact Form
Forgetting to install a contact form is a bad idea. You need to have an easy way for communication with your website visitors.
The benefits of having a contact form include:
- Getting more leads.
- Making yourself and the brand that you have invested reachable.
- Communication – a lead may be interested in your product and they can easily reach you out for in-depth inquiry.
Pro tip: Include a reliable contact form.
The WordPress plugin directory has some of the best contact form plugins. Choose one of them that fits your requirements, but remember, look for a plugin that has a high rating, excellent feedback, is regularly updated and compatible with your version of WordPress.
Also make sure to secure your contact form with a proper plugin like reCaptcha. This way, you will add another layer of security to your WordPress website and prevent any possible breach. Contact forms are one of the most vulnerable parts of your website and are an easy target for spam bots.
There are also many other ways to protect your WordPress website from spam messages, so choose the one that best fits your site. But don’t underestimate the importance of adding a spam check like captcha.
10. Dismissing the Advantage of Google Analytics and Other Tracking Tools
The most popular digital analytic solutions out there is undoubtedly Google Analytics. It gives you a greater view on the behaviour of those that visit your WordPress website.
Here are some of the advantages of using Google Analytics that you should not miss out on:
- It provides in-depth insight on your visitors’ interactions and behaviour.
- It helps you obtain valuable information on how to build your marketing strategy.
- It assists in identifying issues with visitors retention that you can tackle and improve your WordPress site.
Pro tip: Set up GA and monitor website visitors.
Sign up for Google Analytics as it’s free. It only takes you a few minutes to set it up and add the tracking snippet to the head tag of your website and you’re done. You can start seeing the reports in a matter of days!
Bonus: Three Webmaster Mistakes You Don’t Want to Make
Mistake #1 You Don’t Have a Staging Site to Do Updates
Related to bad habit #1 from the list above, it’s not a good idea to update everything on your production site right away. Here is why.
Imagine that WordPress releases a new version and it has bug fixes – that is great. But at the same time, the plugins that you are actively using on your website have also pushed updated versions – this is awesome as well. But are they guaranteed to work smoothly? Probably not. Generally, simultaneous releases have not been tested yet to see if they are compatible and can cause a headache for website managers.
Therefore, you should not assume that everything will work smoothly together! If something breaks your production site, it will be a disaster.
You should have a staging site to test updates before any deployment to the production.
Mistake #2 Using Uncompressed Images on Your Site
Visual presentations are a crucial part of the success of your WordPress website. Most modern WordPress sites have taken advantage of banners, sliders and slideshows that sometimes use full-width sizes, and multiple images on a single page depending on the design.
Raw image files are bigger and heavier and using them directly is not a good idea. Sometimes a single image can be larger than 5MB and it will slow your WordPress site down if you use it to load on the page directly.
Compress them first before you upload them to your WordPress site. To optimize the images that you have already added to your media gallery and used on pages, posts or product pages, use a compatible image compression plugin from the official WordPress directory.
Mistake #3 Editing the Plugin and Theme Files Directly
WordPress has a feature in the Dashboard where you can edit the files directly. For best practices, do not use this and make sure you have disabled them. If you need to edit the code, do it on your local machine for the development, use the staging site for testing before you push it to the production site.
The thrill of developing your WordPress site from a simple idea into a reality is such a satisfying feeling! But it should not end there. You need to be responsible and manage your WordPress site by performing routine maintenance. Doing this may save you money and protect you from potential issues that may arise in the future.
Remember that information technology keeps evolving, and so do the threats from cybercriminals. Ensure your site is safe from these threats as much as possible by avoiding bad habits.
WordPress Maintenance and Ongoing Support
Subscribe for our WordPress maintenance and support plans - regular updates, content assistance, customization requests, WordPress enhancements and help.