We all make mistakes, even when we do things that are repetitious. When it comes to WordPress, some mistakes are common, because the website owner may be new to WordPress or may not be aware that they should do A, B or C. It could also be mistakes are done because the website owner was in a rush to get everything up and running. Whatever the case, this tutorial is designed to list 15 common WordPress mistakes we all make and how-to solve each one.
1. Using the Hosted WordPress Platform, Instead of Self-Hosting WordPress
When people first think about creating a blog, they look at the cost and their ability of getting a website up and running, so they signup for WordPress’s hosted platform, WordPress.com. I’m not saying that the hosted platform is bad, but website owners don’t realize there are limitations with the hosted WordPress platform, such as customization.
When a website owner realizes they prefer the self-hosted platform, especially when the price of hosting now-a-days is affordable, they often find it hard to properly move their WordPress installation or are faced with a some what pricey bill to have someone else do it for them.
Take a look at this article I wrote to determine which platform may be best for you and don’t be afraid to get in touch with me if you have additional questions as to which one would be best for you.
2. Using Insecure Usernames and Passwords
Hackers look for common mistakes people make that leave their website insecure. For WordPress, one of the common mistakes website owners do to make their website insecure and vulnerable to hackers is using common administrative usernames, such as admin, administrator, user or superuser. You should avoid using generic dictionary words and words that are used with website administration.
You should also avoid using insecure passwords. Your password should be unique, meaning the password you use for your WordPress site, should not be a password you use anywhere else on the Internet. The password should also be at least eight (8) characters and consist of lowercase and uppercase letters, numbers and symbols. You should never use dictionary words or a password that is personal, like your birthday or your street number or address.
A quick way of creating secure passwords that you can remember is making a short sentence and using the first letter or last letter of each word. Add numbers and symbols. Make every other word, third word, etc… a uppercase letter. Example: Favourite Store is Walmart at 28 Yonge Street. You can turn this into a password of fSiW@ys82. This is one simple way of creating a secure password you can remember or you can use a secure password generator, which is probably the best way.
3. Using Outdated or Insecure Themes and Plugins
You should use themes and plugins that are regularly updated and are made by reliable sources, in which you can get support, if needed. You should also make sure you keep your theme and plugins updated.
I recommend taking a few minutes to read a article I wrote about selecting the perfect WordPress theme.
4. Using Too Many Plugins, Just Because They Are Available
When using a plugin, you should make sure you need it. There is no definite amount of how many plugins WordPress can handle, but just because a WordPress plugin is available, doesn’t mean you need it. Often website owners use too many plugins that are poorly coded leaving their website slow or because they have too many plugins installed, they have a hard time keeping them all up-to-date, which leads to an insecure WordPress installation.
5. Using the Default Tagline, “Just another WordPress site”
When you install WordPress, WordPress asks you the name of your website but doesn’t ask you what the tagline of your website is. A tagline is like a slogan and is used in the title of a web browser and possibly in your theme. It doesn’t look professional when you leave this unchanged, so make sure you login to your WordPress site and go to Settings > General to change the tagline.
6. Using the Default Permalink URL Structure
By default, WordPress doesn’t use a SEO friendly URL structure. Your WordPress URL would look like
?p=100. You can easily change this by logging into your WordPress website and going to Settings > Permalinks. You can learn more about WordPress permalinks by reading my in-depth tutorial here.
7. Not Deleting or Editing the Sample Page
When you install WordPress, WordPress will create a page entitled “Sample Page.” You should delete the page or edit the page. I would recommend renaming and editing the page to an about me (or similar) page.
8. Not Deleting or Editing the First Post, “Hello world!”
Also, when you install WordPress, WordPress will create an example post, called “Hello world!” You should delete the post or edit the post’s content.
9. Using WordPress Only As A Blogging Platform
Well many people know WordPress as the best blogging platform out there; WordPress is a content management system (CMS) and therefore can be used as a website or in conjunction with a blog.
10. Not Having A Contact Form
Your website is there not only to inform but also to engage your visitors. By having a contact form you are allowing your visitors to get in touch with you. If you are worried about contact form spam, there try a good anti-spam plugin like Akismet.
11. Not Having A Backup Policy and Not Keeping Backups
Backups! Backups! Backups! Having a backup of your website, both files and database, is critical. Technology fails, so it’s important to have a recent backup of your website. You should backup the WordPress files and WordPress database. You should also make sure the database backup is not corrupt, which can occur. I recommend VaultPress for backing up your WordPress website, it does cost $5 per month, but it’s like insurance for your website and will save your headaches if your website does experience technical issues or failures.
12. Not Making Your Website Responsive
More and more people are using mobile devices to do everything, so it is important to make your website responsive. There are WordPress plugins that can make your website responsive in mobile devices but the design is fixed and the design is horrible. I highly recommend that you find a WordPress framework / theme that is responsive and not use a plugin.
13. Not Optimizing Your Website
Website speed is important. Visitors expect to have your website loaded within 3 seconds and the longer your website takes to load the more possibility of visitors leaving your website and not coming back. There are great free online tools you can use to optimize the performance of your website like Google PageSpeed, ySlow, GTMetrix and Pingdom.
You should choose the right web host, optimize your images and make sure you follow optimization best practises and rules.
14. Not Securing your WordPress Installation
You should make sure that you take every step in securing your WordPress installation. You should read my article about seven (7) essential WordPress security plugins you should use. I also recommend you read my other tutorial about securing your WordPress installation, Create an .htaccess File for WordPress.
I have also created a WordPress security checklist that every WordPress installation should follow!
15. Not Installing Google Analytics
Installing Google Analytics or using another analytic software is a great way of tracking visitor behaviour and finding not found errors that visitors may experience. You should check out these plugins: Google Analytics for WordPress or WP Analytics Tracking.