6 Stupid Mistakes Every WordPress User Makes
Even the most experienced of users make mistakes in WordPress sometimes. It can happen because you forgot to back up your site before updating a plugin. Or because you auto-approved all blog comments and accidentally allowed a harmful link to hit your site. Or because you unintentionally published a page that wasn’t yet ready to go live.
Now, just because everyone makes mistakes, that doesn’t excuse them. Your website is the digital face of your company. If you wouldn’t allow the physical face of your company or your general reputation to be tarnished, you can’t allow that to happen to your site.
You know that quote, “Those who cannot remember the past are condemned to repeat it”? Well, the same applies here. We know the most common and completely unnecessary mistakes users make in WordPress. Learn them well, so you won’t commit (or repeat) them yourself.
Mistake 1: Not Understanding Plugins
Plugins should be every WordPress users’ best friend. The problem people often run into with them is a matter of extremes. There are some who don’t understand what plugins are and so they don’t use them at all. Then there are those who understand what plugins do, but go way overboard. Both can spell bad news for your website.
Here is what you need to know about plugins and the right way to use them:
WordPress plugins extend your website’s capabilities without needing any coding or design know-how.
You should be using plugins for your website. For security. For speed optimization. For caching. For SEO. For increasing conversions.
You should be monitoring your plugin usage, too. Poorly coded plugins can be harmful to a website. Unmonitored plugins can also introduce insecurities. And too many plugins—active and inactive—can weigh down a site and compromise loading times.
WordPress plugins are the number-one source of cyberattacks, according to Wordfence. That’s why it’s important to be extra diligent about choosing the right plugins for your site.
Mistake 2: Not Enforcing Login Best Practices
Your site’s point of entry is the second most popular form of cyberattack (commonly referred to as “brute force attacks”). Many small business owners or novice WordPress users make the mistake of assuming that their site isn’t big enough to gain the attention of hackers, but that’s a dangerous assumption to make.
If you want to keep hackers from breaking through your admin, you need to enforce strict login best practices. This means never using the default “Admin” username. This means requiring strong passwords that include numbers and characters. This means using two-step authentication. This may even mean changing your admin URL to a completely new one so hackers don’t know where to find it. (WordPress plugins will help you do all these, by the way.)
Mistake 3: Ignoring Update Notifications
I know these may seem annoying at times, like “didn’t I just update this theme the other day?” But WordPress updates are not up for discussion: they need to be made. This goes for any and all updates you receive—from the WordPress core, plugins, and themes.
Mistake 4: Not Optimizing for Mobile
This mistake probably happens more often than it should because many WordPress users don’t understand how easy it is to create a responsive (mobile-friendly) website in 2017. You don’t need to be a highly skilled web designer to do it either.
All you need is a high-quality responsive WordPress theme. The developer or designer behind the theme knows what’s needed to create web designs that work great across all devices. All you need to do is purchase, activate, and personalize it.
If you’re unsure of whether your site is mobile-friendly or not, check with Google. They’ll tell you.
Mistake 5: Forgetting to Include Contact Information
This one may seem so obvious, but you’d be surprised how many WordPress users remember to use a high-quality theme, optimize the site with plugins, and push their fully-loaded site live… only to wonder weeks or even months later why no one has reached out.
Contact forms are not a default setting in WordPress. If you’re running a blog, you can enable comments below them, but that’s not the same thing. When setting up a WordPress site for professional purposes, a contact form is a necessity. You can add this in a number of ways, the WordPress plugin being the easiest.
Mistake 6: Not Taking Security Seriously
As you can see, security is a big deal with WordPress. It’s not that WordPress doesn’t go to great lengths to secure their platform (because they do), it’s just that WordPress is the most popular content management system in the world. That means they receive a larger portion of all cyberattacks—75%, to be exact. In other words, WordPress users need to take security more seriously.
There are a few ways to do this:
Work with a web hosting company that provides a secure network to run your site from.
Pay for the security upgrade from your web hosting company.
Use a WordPress security plugin to add an extra level of protection.
Enable backups of your site.
Only use trusted, tested, and supported third-party tools (plugins, themes, and other integrations) on your site.
Look, mistakes happen. That’s why it’s important to be diligent about the work you do in WordPress, to review every change that’s been made on the live site, and even seek out professional help when you need it.
Nathan Oulman writes lyrical poetry around the web on CMS, Webhosting. He contributes to his own website Dailyhosting.net daily.