Common WordPress Mistakes to Avoid

common WordPress mistakes featured

WordPress is the most popular CMS platform out there. If you’re reading this article, you probably already use WordPress for your site, but it’s important to be mindful. Many users, especially beginners, make mistakes when they start managing a website. But many of these mistakes are easy to avoid, and if you read further, you’ll be able to fix mistakes before they harm your website. Let’s check out the list of the most common WordPress mistakes you should avoid

Ignoring website backups

A lot of website users think “It won’t happen to me,” but that’s wrong. One day you can find that your site was compromised and all data was lost. The server may crash or the site may be hacked. You’ll be so upset if you need to start everything from scratch. If you didn’t make a backup, that will be your only option.

If you don’t know how to create a backup, you can do this with plugins. The article “How to Backup Your WordPress Database Like a Pro” will be helpful for you.

When installing WordPress, you are provided with setup options. One of the options is to set a username for your account. By default the username is set as “admin”, but you should change it ASAP. The security of using “admin” as your username is weak and if you use a weak password as well your website will definitely be hacked. You should avoid using short and weak passwords. Your password must be long and consist of a letter, number, and symbol combination. Avoid using any common usernames, like “admin” or “administrator”.

You can also add two-factor authentication to your WordPress website. This article will give you more information about it.

Ignoring updates

There are regular updates for WordPress plugins and themes. When you install these updates, you’re getting new features and security improvements. Many users choose not to update as they are afraid their website will crash. If you are afraid of this too, you can run updates on a staging site and then proceed on a live site to see if everything runs smoothly. If you keep old versions, your website will be open for hackers. You should always update as soon as a new version is released, whether it’s for your WordPress sites, themes or plugins.

Forgetting to install a caching plugin

Deciding not to use a cache plugin is a bad idea. These plugins will help you speed up site loading and optimize your site. If your website loads too long, your visitors will probably close the page and move to another website.

There are a lot of great WordPress cache plugins out there and you’ll definitely see the benefits if you install one of them. If you are using the Jupiter X theme and want to optimize the site to speed up loading times, you can follow the instructions from this article.

Leaving images unoptimized

common WordPress mistakes - image optimize

Using data-heavy images will slow down your website, causing it to take too long to load. So, before uploading images to your WordPress site, you need to optimize them. We already have the article “How to Optimize Your Images for SEO and Speed” where you’ll find detailed instructions on how you can optimize images to improve performance.

Adding Forms to your website without anti-spam validation

When creating a contact form on your website, it’s important to protect it from spam. If you don’t do it, one day you’ll wake up and find your mailbox full of spam. To prevent such issues, it’s recommended to use captcha for the contact form. You can read about custom contact forms in this article.

If you created a website with the Jupiter X theme, you can find how to enable captcha for Jupiter X Contact Form here .

Allowing spam in the comments

It’s a great idea to allow your visitors to leave comments under posts, but a mistake you may make is failing to moderate the comments and deactivating the Akismet plugin. If you approve spam comments, it will hurt your SEO.

The Akismet plugin is one of the best methods of protection. It will block blog comments and pingback spam. Keep it activated to filter out spam messages.

Using ugly plain permalinks 

Permalink structure is very important in a WordPress website. Many website owners use a default URL structure like yourdomain.tld/?p=18. It’s bad practice to leave permalinks like this, since it’s bad for both SEO and for user experience. 

Creating custom permalinks in WordPress is not difficult. To avoid this common WordPress mistake, log in to the WordPress dashboard, go to Settings > Permalinks and update your permalinks.

common WordPress mistakes - permalinks

Forgetting to remove a default favicon

WordPress themes come with a default favicon. It is a mistake if you don’t remove it! Instead, it’s better to replace it with a favicon of your own, so your site looks professional. Usually a company logo is used as a favicon. It’s displayed in the tabs and bookmarks of a browser, and users will identify the site by its icon.

Leaving test pages published

Sometimes you create test pages to test some elements or features on your site or leave sample pages that come with WordPress themes or plugins. You’re making a mistake if you are not deleting them. Such pages will be indexed by search engines and will be recognized as duplicate content or even spam and your SEO score will decrease. So, before publishing the site, make sure you have deleted demo content and test pages.

Wrapping up

WordPress is a great choice to manage your website. While it’s an easy and powerful tool, it’s also easy to make mistakes with it, especially if you’re a beginner. To avoid such mistakes, it’s better to pay attention to each step in this article. If you are aware of other common WordPress mistakes that are missing here, feel free to share them in the comments.

5 Key Maintenance Tasks for Your WordPress Website

maintenance Tasks for your WordPress website featured

Nowadays, as the digital world is evolving like never before, creating a website and leaving it is simply not enough. When it comes to content management systems like WordPress, keeping up with routine tasks is vital. If you are running outdated software on your site, don’t have an optimized database or if you simply don’t care about security questions, sooner or later these maintenance tasks for your WordPress website will catch up to you. Fixing them down the line will be much harder and may even cost extra money.

A better approach is to use the simple tactic of running routine tasks or even automating them in order to streamline this process.

In this post, we’ll discuss the significance of maintenance tasks for your WordPress website and the most important runs to keep your site functioning optimally.

Updates – themes, WordPress, plugins

Plugins and themes are barebones of your site. Basically, your project mainly runs on themes and plugins. However, if you don’t update them, you might encounter serious issues with security or performance. Some users are hesitant about updating their themes and plugins as they think that the update will break the site and lead to some unwanted results. But this is the absolute wrong mindset to have. In this case, staging sites are the best option for those who want to test every update before running.WordPress has a system to manage automatic updates for themes and plugin, however, there are some cases when you might miss an update. Luckily, WordPress addressed this problem in its recent 5.5 update, which allows you to set automatic future updates for plugins and themes. To do this, all you have to do is go to the WordPress dashboard > Plugins and on the right side of the plugin list, set it to Automatic update:

The same thing can be said about the WordPress update – which is the most popular content management system as it backups more than one-third of the world’s websites – which always offers the most important performance and security updates. 

The automatic WordPress update can be easily done by using the Easy Update Manager WordPress plugin, or you can manually set it in the wp-config.php file by adding this line of code:

define( 'WP_AUTO_UPDATE_CORE', true );

Now your WordPress core will update automatically without your input.

Maintaining your database 

Maintaining your database is one of the most important maintenance tasks for your WordPress website. The more content you add to your site, the bigger your database becomes. Changes made to your site, post revisions, your site’s content, user settings, comments, and pretty much everything else is stored in the database. 

As the database becomes bigger and heavier over time, it will slow down your site’s loading speed. Furthermore, the larger your backup, the more it might affect the uploading and downloading speed of your backups.

There are many methods to optimize a WordPress database. The WordPress plugin repository offers many plugins that you can use for a particular job. If you want to save time and use tools that have been tested by many users, you might want to consider using Wp-optimize. This plugin contains pretty much everything you need to optimize your database.

This plugin has more than 900,000 installs and was created from the same group as Updraftplus. Once you install and activate the plugin, visit the plugin’s main page and select how you want to optimize your database as seen below.

Please note that when working with a database, it’s always a must to create a backup before doing anything. Wp-optimize has this option on the right side of the Run all selected optimization button. Don’t forget that important step before proceeding.

The plugin also has image, cache and minification settings that you can use for different purposes. 

Regular backups

Backing up your website is another important thing to consider to protect your site against any unexpected surprises. Whether you update your theme or WordPress, instal a new plugin or just optimize your database, you’ll need to create a database.

For this, you’ll also have some great options to choose from for backup plugins in WordPress. We went ahead with UpdraftPlus, which is one of the most popular and universal tools for this task:

Maintenance Tasks for your WordPress Website - updraftplus

Once you install and activate the plugin, go to the setup tab and setup the plugin to meet your goals.This plugin offers some amazing features like backing up and restoring the site from the Cloud or migrating from one server to another and etc.

Security scan and logs

Security in WordPress is one of the most important aspects of site management. Keeping your WordPress, themes, and plugins up-to-date or having a good hosting is a must. But sometimes, event updated software is not enough to protect you from newly written malicious code.Hiding your security gaps is a massive question – so big in fact that it might require a different post entirely. Aside from the basic things such as changing the admin password, setting up two-factor authentication, disabling file editing, among others, it’s also vital to run a general security audit on your site.  You might want to consider Wordfence, which is one of the most popular tools out here for this purpose:

Maintenance Tasks for your WordPress Website - wordfence

Wordfence can run an audit and security scan of your site. If it detects any malicious code in your files, it’ll provide recommendations to further protect your site. Along with its security functions, Wordfence also can be used as a firewall.After installing and activating the plugin, the next thing you need to do is to run a scan of your site. You can do this by going to Wordfence menu > Scan:

Maintenance Tasks for your WordPress Website - wordfence scan

Once the scan of your site is complete, you can then follow the instructions provided by Wordfence.

As you add more content to your site, you are also adding more articles. You might notice that links in your older articles no longer work. The reasons for this vary such as the link or the URL was changed – or perhaps the website was taken down. The same thing might happen if you’ve added images from other sources.  A scheduled inspection of broken links on your site is important, since they may affect user experience and it could hurt SEO ranking in general. But checking these links manually is time consuming, so it’s better to use a plugin for this. For this, we recommend using the Broken Link Checker plugin.

Maintenance Tasks for your WordPress Website - broken link checker

This plugin will monitor all broken and dead links on your site and inform you either by mail or in the dashboard.

Conclusion 

This post is by no means a comprehensive list of tasks that you’ll need to maintain your online business. There are other important things you’ll need to keep track of such as image optimization, spam comments, abandoned themes or plugins, performance tests, SEO audits, among much more. 

If you have any questions related to WordPress maintenance, let us know in the comments section below!

subscribe

Subscribe to Artbees Themes Blog for the best WordPress tips and insights.

Is WordPress Secure Enough? A WordPress Security Review

WordPress Security Featured Image
WordPress Security Featured Image

Let’s consider for a moment a hot topic when it comes to the web: security. Poor security on WordPress websites could lead to secrets being exposed, reputations getting lost in the market and even a service getting shut down.

Yes, security is the most important thing on the web and, unfortunately, many users and even administrators don’t have enough know-how about this matter.

In this post, we’ll take a glance at WordPress security to become familiar with the most crucial things about securing a WordPress website.

As an immense open-source project, WordPress is the most well-known CMS (content management system). Based on statistics, WordPress powers 34% of websites on the internet and more than 60% of websites that use a known CMS use WordPress. This also makes it the most attractive platform for hackers as well. Indeed, if you find an important security hole in WordPress, you can affect 34% of the internet.

You may have heard about WordPress websites getting hacked, and the main question that comes to mind is: “Is WordPress secure enough?” In this post, we’ll address this question by reviewing some stats, layers of WordPress installation security and the performances of administrators. Read until the end to get a good idea of the state of WordPress security.

WordPress Security Statistics

WordPress Security Report Sucuri.Net
Image from sucuri.net

According to a report from Sucuri & GoDaddy, from a total of 25,466 infected sites in 2018, 90% of them used WordPress. The report reveals an increase in WordPress infections from 2017.

When looking at the most significant problems, you won’t find anything related to WordPress core security. Interestingly, common issues with WordPress security are not related to WordPress itself. What matters are the configuration, the usage and what administrators do.

We know that WordPress is an open-source project, meaning that everyone can see the codes and make some changes to them. On the one hand, this would seem to be an open-source CMS that could potentially cause more security problems because anyone can see the codes, discover a security bug and later use it to attack websites.

On the other hand, any individual can watch the status of a project’s security and report any possible security issue privately to the team. WordPress applies security patches immediately, and a new version becomes available to download as soon as possible. Each time a new version comes out, they mention how many security problems have been fixed in the changelog.

Based on the statistics, there is no common effect on websites due to WordPress core security problems. In other words, it works!

Layers of WordPress Security

We first need to wrap our heads about the fact that the security of a WordPress site is not only about WordPress itself. It depends on some other aspects such as themes and plugins, as well as some third-party tools like hosts and servers – and above all, site administrators.

WordPress Core Security

We briefly reviewed WordPress core security in the previous paragraph and mentioned that WordPress patches any security problems immediately. But, what will happen if you don’t upgrade your WordPress installation with the latest version? Then, you’re an excellent target for hackers.

WordPress Core Security

Detecting the version of WordPress is not hard to do. Even if you use plugins and codes to hide which version of WordPress your site is using, there’s no guarantee that hackers won’t be able to detect the version of your WordPress. And after that, there’s a list of security problems (which are fixed in the latest version) that you won’t have access to it unless you upgrade WordPress. With a list of potential security holes in your site, the chances of being hacked increase. Therefore, it’s better to constantly keep your WordPress site up to date.

Security of Themes & Plugins

Unknown Sources

Most WordPress sites get hacked because of their backdoors. So, if you download a theme or plugin from an unknown source or a site that provides a nulled version of premium themes, you are at risk. It’s all too easy to inject some codes into the package and provide a zip package to download. Unfortunately, some users are not aware of this and, for that, administrators are responsible.

Non-updated Themes or Plugins

Similar to WordPress core, you should keep plugins or themes up to date because they are even more vulnerable. Sometimes it takes time to patch a security problem. If you read the fascinating facts surrounding the Panama Papers hack on Wordfence’s site, you may never forget to update your themes and plugins with the latest version.

Host, Server and WordPress Installation Configuration

Web Hosting WordPress Security
Photo by Web Hosting on Unsplash

Sometimes, a website gets hacked in shared hosting. After hacking a website, the hacker may penetrate the host and then access other websites on that server.

Consequently, it’s crucial to host your website in a known and secure host provider. And it’s better to configure the hosts accurately. There are many factors to consider while configuring a server for a WordPress installation. As a quick checklist, you should be aware of the firewall, backup system, SSL and SFTP, automatic security checks, malicious activity detector, email security, and file permission. We’ll take a deep dive into these matters in a later blog post.

Moreover, it’s necessary to be aware of configuring the installation. Changing default database table prefixes, using a strong password and not using “admin” as the username can decrease the chances of your website getting hacked. Following these simple steps can help you to avoid any possible security problems on your website. We’ll also describe in detail WordPress configuration problems in another blog post.

Administration

As mentioned previously, admin is one of the biggest problems and the main reason why websites get hacked. As we can gather from the statistics, the most prevalent problem is website administrators and webmasters. Unfortunately, not enough attention has been paid to this matter.

The security of a website is highly dependent on the performance of webmasters. They can simply allow hackers in by setting an easy-to-guess password or username like “admin” and “12345678.” Sometimes, webmasters aren’t informed about security patches or small updates, and it can put the website at risk. An administrator should be cautious about user roles and permissions when a website is open for new user registration.

Many of these precautions are easy to take when using a security plugin. We’ll have a blog post about WordPress security plugins that will include a review of the most popular ones.

As a result, it’s easy to say that the WordPress core is highly secure. The community will take care of WordPress security, and if you want to use it for your new project, it’s better to take some time to learn more about common security problems, find a good host provider and correct configuration.

subscribe

Subscribe to Artbees Themes Blog for the best WordPress tips and insights.