7 Mistakes People Make With WordPress

7 Mistakes People Make with WordPress (And How to Avoid Them)

Let’s admit it: We all make mistakes, more so in things that require technical knowledge like WordPress (WP).

But the good thing?

Mistakes can be corrected or even avoided altogether, which is the aim of this post.

With over 75 million websites running on WordPress including some top American company websites/blogs like New York Times, Walt Disney, Mercedes Benz, and the official Star Wars blog, the content management system (CMS) receives several new users (about 600+) every day. As with most tech tools, these new users are prone to make one WordPress mistake or another, especially when setting up their sites.

We don’t want your business to suffer; so we’re putting together a list of damaging WordPress mistakes so you can acquaint yourself with them, easily avoid these mistakes, and get the most return on your WordPress investment and website.

Let’s get to them.

1. Not creating regular backups

As important as creating Word

Press backups is, most people still ignore it. They only discover its usefulness when they run into a problem like loss of valuable data and need a backup to restore their sites back to normal.

Chances are that when something goes wrong with your website, without backups to restore the site back to normal, your website visitors will have a bad experience browsing your site as a result of the defect. And that’s not good for your business. Imagine visiting a site like General Motors (GM) only to be greeted by a blank white screen.

So here’s the kicker:

As a WordPress user, one of the most helpful things you can do for your business is to backup your WordPress data, especially before performing an update or editing any file on your site.

To backup your self-hosted WordPress.org site, you can do so manually (using phpMyAdmin tool) or automatically (using a backup plugin like Duplicator, VaultPress, BackupBuddy, or BackWPup).

2. Ignoring updates


Another mistake people make with WordPress is ignoring WordPress updates. Among other downsides, this can result in a security vulnerability.

One reason most people don’t update is that they think after the update, their site will not work properly anymore.

But that’s only half-truth. If your themes and plugins are coded properly, your site will work just fine. But again, it’s always advisable to create backups.

There are basically three things you’d have to keep updated to ensure your WP site stays secure and runs smoothly — the WordPress platform itself, its plugins and themes.

3. Installing defective themes and plugins from unreliable sources


When setting up a WordPress site, one of the first things you do is installing a theme and some relevant plugins. And it is at this point that most beginners usually make the mistake of installing themes and plugins from untrustworthy sources.

Doing this not only makes your site look and perform badly, but also opens the door for miscreants to carry out malicious activities on your site. One such malicious activities could be the display of offensive ads on your site without your permission or consent.

We recommend installing themes and plugins only from the WordPress themes and plugins directories respectively, or from a reliable source like Elegant Themes, StudioPress, and WooThemes.

4. Using the default settings

By default, WordPress comes with some default settings including sample page, default permalinks structure, favicon, “just another WordPress site” tagline, etc.

Keeping these default settings will only present your site as amateurish and unprofessional, and can lead to user experience (UX) issues if you hope to turn your WordPress site into a full business.

  • It’s advisable to create a unique tagline that’s in line with your business or niche, instead of leaving the default there to be indexed by Google. You can change the default tagline by going to Settings >> General in your WordPress dashboard.
  • A permalink is a blog post’s permanent static hyperlink. WordPress’s default permalink structure looks something like www.yoursite.com/?p=123. Not only does this look messy, but is also bad for SEO and UX. A search-engine and user-friendly permalink structure doesn’t only help you get higher search engine rankings, but also makes your site look clean for users. Go to Settings >> Permalinks to change the permalink structure.
  • If you do nothing about your site’s favicon, you’d have favicon displayed either from your web hosting provider or from your theme company. And that’s bad for your brand identity. Think of the favicon as your website’s identity card. You can use a WP plugin like RealFaviconGenerator to change your site’s favicon.
  • Also, do remember to delete the sample page that ships with WordPress install. A quick Google search showed that over one million sites still keep the sample page on their site. Not nice!

5. Tweaking functions.php without any fallbacks

One of the most carking things that can happen to any WordPress user is locking yourself out of your site because you wrongly edited functions.php file (or some other WP file for that matter) without any fallbacks like backups or FTP access.

This usually results in annoying sequels like 500 Internal Server Error, White Screen of Death, etc., and could be very exasperating especially when your site already has people visiting it.

To avoid this, always ensure you have something to fall back to if you’re going to edit your site’s functions.php file.

6. Ignoring Security

Can you guess one of the Internet’s greatest concerns today? It’s cyber security.

Every day, hackers are on the loose, looking for their next victim. And if you ignore the security of your website/blog, you might just be next.

Now, there are tons of WordPress security measures you can follow to make sure you don’t fall a victim. We will talk about this in a future post because security is so important, but for the time being, here are some security steps you can take:

  • Create a backup
  • Install a “Limit Login Attempts” plugin
  • Use Two-Factor Authentication with Google Authenticator
  • Start using WP security tools like Wordfence
  • Never ever use the default “admin” username. It’s the username that is most obviously guessable to hackers. Using the “admin” username, mobsters can easily perform a brute force attack to crack your login and take control over your site overnight. Bad!

7. Not optimizing images

Have you ever visited a website that took forever to load? Chances are that the images on that website aren’t optimized. And most WordPress users are guilty of this slip-up — ignoring image optimization while publishing posts.

Well, if you want to make your WordPress site to load faster, then it’s time you gave image optimization a second thought.

Beyond speeding up your site, optimized images can also have great impact on your site’s SEO and improve UX in a dramatic way.


There you have it — seven mistakes people make with WordPress.

Here’s the thing: People do learn from their mistakes, but it’s much better to learn from the mistakes of others hence our reason for putting together this piece.

In most cases, if these mistakes are ignored, they may lead to more damaging issues like security vulnerabilities and you may end up spending some extra dollars you did not budget.

Use the tips and advice provided above as a guide to avoid these blunders and make your WordPress site better, more secure, and successful.

To evade mistakes completely, we recommend you put your website/blog in the hands of specialized WordPress experts to help you create a WordPress experience that supports rapid business growth.