Today, in this article, I am going to tell you about common WordPress mistakes so that when you create your blog on WordPress, do not do all those mistakes.
Common WordPress Mistakes We Should Avoid for security and Performance
1. Choosing the wrong platform
Many bloggers choose WordPress.com over WordPress.org. Both WordPress.com and WordPress.org are completely different platforms.
If you are serious about blogging, I recommend you start a blog on WordPress.org. But if you have created your blog on WordPress.com, don’t worry, you can easily move it to WordPress.org
2. Choosing the Wrong Web Hosting
However, there are many Web Hosting Providers in the market that promise to be the best, but after purchasing the hosting from them, you feel that they have cheated you.
If you choose an incorrect Web Hosting, it will affect WordPress SEO and traffic both.
3. Installing WordPress incorrectly
However, all web hosting companies allow WordPress to be installed with 1-click. But many users download and install the WordPress zip file manually from WordPress.org. In this case, some bloggers make a mistake.
4. Not using Maintenance or Coming Soon Page
If you have recently launched your site or blog and it is not completely ready for visitors, then maintenance mode or coming soon page should be used. For this, you can use WordPress Maintenance Mode Plugins.
5. Leaving Tagline Default
When you create a WordPress blog, the default tagline is “Just another WordPress site”. Many WordPress beginners leave it as the default, indicating that your blog is brand new and people may not take it seriously.
Use a unique tagline for your blog. You have to click on Settings >> General and enter your unique tagline in the Tagline box.
6. Not deleting Sample Content
When you install WordPress, it will create some sample content “Hello world” and “Sample page”. for learning purposes If you don’t delete it, it makes you unprofessional.
To delete it, click on Post >> All posts and delete the Hello world post. Similarly, to delete a Sample Page, click on Page >> All pages and delete it.
7. Not Using Favicon
This is another common mistake often made by new bloggers. They do not use their favicon. The favicon file shows your brand and professionalism.
After creating Favicon, you can upload it by going to Appearance >> Customize >> Site identity section.
8. Using Google Images
Every blogger uses images for their article. If you need images for your article, then you cannot use Google Images because those images can be copyright protected.
There are many websites in the market (FreeDigitalPhotos, MorgueFile, Pixabay, Pexels, etc.) that offer free stock images.
You can use a website that provides images for free.
9. Ignoring Security
WordPress is the world’s most popular Content Management System (CMS). According to W3Tech, 32% of websites are built on WordPress. Because of its popularity, hackers target it more.
If you do not secure your WordPress website, then hackers can hack or delete your data.
10. Using “Admin” for Username
The admin username is saved by default when installing WordPress. However, you can change it.
But if your WordPress website or blog’s login username is Admin, change it immediately.
The reason everyone knows this username of WordPress. Hackers easily hack sites or blogs with admin username.
11. Using Weak Password
Hackers constantly try to Guess your Username and Password. So that they can access your site. If you use Weak Password for your site, then hackers can easily hack your blog.
Use the strong password for your site, so that no one can guess the password. Also, change it at some time interval. Make the password complex and strong using uppercase A, lowercase a, number 1, special character # $ – ‘^ &, etc.
12. Not using Well- Coded Theme
Do not install themes for your WordPress site from any unknown sources. This can cause your site to be hacked.
Also, use a fast loading theme for your site. You can install premium themes for your site which are well coded and speed optimized. But if your budget is low, you can use free themes such as GeneratePress or Astra themes.
13. Not Taking Complete Backup of Website
Backup is the most important part of any website. If you do not back up your WordPress site periodically and if any issue occurs with your blog then you will not be able to restore your blog.
14. Not Taking Backup Before Making Any Changes
Many users do not back up their site before making major changes in their site and when their site breaks, they start looking for a solution.S please take the backup of your site before making any major changes in your blog.
15. Not updating WordPress Core, Themes and Plugins
WordPress developer teams regularly update WordPress to fix its bugs, security patches, etc. If you do not take the update seriously, you may face security vulnerabilities. Hackers can inject malware into your site.
But keep in mind that plugins and themes that have not been updated for years, do not use them. You use their alternatives.
16. Not changing the name of the WordPress Database Table Prefix
The name of the WordPress database table prefix starts with wp_. To see this, connect to cPanel and go to the phpMyAdmin section. Here you will see the database table Prefix name wp_comments, wp_options, wp_links etc.
Hackers know this default database table prefix well. SQL injection can severely damage a site’s database. But you can avoid such attacks by renaming Database Table Prefix. Like changing wp_ to mywp_, xizq_, istc_, xzxi_, etc.
17. Not Disable File Editing
If a hacker hacks your blog, he can edit or delete any files of the theme and plugin from the dashboard. Now you can understand it is very important to secure the WordPress dashboard.
To disable theme and plugin editing from WordPress website dashboard, add this code to the wp-config.php file.
This will disable the editing feature from your site’s dashboard. To insert the code, log into your hosting’s cPanel, then navigate to File manager >> Root Folder. Here you can see your wp-config.php.
Note: Before entering the code, backup your wp-config.php file.
18. Not Securing WP-Config.php File
The wp-config.php file contains important data stores such as MySQL settings, secret keys, database table prefix, etc.
So it is very important to secure it. Login to cPanel. Navigate to File manager >> Root Folder. Here you will see the file wp- config.php. Now you have to set its Permission to 400 or 440. So that no other user can read or write it.
Apart from this, you can disable the WP-Config.php editing feature by putting the below code in .htaccess,
It is very necessary to keep the wp-config.php file secure, otherwise, the data of the WordPress website can be hacked through this file.
19. Keeping Directory Browsing ON
Directory browsing means that people can easily view your site’s photos, files, folders, subfolders, directories, etc.
Through this, hackers try to know which files are on your site, and what weaknesses are hidden in them.
Some WordPress folders such as wp-content, wp-includes have sensitive data. Which can be easily viewed through directory browsing. Therefore, not disabling directory browsing is like giving hackers an open invitation to hacking.
To disable directory browsing, you have to paste a simple code in the last of the .htaccess file.
20. Not Using HTTPS
HTTPS is one of the Google ranking factors. Because Google still wants a more secure web. So Google is using this as a ranking factor. Sites that have HTTPS enable receive good performance and more traffic in SERPs.
If your site is still HTTP, move it immediately over HTTPS.
21. Edit or Customize functions.php Or .htaccess File without Backup
So before editing or customizing them, make sure to backup them so that you can easily restore them in case of any problem.
23. Using multiple plugins
More plugins can slow down your site. Use a plugin that can do multiple tasks for your site.
Like Yoast SEO – When you install it on your site, there is no need to install different plugins for site indexing, sitemap, custom title, meta description, etc.
Take care of one thing, always use the well-coded plugin. There are many plugins in the market whose coding is very poor. If you install them on your site, they can severely affect your site performance.
24. Not Removing Deactivate and Unused Plugins
If you have any deactivated plugins on your site, delete them immediately. Otherwise, you may face a security issue. With the help of a Deactivate plugin, hackers can install the malware on your site.
On the other hand, Unused Plugins affect your site performance and increase the size of the backup file.
25. Uploading images without compressing
If you use a lot of images on your blog or website, then it is very important to resize and compress them. Images optimization will improve your site load time.
27. Not using Cache Plugin
Cache Plugins is a very important factor for the site performance that Cache Plugins should be on every WordPress blog or website. This boosts your website loading speed.
Many Caching plugins available for WordPress. But W3 Total Cache is the best plugin among them all that comes with features like page caching, browser caching, object caching, database caching and minification. Alternatively, you can use the WP Super Cache plugin.
28. Not using CDN
CDN also boosts website loading speed. It creates a Cache version of your site on its servers and serves content to the users through the servers that are closest to the user’s location. This reduces your server load and improves website loading speed.
Currently, I use Cloudflare on my site. It is a very popular CDN company.