When you build a WordPress website, you open yourself up to an entire world of possibilities. That is both a good and bad thing.
The built-in conveniences and ability to extend functionality with just a few clicks make site owners feel at ease. The bright side is that this allows us to do more with a shoestring budget than we may have thought possible. But it can also lull us into a false sense of security.
The result is that we may be putting our websites at risk without fully realizing it. WordPress, after all, is not a set-it-and-forget-it CMS. On the contrary, it requires us to develop good practices and constant vigilance.
Here are five bad habits that, while innocent in intent, can bring unwanted drama to your WordPress install. We’ll cover both what can go wrong and provide simple solutions that will help you avoid future problems.
Leaving Unused Plugins Installed
It’s a pretty common practice. We search through the WordPress Plugin Repository and find something of interest. We install it and plan on seeing what it can do. However, maybe it isn’t a great fit, or maybe we never test it at all. Still, it sits there.
Keeping unused plugins around can be costly. From a security perspective, it can be dangerous. A vulnerable piece of code could very well lead to malware being installed on your server. This could, in turn, do untold amounts of damage to your site.
The unfortunate truth is that not all plugins are well-written or maintained. Some are even abandoned by their authors. If you happen to be the unlucky person who still has one of these plugins installed, you are a target.
Beyond that, the more plugins you have installed, the harder it is to troubleshoot any errors that arise. Clutter only serves to complicate the process.
It’s okay to install plugins and test them out (preferably on a staging site). But make a habit of removing unwanted plugins – even those that aren’t currently active on your website. Routinely browse through your WordPress back end to check for items you don’t need.
Assuming Your Website Is Secure
Security is an area where a lot of us tend to have a blind spot. Not that we ignore it completely, mind you. But it is easy to become lax.
This can happen for several reasons. If your website hasn’t been hacked (to your knowledge, at least), you may think everything is just fine. Or maybe your web host boasts that it’s the most secure platform on Earth. Or perhaps you’ve taken a few minimal steps and feel that’s enough.
Whatever the reason, we are often more reactive than proactive. This means learning our lessons the hard way – after something bad has already happened.
Don’t ever assume that your website is fully secure. Just think, some of the most sophisticated systems in the world have been hacked. Your website, by comparison, is easy pickings for a malicious actor.
Take security seriously at all levels. Use strong passwords, utilize a firewall or security plugin and make sure your install is up-to-date. It won’t stop every potential attack, but it can thwart the basic stuff.
Letting Commercial Licenses Expire
Sure, there are tons of free WordPress plugins and themes available. But there are times when commercial software makes more sense. It might be a better fit for your needs or offer more powerful functionality. Plus, commercial-grade support is always welcome when it comes to mission-critical tools.
However, these items take often take a sustained financial commitment, as one-time purchases are becoming rare. Much of the commercially available plugins and themes for WordPress tend to require yearly license renewals.
This recurring cost helps the developer provide support, add new features, and fix bugs. It means that the software will continue to be actively developed, which benefits everybody.
Yet, I am still amazed at how often I see websites using software with long-expired licenses. This can be both a security and functionality nightmare. Eventually, something is going to either become vulnerable or break altogether as new versions of WordPress are released.
Do some research before you buy a plugin or theme. Determine what the future costs will be and if they are manageable. Just as importantly, inform your clients about these licenses! Quite often, a license will expire simply because a client doesn’t know about it.
Using Multiple Plugins for the Same Purpose
Another potential complication of becoming a “plugin collector” is an overlap in functionality. This can result in your website taking a performance hit. If you’re running unnecessary code, it stands to reason that it will have a negative impact on page speed. And it can also create functionality conflicts, as multiple bits of code are fighting for the same space, so to speak.
This particular issue is often one that takes time to rear its head. For example, you may start with a do-it-all plugin like Jetpack. After a while, you might seek out more niche plugins, some with functionalities that overlap the aforementioned Swiss Army knife of WordPress.
But this could be applied to literally any category of plugin. Contact forms, security, eCommerce, SEO – there are so many options for each. Collect enough of these plugins, and eventually, a few are going to patrol the same territory.
When possible, choose a definitive path for the functionality you need in any particular category. Either find a plugin that does just about everything you want or piece together a few niche items.
This is where a plugin with its own ecosystem, such as WooCommerce, makes life easier. Through its many extensions, you can add just the capabilities you really need – thus avoiding overlap.
Not Keeping Personal Backups
Maintaining backups of your important files is a good practice that goes well beyond WordPress. But not everyone thinks about the risks associated with not having a copy of their website on hand at all times.
It is reasonable to assume that your web host will back up your website (both files and database) every day – and the responsible ones do. This can be a lifesaver. That is unless something goes wrong.
As experience has taught me, you can’t rely solely on others for this duty. A poorly-timed mistake can leave you in a bad situation, should the worst happen. Missing critical files could mean filling in a lot of gaps or starting over from scratch.
There are several ways to back up a WordPress website. The easiest and most direct method is by using a backup plugin. Many third-party services such as ManageWP, InfiniteWP or even Jetpack offer similar functionality.
Whichever you choose, be sure to keep a copy of your site somewhere other than your web host. That could be a cloud storage service or even your local machine. That way, you’ll always have access – just in case.
WordPress Requires TLC
Long after the thrill of your website’s launch, WordPress still needs a lot of attention. The good news is that, even though there are some potential pitfalls, it doesn’t take a tremendous amount of effort to keep things running smoothly.
By developing an awareness of what you’ve installed and performing routine maintenance, you can often avoid the most serious kinds of problems.
Not sure you’re up to the challenge? Start with something simple, like setting a weekly reminder to update your installation. From there, set a monthly reminder that urges you to take inventory of plugins and security.
Follow that plan, and, pretty soon, your website will be in tip-top shape.