Ways to Set Yourself Up for a WordPress Disaster

There’s a reason why so many people have turned to WordPress over the years. It’s flexible, relatively easy to use and boasts an amazing community of contributors. That means you can build a website with nearly endless potential in terms of look and functionality. On the downside, it also leaves a lot of opportunities for future problems.

The truth is that it’s incredibly easy to set yourself up for disaster – especially when you’re first starting out. Because WordPress essentially puts the world at your fingertips, there is great temptation to add mass quantities of plugins or even click that “Update” button without first thinking of the consequences. That, along with a host of other actions, can blow up in your face down the road.

Below are some of the most important things for designers and site owners to avoid when it comes to building and maintaining a WordPress website.

1. Use Plugins to Solve Every Problem

The sheer amounts of WordPress plugins we have to choose from can make us feel like the proverbial kid in a candy store. There are plugins for virtually any type of functionality you can think of – both major and minor.

Quite often, we get into the mindset of believing that any issue or limitation we face can be fixed just by installing a plugin. Why? Part of the reason may be because, in reality, it can. Indeed, the right plugin can be just the thing we need to take our site to that next level.

The problem here is twofold. First, not every plugin is created equally. For every truly great and dependable piece of software, there are just as many (if not more) that are a piece of…well, I digress. Taking the time to properly evaluate a plugin won’t guarantee eternal harmony, but it should give you an idea as to quality.

The second issue is that, many times, we look to plugins to do things that are better handled by other methods. For example, there may be a plugin out there to help you edit CSS – but is that really necessary? If it’s something that can be easily (for a professional, that is) done via editing a stylesheet or template, a plugin may be overkill.

This all requires a change in thinking. Realize that not everything can or should be solved by installing a plugin. The idea is to think about what you’re trying to achieve and determine the best way to get it done. Sometimes that means installing a plugin, other times you can get by without one.

Use Plugins to Solve Every Problem

2. Directly Editing Files of a Parent Theme

Part of the beauty of a WordPress theme is that it can be customized to your exact needs. Why, WordPress even includes a handy (if potentially dangerous) editor right there in the back end. But the concern is that, if you’re using a “parent” theme, any edits you make can be overwritten when that theme is updated. With all of your customizations gone, that can lead to a site that looks and acts differently than it’s supposed to.

Unfortunately, that’s a potential issue that designers and site owners aren’t always aware of. In fact, it seems to go against all logic. You have a theme installed – why can’t you just change it as you please?

That’s where the concept of the child theme comes into play. It serves only to handle the parts of a theme you wish to customize, while leaving everything else to its parent. When the parent is updated, the child theme remains unharmed.

A well-documented theme (either free or commercial) should mention the use of a child theme. But not every theme author makes mention of it and, frankly, not every user of a theme will sit there and read the documentation.

Just know that, when using a theme from a source other than yourself, a child theme will save you loads of trouble.

Directly Editing Files of a Parent Theme

3. Failure to Stick to a Backup/Update Routine

We click that update button with a lump in our throats, hoping that everything will work as expected. But sometimes it doesn’t. And the more versions we fall behind of WordPress, a theme or plugin – the more risks we take. Not only for something to break, but also for the potential security holes that may have gone un-patched.

If something does go wrong – what then? While you may be able to scramble around and install a previous version of whatever cooked your site, that doesn’t always work. Even if it does, there may have been database changes that went along with an update that can’t be undone.

Instead of managing updates on a wing and a prayer – be prepared. Run updates routinely and make frequent backups (at the very least, backup your site before applying updates). That way, you’re never far behind and, if something goes wrong, you have a way to reverse course.

Failure to Stick to a Backup/Update Routine

4. Not Taking Basic Security Measures

Because WordPress is so widely used, it has become a constant target for evil doers. A never-ending stream of bots are carrying out brute-force login attempts and scanning for vulnerable installs. And the worst thing we can do is sit idly by while these things occur.

The good news is that you don’t have to be a security expert to implement a basic strategy. Actions such as running a security plugin, keeping your install updated, using strong passwords and restricting access to your site are things anyone can do. Surprisingly, they work.

These measures won’t necessarily stop a concerted attack by an expert hacker. But they will repel the more run-of-the-mill automated attempts as noted above. Besides, if your site is large enough and important enough to attract live humans attempting to break in – you hopefully have a budget for more robust security.

Not Taking Basic Security Measures

5. Stop Paying Attention

This one really stings designers who hand off a freshly made site to a client. For some, the thrill of a new website fades as other priorities take over. What used to be a daily visit to their site turns into once every few weeks – and down from there. That’s precisely when bad things can happen. Only, no one knows because they haven’t been paying attention. And that can ruin even the best of strategies.

For instance, it’s great to have daily backups of your site. But if it’s been hacked for a month and you only keep 30 days worth of backups…not good.

The point is that paying attention pays off. It can keep small problems from becoming larger ones.

Stop Paying Attention

Prepare for Success

There are a lot of things that can go wrong with a WordPress website. But, while we can’t prevent each and every possible issue, having the right approach can put us in the best position to succeed. Instead of taking its ease-of-use for granted and assuming nothing but the highest quality from plugins and themes – try to look at things with a healthy bit of skepticism.

That doesn’t mean that you have to be overly negative – just be realistic. When you know about and consider the risks involved, you’ll be able to make the best decisions possible.

Comments

  • Rucuru

    Great article Eric. I’m constantly telling my clients to make sure they update their websites.

  • karks88

    Thank you!

  • Iryna Malinkovska

    Thank you once again reminded of the important things.

  • I’ve always felt Murphy’s law was an expression of optimism – If clients knew how to keep their websites safe – they wouldn’t be clients

  • Alex Kuharenko

    One advice – don’t use free stock images without any purpose. It just useless.
    You could take screenshots, right?

    But, great article, so far. Thanks!

  • Thank you for talking about plugins not solving every problem. While I totally understand people being intimidated by editing the files themselves, so many people use plugins for stuff that can be done within the dashboard or with, like, a single line of code in a php file.

  • The notion of how easy WordPress leads people to accumulate technology debt when they make bad choices. It all adds up to to point where they can’t fix it anymore. We see many such examples with our clients when we end up auditing and fixing their issues.

  • Luke Cavanagh

    Plugin can solve every problem, but that would be a case of creating custom site specific plugins, rather than installing 50+ plugins from the WP repo.