We all make mistakes. But, learning from our mistakes makes the lesson meaningful.
Below are 7 common mistakes that WordPress users often make. By outlining them, we hope this list can help prevent other WordPress users from running into the same problems in the future.
1. All about “username”
There are mainly 2 types of popular mistakes under this category and let’s go over each of them in detail. The first common one we see is: clients using “admin” as username. Recently, WordPress has been attacked by a massive botnet of tens of thousands of computers and the attack was mainly targeting websites with “admin” as the usernames. “Admin” is the most common username that people choose to create. It would make sense for hackers to attack the websites with “easy-to-hack” usernames first.
Solution: don’t use “admin” as your username when you install WordPress. However, if you’ve already used it, check out this article to see how you can change the WordPress username (by default, WordPress does not allow users to change their usernames).
Also, you have the option of inserting your first name and last name when creating an account for your WordPress login. If you manually insert a name for your account, all your posts will no longer display your username as the author of the posts. Instead, it will display your first name and last name (Note: you are NOT required to insert a GENIUNE first and last name!). Differentiating your username from your “account display name” decreases the chances of hackers successfully guessing your login-name.
Another common mistake in regards to WordPress username is keeping the unused user account. For example, if you hire a contract webmaster to take care of your WordPress website, you should always remove the account once the service ends. Remember, the more user account you have on your site, the greater chance the hackers can access to your website.
Solution: if you don’t need an account, delete it right away.
2. All about “password”
Did you know that the most common passwords are actually “password”, “123456”, and “12345678”? Compiled by a password management company, these results were gathered using the data that hackers have previously posted online.
So, imagine you have a username “admin” with a password “password”, what is the level of difficulty for hackers to attack your website?
Solution: Create a stronger password (e.g. contains at least a letter, a number, and a symbol). Also, regularly update the password!
3. Never backing up your website
Myth: “Why should I back up my own site? Doesn’t my web hosting service provider backup my website anyways?”
Answer: Yes, we do backups of your website, but the backups are mainly for our benefits. All the backup files we make (e.g. in one particular server) are jumbled together. Also, when we perform our backups, it may not be the moment you make changes to your websites. So, chances are, we may not include the latest changes of your website.
Solution: Log in to cPanel and do a full backup of your website regularly. If you don’t know how, read this blog post.
4. Too many categories
The architecture and planning of a website greatly affect its SEO performance. Moreover, leaving excessive categories will slow down your website load time.
Solution: One of the greatest features of WordPress is the capability of using “tags”. “Tag” is very similar to category and it helps WordPress owners to group posts based on the keywords they manually set. So, try to limit the usage of categories and make use of tags to group different posts.
5. Ignoring WordPress and plugin updates
WordPress regularly releases updates for security reasons. If you ignore them, you would probably know the consequences right? The same problem goes to plugins too. Remember this: there are reasons why plugin developers release updates. So when you see the update signs, give them a click immediately!
Solution: Besides regularly logging in to your WordPress Dashboard to see if there are any updates available for download, you may consider using Softaculous to install WordPress. The benefit of using Softaculous to install WordPress is that it will send out email notifications for users when there are new updates release for the installed scripts. For full details, check out our article in our Scripts Library.
6. All about plugins
Speaking of plugins, one of the most common mistakes a WordPress user makes is: missing out the great features of certain plugins. For example, you have a photo WordPress website and you often experience slow load time. You never have the time to investigate the reason behind it. In fact, your high quality images slow down the website. To solve this problem, you can simply install a caching plugin as well as other tools that can help you reduce the file sizes of your website while keeping the quality of the images. To learn more how these plugins help you increase the load time of your WordPress website, check out this article.
While many WordPress users miss out the great features of plugins, on the contrary, there are other WordPress users who like keeping the unused plugin files on the website. Remember: the more files you have on your website, the longer time it takes to load your website. It makes sense to store the files on your website if you are actively using them. But for those that are not in use, why not remove these unnecessary plugins and have a faster website load time?
7. Unfriendly Permalink Structure
By default, WordPress has this setting for permalink:
If you see a blog post with this URL (e.g. YourWordPressBlog.com/?p=123), can you guess what this post is about? If you can’t tell what this blog post is about, your readers (including search engine robots) will have the same experience too.
Solution: login to your WordPress Dashboard. Go to “Settings” and click “Permalinks”. There are 6 settings for you to choose and you can decide which one that fits your need the most.
We hope this article gives you an opportunity to review some of the settings on your WordPress website as well rectify any mistakes. If you need help in solving the problems, our Customer Support Team is happy to assist you. Simply contact us by our live chat, telephone, or customer support ticket system.
Posted in: Security