The best way to learn about a software program is to start using it, which explains why we all make mistakes, either simple or complex ones.

In WordPress, the worst mistakes are those that you aren’t aware of. And, unfortunately, we repeat them for such a long time that they’ve turned into security problems and slow-down habits.

This article aims to deliver you the most common mistakes and the suggested ways of avoiding them. The key purpose is to make WordPress sites work faster and to be more organized and secure.


Keeping the default username ‘admin’

Once WordPress is installed, it automatically creates a default ‘admin’ username and awards it with governance privileges. The word ‘default’ says it all: hackers have no troubles predicting those names, and in most cases they cause severe damages by accessing your WordPress ‘admin’ account and taking full control over your website.

You have the opportunity to change this name during installation, so please make use of it since you already know that keeping this default setting doesn’t make sense. If you’ve already launched your website, don’t worry, check our article about the best security features to implement in WordPress and you will find out how to change your ‘admin’ user settings. Choose a combination of small/large letters, numbers, and special characters both in the username and the password. Your admin credentials should be very specific and difficult to be guessed.


Leaving ‘admin’ privileges for post authors


WordPress is a great Content Management System, but it’s very important to keep in mind that post authors shouldn’t be granted with ‘admin’ rights. Letting the administrator post the content on your website is one of the most predictable and risky things you could do, since you’re already giving one more hint to an unwanted visitor.

What you should do instead, is let the admin user do exclusively backend work, and create an additional account that will work as an author. Through this, you will protect your website from unauthorized access by using the compromised author username and password. Authors can still text the admin to receive his/her approval before the posts go live.


Forgetting about WP backup


We’ve all regretted at least once that we didn’t create any backups. This is a very common mistake and probably the most crucial one. Backups rescue us in critical situations and the best thing about them is that they can be created automatically within your WordPress installation.


Improper use of tags and categories

You can say “Goodbye” to the attention your content is supposed to attract if it ends up in the black hole of ‘Uncategorized’ posts. All posts will be originally placed in this category because of the template’s structure, so be sure to avoid this default setting.

Themes and widgets depend on categorization to make your post really relevant to a certain group. In addition, WordPress is using categorization to save and archive content, and to set posts apart from Pages.

Another important thing you shouldn’t miss are Tags, which organize contents into groups and topics. Tags are compulsory because they are a separate recognition category, and they have nothing to do with categories.

A well-known myth that is going around for some time is that categories can only be added to the main navigation menu, and that doesn’t make sense. You can see it for yourself: click on ‘Appearance’/‘Menus’/‘Screen’ options, and then on Posts and Tags. If you own a content heavy site, tag posts with popular tags, limit the number of categories, and join tags together.


Forgetting to update


WordPress is improving all the time, and you must follow its development. When a plugin or a theme gets outdated, it starts displaying bugs and needs security changes, or even a full replacement with a new one that is compatible with your recent WordPress version. You need to pay attention to this and set it as your number one priority.

By updating your WordPress version, you’re actually updating its bug-fixing and security capacity, which will leave aside a lot of concerns and keep your work compatible with the newest requirements. Also, check your plugins to see whether they’re compatible with the new WP version.

Update as often as you can, and test updates to see whether they’re actually helpful for the new WP version you’re using. There are web hosts that will do this for you (check hosting control panel and look for this option), but you may also do it yourself.

Once again, we would like to call for attention towards plugins and themes, because they won’t be updated by default. This is the code you should add to your wp-config.php file to update them:

add_filter( 'auto_update_plugin', '__return_true' );

If you want themes to update automatically, then add this code:

add_filter( 'auto_update_theme', '__return_true' );


Heaping the site with unnecessary plugins


In case you installed a plugin but you don’t need or use it, simply uninstall or deactivate it. It occupies your space for absolutely no reason!

You may be tempted by their unique additions, but we honestly recommend you to embrace simplicity and to use only certain plugins that actually contribute to the success of your website.

There are thousands of widgets out there, described in a breathtaking manner to trap your attention, but you don’t really need all them. The single thing that they certainly do is slowing down your website, and nobody wants to see that happening.


Most of the times, WordPress users use the default URL structure: /?p=123. This is a very harmful strategy for your SEO since you’re not helping users locate your content. Therefore, update the permalink structure during installation. In order to do it, click on Settings » Permalinks and update their structure.


Not using a caching plugin


Those of you who aren’t caching, or have no idea what caching is about, are increasing your sites’ loading time, and that’s no good. For the sake of clarity, WordPress works as a dynamic CMS driven by its database, which means that all the information you’re giving users comes from that database, and is used to populate the website via HTML markups.

If you’re doing caching right, you’ll save the finalized HTML markup and serve it to visitors without asking them to go to the database each and every time.

Check our article about boosting the site’s performance to find out how to implement caching within your WordPress.


Being SEO reluctant


Your blog/website’s success depends on the daily traffic driven to it by the search engines. If a good search engine doesn’t rank you high among millions of sites out there, your site will most likely be neglected.

In order to rank better, you must do Search Engine Optimization (SEO) with some of the thousands amazing SEO plugins that require neither much time nor effort. Working without them would be a disastrous mistake.


Failing to replace salts and keys

Salts and keys are located in the wp-config.php file, and their purpose is to do the of authentication of users and machines. Before they appeared, hackers had no trouble stealing cookies during an online session, and pretending to be a user. With the new passphrases, that’s almost impossible.

Do you think that generating salts is difficult? Would be, if you were doing it yourself! Luckily for you, WordPress has a webpage for the purpose! Go to, and copy the content into your own wp-config.php file.


Downloading themes from unreliable sources

You may go to our favorite engine, type in ‘free WordPress themes’ and admire the never-ending load of amazing solutions. You can celebrate about saving time, efforts, and money if you will use free WordPress themes instead of Premium WordPress themes, but is it worthy?

The themes you’ve chosen might be free of price, but at the same time, they may be packed with malicious codes and unbeneficial links.

That’s why you need to pay attention to the quality of your theme, instead of going for the first one that attracts your attention. If you choose an improper theme, you can forget about your online success. A much smarter choice is a reputable company and a professional premium theme that functions better and it’s more secure.

Avoid these mistakes and you will build a solid ground for your successful online presence. It’s essential to make all the necessary steps to prevent your website from future failures. If you want to share your personal experience about dealing with common WordPress mistakes, please feel free to leave a comment to this article.

there are no comments added

Reset fields

back to top