Whether you created your WordPress website as a DIY project or hired someone to do it for you, I see some common mistakes being made time and time again. Here are a few mistakes you might be making – and more importantly, what to do so you don’t keep making those same mistakes!
1. Not having a plan for backups
Please, don’t assume your web host is backing up your website. It’s true that many web hosts do provide backups as part of your hosting plan, but you want to make sure those backups are happening on a set schedule and you know how to log in and access those backups, should you ever need to restore one. If your web host does not provide backups as part of their service, you should find a third-party app or plugin to run backups for you on a set interval. Not sure how to do that? Here’s how to backup your WordPress site for free using UpdraftPlus and Dropbox.
In addition to performing regular backups on a set schedule, you should also make backups prior to any time you: (1) install updates to your WordPress site, or (2) make major changes to your site such as doing major redesigns of pages, removing content, etc. That way if anything doesn’t go the way you expect, you can restore from backup and not have to rebuild from scratch.
2. Ignoring WordPress updates OR installing them willy-nilly without backing up first
I can’t tell you how often I have been hired to try and recover a WordPress website that’s been neglected and has months (or even years!) worth of pending updates to install. It’s always a precarious process to update these sites and ensure things keep running as expected.
So why do updates matter? First and foremost: updates to the WordPress core, themes, and plugins oftentimes include security patches that keep your site safe from hackers and malware. Leaving them unpatched creates a security hole that can lead to your site being hijacked, infected with malware, and potentially banned from Google search results due to it being a “threat” to site visitors. YIKES! Second, it’s much easier to upgrade sites incrementally as updates are released rather than jumping 2 or 3 versions. In theory, it shouldn’t make a difference – but experience has told me that when you install updates that jump 2 or 3 versions, the site is more apt to have problems and conflicts between plugins/themes/etc.
Finally, as I mentioned in # 1, any time you install updates you want to backup your site FIRST. It doesn’t happen often, but occasionally an update will fail mid-install, or you will find a new updated plugin has a conflict with your theme, or another plugin. You want to be able to restore your site from backup and get it back online, and then you can reach out to your web developer or possibly the plugin developer to see if there are known issues and how to solve them before attempting the upgrade a second time.
3. Overlooking security
WordPress is by far the most popular content management system today, powering close to 40% of all websites on the Internet. There’s good and bad to that: the good part is, there are TONS of resources out there to support the platform. The downside is, it also makes it a popular target for hackers and malware attacks. I’ve seen instances where hidden code was injected into WordPress themes by hackers to serve malware to site visitors. I’ve seen entire sites taken offline.
Two easy things you can do NOW to make your WordPress website more secure: First, make sure you are installing updates regularly (see items 1 and 2 on this list), and second, makes sure to secure your admin user accounts for WordPress. What does that mean? Login to your WordPress admin dashboard and go to Users > All Users in the left sidebar menu. In there, take a look at how many Administrator-level accounts there are. Is there anyone you don’t recognize? Delete their account. While you’re there, update your password for YOUR admin account. Make sure the password is strong, and change it regularly (at least quarterly).
This is just the tip of the iceberg in terms of site security, but it’s a good place to start! I’ll be covering more in my WP DIY Maintenance e-course that’s coming soon. If you want to be notified when it launches (and get a discount!), make sure you’re on my mailing list…
4. Going cheap on web hosting
A bargain isn’t always a bargain; there’s always a hidden cost somewhere. Most inexpensive web hosting plans are on shared web servers – which is fine, in theory. But the bargain-basement web hosts tend to cram far too many websites on to one, under-powered server. If one site on that server hogs too many resources, it can and will affect the performance and accessibility of the other sites on that server. Shared web hosting isn’t always bad though and most of my small and medium clients are on shared plans. The difference is, reputable web hosting companies don’t cram too many sites onto one server, and they monitor their servers closely for performance issues. They shut down sites that are resource-hogs that affect their neighbor-websites. They reallocate resources as needed to make sure YOUR site stays online, and if there are issues, they have a responsive customer service and tech support team that you can reach out to.
So who do I recommend? For hosting small and medium size WordPress websites, I love SiteGround. I’ve hosted my own sites with them for over 5 years and have had virtually no issues. On the rare occasion that I’ve had a question or needed support, their customer service has been outstanding, replying to my chat support requests within minutes. And more importantly, their support person listened to the problem and fixed it, instead of giving me a brush-off response like “Oh it seems to be fine now, I don’t know what you’re talking about.” (Which is what I’ve experienced with another popular host that rhymes with MoSchmaddy *ahem* 🙄) For large or enterprise companies, I would recommend WP Engine.
Another tip: beware of web hosts that offer UNLIMITED space and/or UNLIMITED bandwidth. Much like cell phone companies with “unlimited” data plans, the usage is usually only unlimited up to an amount they deem reasonable, and then some amount of throttling will happen. Another popular color-named web host was notorious for this at one point a few years ago; their customers would have a blog post go viral and out of nowhere their site would go from having a hundred visits a day to having tens of thousands, and even though they had “unlimited” bandwidth, this host would pull the plug on the site temporarily. Then the customer would be in a fight to get their site back online as fast as they could so they didn’t lose momentum on that new traffic that was coming in. You can imagine how bad for business this was.
5. Not asking for help
Finally, the worst thing you can do is to have a WordPress website that you ignore because you’re not sure HOW to maintain it or you don’t have the time to do so. Your website is an enormous asset for your business, and just like you would maintain your other business assets (buildings, vehicles, equipment, etc.), your website deserves proper maintenance and care to keep it performing optimally. A simple solution is to hire a web developer to maintain your WordPress site for you. A good developer will give you peace of mind and can be a resource for your questions and concerns when it comes to your site.
Time to fess up…
Don’t be shy. What mistakes have you made that have impacted your WordPress site? Email me and tell me about it!