Installing every plugin available You’ve just started out with WordPress. Congrats! Welcome to a brilliant publishing platform with an incredibly warm and awesome community. Since you’re here, there are some things you should know about working with WordPress. Don’t make the same mistakes some beginners make. Here are 7 of those mistakes to avoid when you get started.

One of the most powerful and attractive aspects of WordPress is its extensibility. There are really killer plugins out there that will accomplish almost anything you need them to. However, there are also a lot of poorly written and unmaintained plugins available as well. It’s easy to look at the WordPress Plugin Directory like a candy shop and want to install every plugin that looks shiny and cool. However, when you’re looking for plugins, make sure that you know where they’re coming from and have a good understanding of how reliable and maintained they are.

Once you find a plugin you want to use, ask yourself, “do I need this plugin?” “Does this plugin achieve what I’m looking to accomplish?” If the answer to both of these questions is anything but yes, don’t install the plugin. When starting out, it may seem like a good idea to install a bunch of plugins to mess around with, but try to only utilize ones you feel you actually need.

Choosing a bottom-of-the-barrel hosting provider UNLIMITED STORAGE SPACE! ECO-HOSTING! FREE BANDWIDTH! PRIORITY XQYZ ACCESS! We’ve all heard the rad slogans of the shared hosting companies. They offer everything you’d need, and all for a few bucks a month. It seems like such a tantalizing deal. Sadly, many shared hosts aren’t all they claim to be. Many shared hosting companies cram hundreds of websites onto individual servers. This is a great way to save the hosting company some money, but if one of those sites gets big, it crowds out all of the others. Don’t force your website to live in a crowded space. Managed hosting services like Flywheel put each individual site on its own server so no matter how much traffic one site gets, it will never bring down or interfere with others. Plus, keeping one site to one server means the server can spend all of its time serving requests for that one site.

Using a weak admin password WordPress is an extremely popular Content Management System. Because of its popularity, it’s a common target for attacks. A lot of attacks against WordPress are really just brute force password cracking attempts, meaning attackers guess the admin password to a site over and over again until they get it right. Picking a weak password for your WordPress admin panel, like password or 1234 is never a good idea. Use a longer password such as correct horse battery staple and include some numbers and symbols as well.

It’s also important not to have a default WordPress username, like admin or administrator. Change it to your name, or even better, your secret superhero identity’s middle name. In the event that your site is compromised, there are many tools and companies that will fix your site for a fee. Hosts like Flywheel will take care of your site’s security, and in the unlikely event of your site being compromised, will fix it for free. Using a managed host such as Flywheel can give you some peace of mind knowing that if anything happens, a team of awesome specialists totally have your back.

Using Multisite when not appropriate WordPress has a feature called Multisite, which allows a WordPress user to create subsites off of a single, main WordPress install. It’s a very powerful tool, and can make WordPress management a breeze when used correctly. However, it’s often not used in a proper manner, causing all kinds of headaches for everyone involved. Let’s look at a few use cases where Multisite would not be appropriate: 1. Hosting separate client websites with Multisite 2. Hosting sites that don’t relate to one another 3. Hosting different sections of a single site Basically, any time where sites hosted on Multisite aren’t just different versions of the same site or individual shells without any real functionality, Multisite is probably not the solution.

Let’s look at a few examples of where Multisite would be appropriate: 1. If your site is for a store that has several different locations. Each page is basically the same, the only difference between them is a photo of the store and the address/hours of the store. 2. If you have a school website, and each teacher is interested in creating a personal blog for their classroom. This would be a small amount of use for a page that will look nearly the same as the parent site, and will probably get recreated every year or semester. 3. If you have a site that needs to be translated into multiple languages, Multisite could come in handy for rendering en.yoursite.com, fr.yoursite.com, de.yoursite.com, etc. 4. If you’re a theme developer, showcasing several different WordPress themes, none of which have any “real” content.

Not updating WordPress and plugins Let’s look at a few examples of where Multisite would be appropriate: 1. If your site is for a store that has several different locations. Each page is basically the same, the only difference between them is a photo of the store and the address/hours of the store. 2. If you have a school website, and each teacher is interested in creating a personal blog for their classroom. This would be a small amount of use for a page that will look nearly the same as the parent site, and will probably get recreated every year or semester. 3. If you have a site that needs to be translated into multiple languages, Multisite could come in handy for rendering en.yoursite.com, fr.yoursite.com, de.yoursite.com, etc. 4. If you’re a theme developer, showcasing several different WordPress themes, none of which have any “real” content. Like we talked about, WordPress is often a popular target for attackers. When we think about computer hackers, there’s this hilariously inaccurate vision of crazy, fast-paced typing action with screens full of green text while someone attempts to battle the super skilled hackers. The hackers are always able to defeat the “best in class security” and leave the good guys stumped until they triumphantly dominate six scenes later. Sadly, that’s not really accurate in any way at all. More often, when a WordPress is compromised, it’s because the site is running on an old and easily exploitable version of WordPress or plugin, has a weak password or has a malicious plugin installed. The truth is, sadly, much less exciting than the movies. Because of this, it’s critical that you update your WordPress site and all of its plugins to the latest versions. WordPress core updates will occasionally release security updates as well, because a vulnerability was discovered. These should be installed immediately. Many managed WordPress hosts, including Flywheel, will automatically update WordPress for you, once again, giving you peace of mind and ensuring that your site is always secure.

Blindly trusting the answers in the forums Okay, we’ve all done it. When working on designing a site, coding a plugin, or just trying to figure out a step in WordPress, we’ve Googled our problems, attempting to find a resolution. Sometimes, we find awesome StackOverflow or forum posts about our exact problem, including step-by-step instructions on fixing it. However, more often than not, there are also threads that describe a problem that’s not exactly the one you’re trying to fix but seems pretty darn close. There may be 3-5 solutions to the problem, all of which will be different than the other.

When researching a problem, it’s wise to never blindly trust the answers you see on forums. Just because one person thinks they have the problem solved doesn’t mean that their solution will apply to you, and it may break your site, pushing you further behind. When looking at crowdsourced answers, look to see how many people confirm an answer. It may be a good indicator of whether or not their solution will work for you. Also make sure to look at the date of the post. Posts from 2008 probably aren’t going to be much help to you now.