[This is part of the Common WordPress Mistakes series to help bloggers, churches, ministries and nonprofits avoid common mistakes when creating a new website using the WordPress CMS.]
Today we look at a really big WordPress no-no that many people just don’t think about, notice, or maybe even understand. Because WordPress is so widely used, it becomes an easy target for nasty Internet things that will bring down your website or even worse.
If you want to know what could be worse than your website going down, let me tell you of an online acquaintance of mine (that shall remain nameless) whose website chronically inserts male enhancement adverts. Sometimes they show up on the screen, but most of the time they stay hidden beneath the code. I’ve cleaned it up for him a few times, but now it’s come to the point where it would be wiser to jump to a better hosting service and a get himself a whole new install, theme, the works.
Common WordPress Mistakes
A lot of this could have been avoided had he done one thing:
Update.
1. Not Updating WordPress, Themes & Plugins
Just because your WordPress website is working, doesn’t mean it should go without your attention. WordPress updates, including those for your themes and plugins, need to happen within a reasonable amount of time. I’ve been known to hold-off for a few weeks to update, knowing that a plugin or theme was behind the curve. What you want to avoid is letting WordPress and its themes and plugins to become months (I’ve seen years) behind. If you don’t update, you’re just asking for trouble!
Those pesky little update notifications usually have more to do with security updates than anything else—don’t ignore them!
2. Googling Free Themes & Plugins
Let’s roll back for a moment.
You can Google free themes and plugins. I’ve done it myself—*gasp*.
What you need to make sure of, is that you’re not downloading free plugins and themes from untrusted places. As you begin your WordPress journey, make sure you only download from WordPress.org. Here are the links:
Many plugin developers will have websites for their plugins, so you don’t need to avoid these. Just make sure that when you go to download, it’s from WordPress.org. Another thing you can do to insure you’re not downloading bad junk, is to only install plugins and themes from inside the WordPress admin. This way, you’re guaranteed not to download a malice plugin or theme.
If you’re new to WordPress, I hope this was helpful!
Here are some other WordPress mistakes you’ll want to avoid.
Adam Shields says
This series makes me think of a friend that asked me to fix his blog after it has been hacked. I cleaned out the site, restored a clean version and installed some plugins that I thought would keep it from being hacked again.
And it was hacked again quickly. After doing some investigation it found out that my friend had left his username ‘admin’ and set his password to ‘1234’.
Sometimes is really is the little things that are important.
Eric Dye says
This is a great tip, too. I’ll be adding this to the mix! Thank you, Adam!
Steven Gliebe says
Keeping things updated is huge. Nearly all of the compromised site’s I’ve seen were running old versions of WordPress or plugins.
I’m also surprised at the temporary passwords some users provide for me. I’m glad to see you’ve got an article scheduled on password security. That can’t be emphasized enough.
My guess is keeping everything up to date and using strong passwords would prevent the majority of compromises.
Eric Dye says
Yes, I would agree. Especially when you consider these are the two things that are the easiest to slack-off on.
Rudd says
Currently there are thousands of WP themes and most beginner or new users fall on the trap of FREE WordPress theme. Without any knowledge, they’ll simply download and install in on their site without suspecting anything. Plus, do not use nulled theme (premium themes that are given away for free). I knew it because I did that few times before at the early age of me using WordPress.
Eric Dye says
Thanks, Rudd. 🙂
Steven Gliebe says
Good advice and I’ll add the reason not to download a premium theme for free: they’re often injected with malware, exploits, etc. You also won’t be getting support when using a “pirated” theme. Always buy the original theme from its maker to be safe and covered.
Free themes are fine when coming from wordpress.org.