When you build a WordPress website, you open yourself up to an entire world of possibilities. That is both a good and bad thing.
The built-in conveniences and ability to extend functionality with just a few clicks make site owners feel at ease. The bright side is that this allows us to do more with a shoestring budget than we may have thought possible. But it can also lull us into a false sense of security.
The result is that we may be putting our websites at risk without fully realizing it. WordPress, after all, is not a set-it-and-forget-it CMS. On the contrary, it requires us to develop good practices and constant vigilance.
Here are five bad habits that, while innocent in intent, can bring unwanted drama to your WordPress install. We’ll cover both what can go wrong and provide simple solutions that will help you avoid future problems.
Leaving Unused Plugins Installed
It’s a pretty common practice. We search through the WordPress Plugin Repository and find something of interest. We install it and plan on seeing what it can do. However, maybe it isn’t a great fit, or maybe we never test it at all. Still, it sits there.
Keeping unused plugins around can be costly. From a security perspective, it can be dangerous. A vulnerable piece of code could very well lead to malware being installed on your server. This could, in turn, do untold amounts of damage to your site.
The unfortunate truth is that not all plugins are well-written or maintained. Some are even abandoned by their authors. If you happen to be the unlucky person who still has one of these plugins installed, you are a target.
Beyond that, the more plugins you have installed, the harder it is to troubleshoot any errors that arise. Clutter only serves to complicate the process.
It’s okay to install plugins and test them out (preferably on a staging site). But make a habit of removing unwanted plugins – even those that aren’t currently active on your website. Routinely browse through your WordPress back end to check for items you don’t need.
security plugin and make sure your install is up-to-date. It won’t stop every potential attack, but it can thwart the basic stuff.
themes available. But there are times when commercial software just makes more sense. It might be a better fit for your needs or offer more powerful functionality. Plus, commercial-grade support is always welcome when it comes to mission-critical tools.
However, these items take often take a sustained financial commitment, as one-time purchases are becoming rare. Much of the commercially-available plugins and themes for WordPress tend to require yearly license renewals.
This recurring cost helps the developer provide support, add new features and fix bugs. It means that the software will continue to be actively developed, which benefits everybody.
Yet, I am still amazed at how often I see websites using software with long-expired licenses. This can be both a security and functionality nightmare. Eventually, something is going to either become vulnerable or break altogether as new versions of WordPress are released.
Do some research before you buy a plugin or theme. Determine what the future costs will be and if they are manageable. Just as importantly, inform your clients about these licenses! Quite often, a license will expire simply because a client doesn’t know about it.
SEO – there are so many options for each. Collect enough of these plugins and eventually, a few are going to patrol the same territory.
When possible, choose a definitive path for the functionality you need in any particular category. Either find a plugin that does just about everything you want, or piece together a few niche items.
This is where a plugin with its own ecosystem, such as WooCommerce, makes life easier. Through its many extensions, you can add just the capabilities you really need – thus avoiding overlap.
backup plugin. There are also a number of third-party services such as ManageWP, InfiniteWP or even Jetpack that offer similar functionality.
Whichever you choose, be sure to keep a copy of your site somewhere other than your web host. That could be a cloud storage service or even your local machine. That way, you’ll always have access – just in case.
maintenance, you can often avoid the most serious kinds of problems.
Not sure you’re up to the challenge? Start off with something simple, like setting a weekly reminder to update your installation. From there, set a monthly reminder that urges you to take inventory of plugins and security.
Follow that plan and, pretty soon, your website will be in tip-top shape.