WordPress is a fantastic content management system, when setting up and managing WordPress there are some common mistakes that can be made, below is an overview of some key areas to look out for and what actions we recommend.
Using a default admin account
Installing WordPress is a straight forward process on most hosting platforms, this can be done from a single click, one part of this setup is generating an administrator account usually named ”admin”, this provides an predictable username for hackers to try perform a brute force attack on your admin account.
To avoid this, when setting up WordPress make sure you name this admin account something different, using a combination of numbers, letters and special characters will help make this hard to guess and harder to hack.
Not updating firmware and plugins
WordPress is constantly evolving the developers deliver updates regular to help provide new features, fixes or security patches for the system.
Many websites that run on WordPress are actually using outdated versions of the system or outdated plugins which are not supported. What this means is your website could be missing out on new features or most importantly security vulnerabilities.
We always recommend:
- Update the core WordPress files.
- Check for plugin updates and making sure your plugins are being supported.
- Before updating always makes sure any new features will not cause any issues with your website.
Not using enhanced security
WordPress is a very secure platform but there is ways to make the system even more secure.
Many WordPress website don’t follow enhanced security changes which can be:
- Using default database prefix “wp_” – this can be an easy way in for hackers to get to your options files. Changing this prefix can stop hackers from finding easy ways into your website
- Not limiting login attempts – if a hacker gets access to your login page they could try brute force attack to gain access. Login attempts will help block hackers trying to attempt different usernames and passwords.
- Not using salts and keys – Session cookies used to be stolen which could let hackers appear to be you when logging into your system, with Salts and keys this can be stopped so make sure they exist in your config file.
We recommend implementing the above and also running a security monitoring plugin which will help block brute force attacks and alert you to any potential threats to your website.
If a hacker attacks your website and damages files it could make your website unresponsive and be left broken. Taking regular backups of your full website will allow you to restore your website easily and not lose any data.
We recommend daily backups of your whole server which can be restored within a single click to make this process easier if it did happen.[/fusion_text]
Not using a caching system
Website speed plays a major role in user experience and your search engine performance. Many WordPress websites don’t use a cache setup as this could be complicated or causes issues.
But using a caching system helps increase efficiency of your websites load time and improve speed when your website receives an increase in traffic.
We recommend using a caching system which is supported and developed by official WordPress developers.
Using default permalinks
Permalinks in WordPress are the hyperlink for a webpage or a blog post. The default permalink in wordpress could be something like www.example.com/?p=4234432.
This is not only bad for a user but it also is not good for your search engine performance. Using a user friendly permalink structure allows your website to be user friendly and help your website rank higher in search engines.
Complicated categories & tags
WordPress allows you to categorise your content with unique categories or tags. When building your website or adding new content to your website over using categories or tags can provide a poor navigation or affect your search performance.
We recommend planning your content using tags and limiting the number of categories to help improve your site structure and navigation.
Moderating comments on your website can become labour intensive but is an important role.
Many WordPress websites don’t put a moderation system in place which means comments are un-moderated which can become an issue. The major issue is spam comments this can harm your business reputation and your search performance.
This can have a knock on effect as you could have genuine comments but these could hidden between spam comments, meaning it could be hard to respond to these comments. This can give a bad perception to your brand as you’re not taking time to respond and interact with your customers.
A basic solution for this would be to disable comments but we recommend implementing a moderation system for comments and responding to comments as much as possible to help with customer engagement.