As a disclaimer of sorts, keep in mind that while the post may feel like it’s berating you, a WordPress novice; it’s meant to do so with love. It feels harsh because I care.
Welcome to WordPress.
Seriously, this is the best choice you could have made for your website for any length of time. Your website will always be easy to manage and customize, SEO friendly, reasonably secure, quick to load, and scale to the moon right alongside your enterprise – if you pay attention to good maintenance and security practices for WordPress websites.
But before all that can realistically happen, let’s make sure you aren’t making some of the more common mistakes most beginners make on WordPress, and being a massive roadblock to your own site’s success.
Read on:
1. Difference between .com and .org
They look different and they are. It’s more than just a play on the domain name on part of WordPress to confuse people deliberately – charge them money, or leave them with loads of instructions they have no idea what to do with. They’re not out to prank you. But you might end up pranking yourself.
WordPress.org is the free self-hosted version. For you, this means that you are now the sole owner (and creative/ administrative controller) of everything – your website, content, domain name, hosting, etc. WordPress won’t ask you a penny for it, but in the general scheme of things, you will have to spend some money to purchase a domain name and get your website hosted.
WordPress.com is a managed solution – Essentially, this means that you won’t have to deal with any of the technical difficulties that come from having to deal with hosting plans or maintenance or security and all the rest of it. Post content, and be free. You will also end up being a lot more limited (compared to .org version) in terms of customization with 3rd party themes/ plugins/ development services.
2. The Admin
There are two things you must absolutely never, ever do – Choose ‘admin’ as your actual admin username (that’s just sad… and stupid) and publish your posts from your admin account.
This is because, on a WordPress website, the name of the USER who published the post is generally visible. Once you give your admin name away like this (displayed openly as if in the middle of a county fair) you have done half the work of the potential brute force attackers. All that’s left for them is to guess your password, and they’re in.
Create a separate account with ‘Editor’ Role and use that to publish instead.
3. Taxonomy
WordPress, being an SEO friendly platform, comes with a comprehensive taxonomy which lets you add categories and tags to your posts so that search engines can index and display them on results pages appropriately.
Only, a lot of people don’t know a whit about using WordPress taxonomy. Relentlessly adding as many categories and tags to WordPress posts can get you penalized for duplicating content, EVEN when it’s absolutely original.
Here’s an analogy (only to clarify!) the difference – Categories as the names of automobile manufacturing companies (Ford, Volkswagen, Hyundai, Lamborghini…) and Tags as the names of individual models of these companies have sold over the past. With this, one post about a new Ford model will only have one category (no duplication penalty) and one or more tags (if you’re drawing comparisons with previous Ford models in your post).
Rule of thumb – Handful of categories, as many tags as you need.
4. Update
Okay, I know you’re apprehensive. You have heard about all the stories of something or the other breaking because someone updated the WordPress core, or a theme, or one of the many plugins. It’s horrible, yes. But you’re missing out big time.
Keep in mind that with every update – whether it’s core WordPress (platform update, major as well as minor versions), themes, or plugins – the developers are sure to release a new set of features, performance and general interface enhancement. And even if you can live without any of that, consider the security implications alone.
WordPress core contributors work tirelessly to release security and maintenance patches as soon as a previously unknown vulnerability is found. This vulnerability leaves your site open to vigorous attacks (because at the time when WordPress update is released, so is an entire list of patches made, which is like fodder to all the malicious beasties out there), which can be fixed with a simple update. Themes and plugins are the same way.
5. Security and Backups
WordPress is no less secure than other platforms. The only fact that puts you at risk is because successfully attacking WordPress components (core, a hugely popular theme or plugin) means high yield of hacked sites to do with as a hacker pleases. Despite all that you can stay a step ahead.
Always, always use a hardcore security plugin like Sucuri Pro or WordFence Pro. If you’re on KeyCDN, enquire about HTTP/2.0 protection from DDoS attacks. Update consistently. Scan regularly. And always use a well trusted backup plugin to keep as safety measure in case you do get attacked and need to restore your site. And for god’s sake keep your passwords strong and secure.
Also: Minimize the number of plugins – download them on an as needed basis, and from TRUSTED sources. Exclusively. Seriously, if you’re downloading crap from pirated sites, you are on your own.
Conclusion
It was all so simple in hindsight. These same issues may never even occur to most newbies. Bitter experience talking right here, I kid you not.
Just keep learning about the platform from the countless resources available on the internet. You’ll be fine if you apply common sense.
Author Bio: Lucy Barret is an expert developer with over 5 years of experience. In her long career, she has achieved great amount of success in delivering WordPress development projects on time. She along with her team of developers, convert HTML website to WordPress theme and provide guaranteed client satisfaction.