WordPress Problems: 7 Crucial Things You Should Never Do

WordPress Problems: 7 Crucial Things You Should Never Do with WordPress

Wordpress Problems (1)Did you know that 19% of the web is run by WordPress?  It’s a fantastic content management system, but it is possible to make mistakes, some of which could even be damaging to your business.

We use WordPress on our site because it’s reliable and we’ve had very few problems.  I love the plugin architecture where you can easily extend the basic functionality through paid or free plugins.  This saves us going out getting developers to build new features, which can be very costly.

But this flexibility comes with a price, and you can really get yourself into a sticky situation and end up with your website not accessible, hackers hacking into your site, poor performance and more.

In this article we outline 7 WordPress problems you should avoid:

1.  Login as ‘Admin’

If you or any of your team are logging in as an admin user you need to stop this!  You should replace the ‘admin’ user login with a different name.

If a hacker is trying to get in to your system, their very first attempt will be to log in as the ‘admin’ user.  After that, they will just need to figure out the password so they have half the job done. Plus, if you still have an admin user they will also think that you haven’t secured your system so will hang around longer.

Wordpress Admin user
Make sure never to allow this!

Action: You need to create a user account with full permissions to the site, but which doesn’t have the ‘admin’ username. Then, delete the existing admin user.  Let’s not make the hackers’ jobs easy!

2.  Install too many plugins

The ability to add plugins in order to gain a wide range of additional functionality is great.  But every time you install a plugin, you are taking a risk:

a). Plugin Bugs: All Plugins have bugs and this can affect your site.  There is no perfect piece of software on the planet!

b). Plugin compatibility issues:  This is a very common one.  You can install a plugin that normally works perfectly, but causes problems on the version of WordPress that you have installed, or that clashes with other your plugins.

c). Security issues:  Poor quality plugins can open up security risks to your system.

d). Performance:  The more plugins you install, the poorer your website’s performance will be, because each one uses additional resources that have to be loaded when your website loads up.

The more you have, the more potential compatibility issues can arise, so even though there are some that offer really useful tweaks, show some restraint before installing them all!

So what is the best number of plugins you should have installed?  The minimum amount possible do to the work you need.

Action:  Review the plugins you are no longer using, and uninstall them.  There’s always a couple floating around!

3. Not using a staging server

A staging server is a test server that is a replica of your live environment.  It’s absolutely essential that you never try out updates on your live server without having thoroughly tested them: a staging server is the place to do this.

For example, if you are installing a new plugin, never ever do this on your live server without testing.  9 times out of 10, if you pick a reputable well known plugin, you will be ok, but for that remaining 1  time out of 10, the plugin will cause problems.  It will clash with other plugins, slow down the performance of your site or crash it. The same applies to new themes, layouts etc.

Razorsocial Staging
This is Razorsocial’s staging service which is an exact copy of the live environment

Removing the plugin doesn’t always solve the problem, so you could find yourself in big trouble!  You’ll end up with hours of pain and stress and lost visitors, and how much is it going to cost you to fix?

Action: Make sure your development team provides you with a duplicate copy of your live server where you can test things out.

4.  Manage security yourself

If you are running your business through your website, it’s so important that it’s safe from hackers.  Every day of the week there are hackers trying to get access to your website.  Yes, every day!  If they do get access to your website you might come in one morning to find that your website has been replaced with another one: I remember coming in to work one day years ago to find out my Digital Agency was now a Russian agency (but nothing to do with digital!).

Security is complex so you need to ensure that you bring in experts to help you. I use a managed hosting service called WPEngine.

WPEngine ensures my site is super fast, it checks that it doesn’t have any dodgy plugins and it protects me from me from hackers. And if, somehow, hackers do get in, they will solve the issue not me! (WPEngine also provides a staging server where I can test out my updates). And it doesn’t cost an arm and a leg, unless you have lots of traffic (then it becomes too expensive).

The costing structure is very attractive if your traffic is not that high – this is for a full managed hosting solution

Action:  Get a security expert to tighten up your security, or consider a management hosting service such as WPEngine.

5. Assume your backups are working

Are you backing up all your data on WordPress?  Are you sure everything is backed up?  When was the last time you tried to restore files from your backup?

My background is working in software companies and I’ve seen so many instances where people thought they had everything backed up but they didn’t. Important data was lost, and sometimes it was impossible to retrieve it.  So don’t just assume your backups work, so check it. It’s highly likely that less is backed up than you expected!

Action: Assume your site is gone and, every 3 to 6 months, try to restore a backup to another server.  This will give you peace of mind and protect you if this ever really does happen.

6. Not Considering Performance

The speed of your website is incredibly important: it is one of the factors that Google considers when ranking your site but – more significantly – if your website is slow your visitors won’t come back.

This problem is now worse than ever before, because of the number of people browsing your website on a mobile device.  Typically, on a mobile device, you are out and about and you may not have a high-speed connection, which means that a website download is even going to be slower.

So, how do you know if your website is loading too slowly? Is your home page taking 10 seconds or more to download?  If so, then changes are needed, because that is too slow.  You should certainly be under 5 seconds. You can test the speed of the download using a tool called Web page test (very original name!).

Website Speed Test
Try out your website and compare with your competitor

From this tool alone we found that our home page is super fast, but because of all the images in our blog posts, our posts load more slowly. This means that we need to optimize our images more.

Action:  Review the performance of a selection of pages on your website.  There are some caching plugins available, which help to reduce the speed by storing pages in memory. This means you don’t have to go back to the hard disk to retrieve them (which makes it slower).  These plugins generally require some technical help to optimize: some examples are WP Total Cache and WP Super Cache.

7. Not performing a regular audit

After you have been running your website for a while, you start making assumptions.  You assume that everything works correctly, when, over time, things are actually inclined to change.  So although you may have had good security, for example, that may not still be the case.

Action:  Consider a regular audit on your blog even every 6 months. This should cover things like:

a) Speed of your site – Has your site performance gone down since the last audit? The speed of your website is vital, so you need to make sure that it is kept low.

b) Security – Are there any new security risks that were not there before? Perhaps you have upgraded a plugin which opened up a new security risk?

c) Backups – Is everything backed up as expected?

d) Content – Is there any duplication of content? Are there issues related to optimization of content?


WordPress is a really powerful and flexible system, but having that flexibility means we’re open to many more issues. If you’re not having any WordPress problems at the moment that doesn’t mean to say that you won’t have problems in the future, so it’s important to protect yourself.

What’s next?

We love some action!

a) Comment below – We always love to hear your feedback, even if it is just to say you liked the post.

b) Share – Share this post out to your community: they may also get value from it.

c) Action – Implement some of the steps above. Start making some improvements.

d). Read this post on WordPress plugins



65 Responses to WordPress Problems: 7 Crucial Things You Should Never Do with WordPress

  1. I must confess that I haven’t being a lot of the things that you have mentioned. Besides technical knowledge isn’t one of my strong points, so rather than having someone code, I try to use plugins wherever possible.

    I was unsure if plugins slow down a website but this post has pretty much confirmed that. Thanks once again Ian… its the first time that I came across your website…so “hi” there 🙂

    • Thanks Colin, great to get the first comment so quickly!!! Every plugin you add is something extra that needs to be loaded up. Plugins are great but you have to be careful that you don’t overload your site. Some plugins are super high quality and don’t impact your site in a negative way but others do!

  2. Great points Ian, and something for everyone to make sure and keep on top of. The only one I tend to argue about is the too many plugins. What you said is all true, and too many users just start grabbing them without thinking. What I think it boils down to is “quality over quantity”. If one does a bit of research and ask around, you can often find the right one’s that will behave with each other and not slow your site down. And if one causes an issue, get rid of it.

    But I agree, don’t use one unless you really need to. I think the other issue is that some devs find it easy to say, “Put in this bit of code instead of using a plugin”. That’s fine for them, but often the average user is intimidated with code, and if they do find the guts to do it, or have someone else do, when it comes to removing that feature, they are at a loss of where to find it. Have seen this happen too much. And they lose one of the basic functionalities of WordPress, the ease of doing it yourself.

    Lastly, I remember at a WordCamp one of the core devs for WordPress, and also works for an Automattic related company, said the exact same thing. It doesn’t matter how many you have, as long as they are good quality. He admitted to having over 50 installed on his site.

    But as you said be careful. And if you aren’t using them, delete them!

    Now I will shut up 🙂 BTW, I have 30 installed on one of my sites and 26 on the other 😀


    • Hey Bob,

      How are you doing?

      I have a good few plugins installed also but I do test them all on a staging server and I research the developer before I install them. If you do relevant research, test out the plugin and only have installed the ones you need then everyone will be fine.

      I guess the temptation for users is to search for a plugin and install it without doing an evaluation. A lot of the times you can get away with it but not always!

      Thanks for your comment and I think we agree 🙂


      • Hey Ian, doing good. And yes, that is what it boils down to. For many, the plugin installs is a crap shoot, you never know the outcome…

        Of course, you know me, when it comes to WordPress, I just can’t help from blabbing away 🙂

  3. All good points except for the plugins. It’s not the quantity rather the quality that matters.

    When creating functionality plugins, sometimes we split each functionality into it’s own plugin. This can make the plugin count go very high but it’s the same as putting the code into your functions.php file. So again quality matters more than quantity.

    You can have 5 plugins total but if they’re all poorly coded, then you’re not doing yourself any good.

    Here’s a useful article that I wrote a while back:


    • Thanks Syed, Yes you’re right, you could have many good quality plugins and everything works perfect and you could have one poor quality plugin which causes problems.

      My point is really about people installing lots of plugins and not doing the research to make sure it is a good quality plugin from a reputable developer. Also a lot of people have a range of plugins installed they don’t use anymore or used and haven’t updated.


  4. Great article Ian.
    I’ve been looking for a plugin that tells me which plugins are conflicting or which plugin is being used by a post or page. Any ideas?

  5. I would love to learn more about how to set up staging servers in a future post. In particular I would like to set up a test environment to change the WordPress theme I use. Your suggestions would be most welcome! I found this blog after hearing you on the Social Media Examiner podcast and have been following you ever since.

  6. Ian, Great post. Businesses do not seem to realise that their website is like a car – it needs regular care and attention or else it will not work properly and eventually break down.

    Website maintenance is critical to maintaining an efficient website. Thanks for putting this together. I will be sharing.

    • Thank you so much Chris. The car analogy is very good. Without maintenance you eventually get into big trouble. That reminds me, my service light has been on in my own car for at least a week!!! Ian

  7. I am always amused when people warn about using “admin” as the username for the WordPress, since a hacker then has 1/2 of the information needed to grain access. True, but I’d be more worried about the thousands of sites that use your email address (which is hardly private) as a username. Many of those sites store credit card numbers and other personal data that, IMO, is a greater risk than a collection of blog posts that are probably backed up anyway. So what can someone do with the last four digits of your credit card, an email address and mailing address on file at a site? Read the recent @N debacle courtesy of PayPal and GoDaddy.

    • That’s true Joel, there are more worrying issues. This morning I heard that apple has a security issue with encrypted content on their iphone. That’s one to get sorted first! Ian

  8. Excellent article Ian, another thing I would add is messing around with the code in manual mode, especially without backing up the content. Many times plugin user manuals explain how to make features more interesting by ‘simply’ changing this line in a php, css or any other page of code… Many people try doing it without considering that even a blank space in a line of code could affect the whole behaviour… (I’ve found myself in s—t fixing other people errors because of this more than once)

    • Ha, great point Antonio. You’re absolutely right, we find something on the web which is about just changing one line of code…but this can lead to a whole world of hurt!!! Great point, thanks, Ian

  9. Hey Ian, always a step ahead! I am just starting a new blog site for my shoe company and wanted to ask you and anyone else who would like to jump in, what are the top 10 (?) WP plug ins you would recommend these days? Much appreciated buddy!

  10. Hey Ian, Really great post. It’s always the things “lurking” that catch you. I like the six month check-in – going to begin offering that to clients. Just like my dentist (ha!). Cheers!

  11. Thanks Ian!

    As always Ian your post has clarity and punch – and I love that I can now use it as my CHECKLIST for my new business site. I don’t like backtracking to fix things – so I’m setting up everything for my business as though it is ALREADY a multi million dollar enterprise. Thanks again!!

  12. Great post as usual Ian! I appreciated the reminders and will be sharing the link with my followers and team. I’m about two weeks away from the launch of my new podcast, Heartsong Fit with Vickie Maris, so I’ve hired help to get my website “look” revamped to better coordinate with my podcast and other future products. So this particular post was well timed for me.

    • Excellent, that’s great Vickie. Generally with WordPress everything goes fine but sometimes things go badly wrong. You just need to be prepared for this!

  13. On the topic of using “admin” as the username. I’ve always used a rather crypic username thinking I was safe only to find that it appeared in the author permalink. Still, most attacks are bots prefilling “admin” “password” etc. I know I’ve had my share of brute force attacks lately …I hope they don’t succeed. And my website has absolutely nothing in it! Cheers, Mark.

    PS. Supposedly its good to not have your admin with the user id of #1. I guess that prevents against SQL Injection.

Leave a reply