Skip to content

The 9 Sure Fire WordPress Mistakes You Need To Avoid Now

June 14, 2020

Using cheap hosting

You WILL get what you pay for! I get saving money, but your hosting service is not one of the “expenses” you want to skimp on. Do your homework. Write down the things you WANT in a hosting service then go out and ask questions. Read reviews. Ask people who they use. But also pay attention. Do they complain about their hosting a lot? And what issues have they had? Their social media can surely help you there!

Seriously! I had someone tell me they loved their hosting company and never had problems. Yet, her sites were compromised and hacked 3 times last year. How do I know? Because she bitched about it on FB every single time it happened.

DO YOUR RESEARCH! Does the hosting company keep their servers up-to-date? If they are running an older version of PHP, it’s probably a good sign that they don’t keep their servers updated. Don’t use them. How is their customer service? Call or chat and ask questions. How they respond to your questions before you even pay for their services is a good sign of how you will be treated after you are a customer.

Installing WordPress in a subfolder

For the love of the Gods, unless you are using subdomains with different themes or need a sandbox to test themes and plugins, install WordPress at the root directory. If you do not know what I am talking about – install WordPress at the root directory. If you do not know how to code and validate that code properly for static pages, install WordPress at the root directory. If you do not know what I am talking about — install WordPress at the root directory.

See the pattern here?! I certainly hope so!!

Not backing up your blogsite regularly

There really is absolutely NO EXCUSE for NOT backing up your blogsite regularly! Seriously! NO EXCUSE! At the very least, you can do a backup through the cPanel in your hosting service. Backing up your blogsite is MUST KNOW HOW TO DO 101 for ANYONE who has a website, as far as I’m concerned.

If you don’t know how to do it — LEARN HOW! Afraid you are going to wreck something, ASK SOMEONE TO HELP YOU OR DO IT FOR YOU. Yes, you will most like have to pay them. You should pay them. If you don’t want to pay them, LEARN HOW TO DO IT YOURSELF! It’s that simple!

There are hosting services that offer backups in their packages. There are plugins you can install. And you can learn how to do the good old fashion manual way suggested in the WordPress Codex.

Ignoring WordPress core, theme and plugin updates


OMG! This is one of my BIGGEST PET PEEVES! Of the entire list here, I think this is one of the biggest WordPress mistakes you can make, next only to not backing up your blogsite regularly and installing WordPress in a subfolder.

If you do not update, YOU are the only person to blame if your site gets hacked. Period! If you listen to your web designer or developer that tells you not to update because it will screw up all the customizations they have made to your site … again, you are the only person to blame. Why? Because you clearly didn’t A) get a second opinion or B) DO YOUR OWN RESEARCH!

It’s okay to wait a few days, maybe even up to a week, when updates are issued because there may be some new updates that follow because of issues and such. But don’t wait too long. And don’t forget to make sure your blogsite has a recent back up

Using “Admin” for your username

Just STOP! I don’t even want to hear your excuses on this one. Just go to your dashboard, scroll down to Users -> click on Add New and create a new user with a username that is NOT your name. Be creative! Come up with something not the norm. When you are done, SAVE IT!

Scroll down and click on the “Update Profile” button. Then log out of your WordPress. Log back in with your NEW USER. You cannot delete the admin username if you do NOT do this step. Once you are logged in to your new user that is NOT “admin”, delete that account.

Simple! And I swear to the Gods, if you say this is too complicated, you deserve to get hacked. If nothing else, PAY someone to do it for you. But don’t you dare say “it’s too complicated!”

Using your username as “Display Name Publicly As”

This is one of the most overlooked WordPress mistakes, but easy to fix. Just go back to your user profile and see what is in the “display name publicly as” box. If it’s set to your username, change it to anything other than that. Don’t forget to save!

So why is this important? This is what is used for the “Author” on posts and pages. All any hacker has to do is find out the author name and they have the username. Half their work is done. Unless of course, you changed the display name to something else Well mostly. A really determined hacker can find out what your username is, but for the most part, just switching this will help deter most hackers.

I’ve said it before, and I’ll say it again. A truly secure blogsite is one that is not on the internet. But there are some things you can do to help. This is one of those things.

Using weak passwords

Weak passwords are one of the WordPress mistakes hackers bank on. However, one of the many awesome things with WordPress, is that it shows you if your password is strong or not. If the strength indicator is green, you’re good! Always include upper and lower case letters, numbers and symbols in your password with at least 15 or more characters. I have found that is pretty sufficient. So, technically, there should be no excuse to create a strong password.

Don’t want to think about it? I suggest using LastPass! It’s free for desktop use but you can upgrade so you can use it across ALL your devices, including mobile (phone, tablet, etc.) for just $12 a year! One of the best investments I ever made! This has made my life so much easier!! I LOVE LastPass! I do not have to remember any passwords, I can change them regularly and I can make them nearly unhackable.

Okay, not for the determined hacker. But still! LastPass is totally worth it!

Not setting permalinks properly

The following is NOT an acceptable permalink:

The “?p=123” not only looks like crap, the search engines don’t care for it either. They don’t know what the post or page is about so it will eventually not show up at all.

Think SEO — This is NOT a search engine optimized link, now is it? So stop doing it! Go back to your WP dashboard, scroll down to Settings and click on Permalinks. Choose a setting that is better suited for your blogsite. Post name, Day and name and Month and name are better options AND they won’t get dinged in the search engines.

I always use Post name. Some people also use /%catagory%/%postname%/. But for simplicity’s sake, Post name will work just fine!

Installing too many plugins

I LOVE plugins! They help make things easier for many things. But you don’t need to go all hog-wild with them. Too many plugins can cause your blogsite to slow down. And that is bad for SEO. It does NOT matter whether you care about SEO or not, the search engines do care. And slow sites do not rank very well. That’s just the way it is.

NOT all plugins are created equally. Not all plugins play nice with other plugins or themes. Not every person who creates plugins knows the proper coding etiquette. Not all plugins are updated. And a LOT of plugins are filled with so much bloat that they bog down your site speed. And this is just the tip of the iceberg.

Why should I avoid these 9 WordPress Mistakes?

Hmmm … let’s start with not being frustrated with your blogsite because it got hacked! Creating a more secure blogsite will definitely save you hours of time and keep you from banging your head on the wall! Am I right?

Using cheap hosting, “admin” as your username, having weak passwords, not updating your WP core or themes or plugins open up so many loop holes for even the amateur hacker. So go ahead! Keep doing those things! You only have yourself to blame if you get hacked!

OH, you got hacked and can’t get back into your site? Oh, you didn’t back up your site?? EVER???? Sorry, Dude! You are totally screwed!!! Looks like you gotta start from scratch. Yeah … that sucks!


Wait … what?!? You don’t understand why your site doesn’t show up in the search engines?

Could it be because you aren’t using proper permalinks?  Or maybe your site is so slow because of those 72 plugins you just can’t live without? That’s great for you, but Google doesn’t care and they aren’t going to share you with the world because they pretty much think your site sucks!

OH! You have great content? That’s nice!

Prove it!!! Take care of your blogsite. And if you are making any of these mistakes, FIX THEM!! 

If you are afraid to break your site, ask someone to help you!

*** Important Side Note ***

Please do not expect that person to do it for free! Be willing to pay for it. Even if they tell you not to worry about it. That person is trying to make a living, too. In the very least, make sure their coffee addiction is covered for at least a month.

YAY! You made it this far!

And you survived my snarky sass, too! Woo Hoo! You deserve a medal just for that! Just sayin’!

At the end of the day, these common WordPress mistakes just need to be avoided. They really aren’t that hard to fix, IF they have been made. But YOU need to be proactive! YOU need to take that step in making sure your blogsite is running smoothly. Whether you are doing it yourself or having someone take care of the stuff you don’t want to, you still need to be part of the process. Even if it’s just asking questions.

Now that you have been reminded what these mistakes are, I’m curious … Have you made them in the past? Did you fix them before you read this? Or worse … Have you advised others not to make these WordPress mistakes only to have them come back and tell you all about how their blogsite got hacked and they need your help? I’d love to hear your stories!