Common WordPress mistakes (and how to avoid them)

Common WordPress mistakes (and how to avoid them)

Morgan Smith's Layout avatar

Everyone makes mistakes, but when you’re just starting out with WordPress, there are some traps that are easy to fall into. To help you avoid these common blunders, we’ve put together this list so you can avoid the same mistakes many beginners make.

Ready to begin? Here are six of the most common WordPress mistakes to avoid when you get started.

1. Installing plugins and plugins and plugins…

I know what you’re thinking: plugins add functionality to your site, and functionality is good, right?

Not always.

When you’re browsing the WordPress Plugin Directory, it can be easy to get a little carried away and install every plugin under the sun. While there are lots of great plugins that will help your site flourish, there are some that can also bring performance issues with them and slow down your site.


Before you go installing things all willy-nilly, it’s important to take a look at the plugin stats and information, and to ask yourself if you really need that plugin in the first place. Check when the plugin was last updated, if it works with the latest version of WordPress, and read through the documentation (if there is any). If it looks like a well-maintained plugin that accomplishes exactly what you need it to, it’s probably a good option to install! If it’s not a perfect solution, however, it’s probably best to ignore that one and do a little more research.

Besides, who wants to maintain and update a bunch of plugins anyway? Which brings us to the next common mistake…

2. Ignoring updates for plugins, themes, or WordPress

Between all the plugins, themes, and WordPress itself, it can be hard to keep track of all the updates a site needs. And if everything is working correctly, it can be even harder to see the immediate value in taking the time to update those things.

These updates are incredibly important for security purposes, however. More often than not, when a WordPress site is compromised, it’s because the site is running on an old and easily exploitable version of WordPress, or an outdated version of a theme or plugin. Developers wouldn’t provide updates if they weren’t important, so it’s equally as important that you take the time to update things.

If you’re worried about the update “breaking” something on the site, simply take a backup before performing the update. This will allow you to roll back (in the event that something does get messed up) and you can take the time to figure out what the issue is.

3. Using a weak admin name or password

WordPress is an extremely popular content management system, meaning it’s a common target for attacks. Hackers will try to guess the admin password to a site over and over again until they get it right, so picking a weak password for your WordPress admin panel, like “password” or “1234,” just makes it easier for them. Use a longer password, include some numbers and symbols, and maybe even consider a tool like LastPass or 1Password.

It’s also important not to have a default WordPress username, like “admin” or “administrator.” Change it to your name, or even better, your secret superhero identity’s middle name.

Using a managed host like Flywheel can give you some peace of mind knowing that if anything happens, a team of awesome specialists totally have your back. Learn more here!

4. Making updates to your live site

Technically speaking, there’s nothing wrong with updating your live site. But in practice, if you make a mistake or type the wrong code, you could bring your entire site down. Yikes.

To avoid that pressure completely, it’s a much better idea to make site updates via a development copy of your site. With a staging site, you’re free to make changes, test code, and experiment to your heart’s content without worrying about the live site. Yipee!

And again, before making any changes to the live site (even if you’ve tested everything on a staging site) it’s best to take a backup, just in case.

5. Adding customizations to a parent theme, instead of a child theme

So you’ve found a WordPress theme that’s almost perfect, but not quite. Especially if you don’t have a lot of changes in mind, your initial reaction is probably to edit the theme’s code, right?

While that method would work for a time, there’s a major problem with it – as soon as an update for that theme is released, the update will override your customizations (and as we discussed before, it’s incredibly important to install updates.)

To get around this, you should create a child theme. Child themes use parent themes as starting points and then build on top of them. In other words, by using a child theme, you can update the parent theme AND keep your customizations.

Need help creating a child theme? This tutorial will teach you how to make one.

6. Using the default settings

When you create a new WordPress site, it’s easy to dive straight into the content and start creating posts, pages, and changing the design. When you spin up a new site, however, it’s incredibly important to take a moment to go through the default WordPress settings.

For example, you’ll probably want your site to have a tagline other than, “Just another WordPress site.” And the default permalink structure, “,” doesn’t look very professional and certainly isn’t the best option for SEO.

There’s nothing inherently wrong with the default settings, they’re just not optimized for your own site. If you take the time to walk through the options and make decisions about how your site works, you’ll create the foundation for a strong and professional WordPress site.

What else would you recommend new WordPress users avoid? Help grow our list in the comments below!

Comments (1 )

  1. Shivam Sahu

    January 5, 2018

    Hey Morgan,
    Great article, and while I knew most of these tips there are a still a few I didn’t know about. One thing I see on some new (and maybe even older) WordPress site is people don’t disable/remove the meta admin widget from their sidebar. No reader/viewer/client/customer, etc needs to see a link for you to log into your WordPress dashboard when they got to your site. That tab is completely useless (just go to and should be removed as soon as your site is active.

Join the discussion