When you want to develop a WordPress website, you open yourself up to an incredible universe of possibilities. That is both a good and bad thing.

In just a few clicks users have the ability to extend functionality and capabilities with ease. In the short-term this allows us to do more with a shoestring budget than we may have thought possible. But it can also lull us into a false sense of security.

Novice users may not understand the complexities and consequences they are setting themselves up for without fully realizing the risk. WordPress, after all, is not a set-it-and-forget-it CMS. On the contrary, it requires us to follow best practices and continuously monitor the updates and changes made to WordPress and how they will impact your website.

Below are 5 bad habits that, while you might not think are a big deal, can bring unwanted disaster to your WordPress install. We’ll cover both what can go wrong and provide simple solutions that will help you avoid future problems.

Although we all like new toys and enjoy playing with them some don’t play nice. Many theme packages come with a set of plugins that are used to provide the functionality of the website. Many of these packages are already bloated with features that you may or may not want to use depending on your particular business needs. Users also search through the WordPress Plugin Repository and find something of interest. Then install it to see what it can do. However, maybe it isn’t a great fit, or maybe they never test it at all. Still, it is forgotten about and stays installed.

Whether active or inactive keeping unused plugins in your site can be costly. It is a security risk exposing your site to malware through a vulnerable piece of code. Creating bloat on the server that slows down you website performance to a crawl. Also a potential source of future conflict with both WordPress updates and other plugins used to run your site.

Unfortunately, not all plugins are well-written or maintained. Some are even abandoned by their original developers leaving you to swinging in the wind. If you happen to be one of the unlucky victims who still has one of these plugins installed, you are a major target for mayhem.

The more plugins you have installed, the harder it is to trouble shoot the issues. I recently had 1 client who came to us with their problem WordPress install with over 70 plugins. No one needs 70 plugins to run an ecommerce store selling less than 10 products. Fixing their issue took our team over 2 months to rebuild their business website.

When you have a functionality you would like to deploy its okay to search and install plugins and test them out (Best practice: on a staging site). If you are searching for the best solution there may be more than 10 options to try out, but make sure you make it a habit of removing the unwanted plugins as well as those currently not active on your website. Routinely browse through your WordPress admin back-end and check for plugin updates and items you don’t need anymore. This will help you to avoid current and future problems down the road.

So you have spent thousands of dollars and countless hours developing that killer WordPress install. You are running for a few months and making tweaks on occasion. Business is booming and you lose track of your updates as you deal with the daily grind.

Its 2:15 PM you launched your 100,000 user account email campaign and as the promotion heats up on a hot selling holiday and your site crashes. What happened? Everything has been working perfectly for years. Too much traffic? New plugin update conflict? Database crash?

If you don’t have a backup or a staging server to restore your site you’re in big trouble. You are now facing hours of recovery efforts as well as lost revenues from down-time and the opportunity cost of lost new business. Sites like Amazon lose millions every minute they are down. I’m not saying you’re Amazon but you get the point.

The Solution

Setup a staging server that mirrors your live environment. Contact your hosting company and have a backup run periodically to maintain a good copy of your site and database. Install a plugin like UpdraftPro and schedule regular backups to the cloud and redundancy to an email address as well as the local host. This will be a small cost on a monthly basis but look at the savings in time and peace of mind.

Expired Commercial Licenses

Sure, there are thousands of free WordPress plugins and themes available. But there are times when a commercial software package is just what the doctor ordered. It might be a better fit for your needs or provide more flexible functionality. Plus, commercial-grade support is always a blessing when it comes to mission-critical tools.

However, these items often take a sustained financial commitment, as one-time purchases are becoming scarce. Many of the commercial plugins and themes for WordPress require yearly license renewals. This recurring cost helps the developer provide support, add new features and fix bugs. It means that the software will continue to be actively developed, which benefits all users.

Yet, I am still amazed at how lazy people are about business software and how often I see websites using software with long-expired licenses. This practice can be both a security and functionality risk. Eventually, something is going to either become vulnerable or crash altogether as new versions of WordPress are released. (People who are not upgraded to WP 5.0+ are facing major issues – Call me.)

The Solution

Do some research before you buy a plugin or theme. Determine what the current and future costs will be and if they are manageable for your business. More importantly, inform your website administrator about these licenses! Quite often, a license will expire simply because a site administrator doesn’t know about it or it goes to the wrong email address and not the administrator.

Assuming Your Website Is Secure

Security is an area where a lot of us tend to have our blinders on. Not that we ignore it completely, but it is easy to become complacent. Everything is working according to plan right now.

If your website hasn’t been hacked (to your knowledge, at least), you may think everything is just fine – if it ain’t broke don’t fix it. Or maybe your web host touts that they are the most secure platform on the web. Or perhaps you’ve patched a few holes and feel like that’s good enough.

Whatever the reason, we are often more reactive than proactive. This means learning our lessons the hard way – after something bad has already happened. Crisis management is never fun.

The Solution

Don’t ever assume that your website is fully secure and locked down. Just think, some of the most sophisticated systems in the world have been hacked. Your website, by comparison, is easy pickings for a malicious hacker.

Take cybersecurity seriously at all levels. Use strong passwords, utilize a firewall or security plugin and make sure your install is up-to-date. It won’t stop every potential hacking attempt, but it can deter the basic attacks.

Keeping Your WordPress Site Healthy and Happy

WordPress requires some TLC and needs a lot of attention to maintain its health and well-being. It does not take a tremendous amount of time or effort to keep things in order and running in top shape. By developing an awareness of what you’ve installed and performing routine maintenance, you can often avoid the most serious kinds of problems.

Not sure you’re up to the challenge? Contact Rainfire Media for a free consultation and we can help to get you on the right track to success with your WordPress website as well as your business interests.