WordPress the Good, the Bad and the Ugly.

When you want to develop a WordPress website, you open yourself up to an incredible universe of possibilities. That is both a good and bad thing.

In just a few clicks users have the ability to extend functionality and capabilities with ease. In the short-term this allows us to do more with a shoestring budget than we may have thought possible. But it can also lull us into a false sense of security.

Novice users may not understand the complexities and consequences they are setting themselves up for without fully realizing the risk. WordPress, after all, is not a set-it-and-forget-it CMS. On the contrary, it requires us to follow best practices and continuously monitor the updates and changes made to WordPress and how they will impact your website.

Below are 5 bad habits that, while you might not think are a big deal, can bring unwanted disaster to your WordPress install. We’ll cover both what can go wrong and provide simple solutions that will help you avoid future problems.

Don’t Leave Unused Plugins Installed – Clean House

— Rick Romano

Take out the trash

Although we all like new toys and enjoy playing with them some don’t play nice. Many theme packages come with a set of plugins that are used to provide the functionality of the website. Many of these packages are already bloated with features that you may or may not want to use depending on your particular business needs. Users also search through the WordPress Plugin Repository and find something of interest. Then install it to see what it can do. However, maybe it isn’t a great fit, or maybe they never test it at all. Still, it is forgotten about and stays installed.

Whether active or inactive keeping unused plugins in your site can be costly. It is a security risk exposing your site to malware through a vulnerable piece of code. Creating bloat on the server that slows down you website performance to a crawl. Also a potential source of future conflict with both WordPress updates and other plugins used to run your site.

Unfortunately, not all plugins are well-written or maintained. Some are even abandoned by their original developers leaving you to swinging in the wind. If you happen to be one of the unlucky victims who still has one of these plugins installed, you are a major target for mayhem.

The more plugins you have installed, the harder it is to trouble shoot the issues. I recently had 1 client who came to us with their problem WordPress install with over 70 plugins. No one needs 70 plugins to run an ecommerce store selling less than 10 products. Fixing their issue took our team over 2 months to rebuild their business website.

The Solution

When you have a functionality you would like to deploy its okay to search and install plugins and test them out (Best practice: on a staging site). If you are searching for the best solution there may be more than 10 options to try out, but make sure you make it a habit of removing the unwanted plugins as well as those currently not active on your website. Routinely browse through your WordPress admin back-end and check for plugin updates and items you don’t need anymore. This will help you to avoid current and future problems down the road.

Always Backup Your Website

— Christopher Morley

It pays to have insurance

So you have spent thousands of dollars and countless hours developing that killer WordPress install. You are running for a few months and making tweaks on occasion. Business is booming and you lose track of your updates as you deal with the daily grind.

Its 2:15 PM you launched your 100,000 user account email campaign and as the promotion heats up on a hot selling holiday and your site crashes. What happened? Everything has been working perfectly for years. Too much traffic? New plugin update conflict? Database crash?

If you don’t have a backup or a staging server to restore your site you’re in big trouble. You are now facing hours of recovery efforts as well as lost revenues from down-time and the opportunity cost of lost new business. Sites like Amazon lose millions every minute they are down. I’m not saying you’re Amazon but you get the point.

The Solution

Setup a staging server that mirrors your live environment. Contact your hosting company and have a backup run periodically to maintain a good copy of your site and database. Install a plugin like UpdraftPro and schedule regular backups to the cloud and redundancy to an email address as well as the local host. This will be a small cost on a monthly basis but look at the savings in time and peace of mind.

Less is More.

Using Multiple Plugins for the Same Purpose

So you’re a pack-rat, a collector, a plugin connoisseur this is another potential problem with bloat and functionality overlap. Many themes come with a bundled set of plugins, some you like and some you wish were never born. For instance, Contact Form 7 plugin is a free form processing plugin that provides form data capture. Although, robust and well maintained it is not the easiest to use for a novice and requires coding knowledge.  Many people may choose to install a more user friendly plugin that minimizes the coding part of the process, WPForms or Ninja Forms are often the alternative.

The problem comes when you decide to install a new plugin that makes life easier for you, then you neglect to remove the old plugin for one reason or another. This particular issue is often one that takes time to rear its ugly head. Over months and years your site becomes sluggish, buggy and you don’t know why. Conflict is inevitable – weed out the evil.

The Solution

Whenever possible, choose a definite strategy for the functionality you need in any select category. Find a plugin that does just about everything you want, or piece together a few niche items to meet your functional needs.

This is where a plugin with its own ecosystem, such as WooCommerce, makes life easier. Through its many extensions, you can add just the capabilities you really need – thus avoiding overlap. And it is supported by a single developer who maintains the software and updates regularly to secure the products.

Expired Commercial Licenses

Sure, there are thousands of free WordPress plugins and themes available. But there are times when a commercial software package is just what the doctor ordered. It might be a better fit for your needs or provide more flexible functionality. Plus, commercial-grade support is always a blessing when it comes to mission-critical tools.

However, these items often take a sustained financial commitment, as one-time purchases are becoming scarce. Many of the commercial plugins and themes for WordPress require yearly license renewals. This recurring cost helps the developer provide support, add new features and fix bugs. It means that the software will continue to be actively developed, which benefits all users.

Yet, I am still amazed at how lazy people are about business software and how often I see websites using software with long-expired licenses. This practice can be both a security and functionality risk. Eventually, something is going to either become vulnerable or crash altogether as new versions of WordPress are released. (People who are not upgraded to WP 5.0+ are facing major issues – Call me.)

The Solution

Do some research before you buy a plugin or theme. Determine what the current and future costs will be and if they are manageable for your business. More importantly, inform your website administrator about these licenses! Quite often, a license will expire simply because a site administrator doesn’t know about it or it goes to the wrong email address and not the administrator.


Assuming Your Website Is Secure

Security is an area where a lot of us tend to have our blinders on. Not that we ignore it completely, but it is easy to become complacent. Everything is working according to plan right now.

If your website hasn’t been hacked (to your knowledge, at least), you may think everything is just fine – if it ain’t broke don’t fix it. Or maybe your web host touts that they are the most secure platform on the web. Or perhaps you’ve patched a few holes and feel like that’s good enough.

Whatever the reason, we are often more reactive than proactive. This means learning our lessons the hard way – after something bad has already happened. Crisis management is never fun.

The Solution

Don’t ever assume that your website is fully secure and locked down. Just think, some of the most sophisticated systems in the world have been hacked. Your website, by comparison, is easy pickings for a malicious hacker.

Take cybersecurity seriously at all levels. Use strong passwords, utilize a firewall or security plugin and make sure your install is up-to-date. It won’t stop every potential hacking attempt, but it can deter the basic attacks.


Keeping Your WordPress Site Healthy and Happy

WordPress requires some TLC and needs a lot of attention to maintain its health and well-being. It does not take a tremendous amount of time or effort to keep things in order and running in top shape. By developing an awareness of what you’ve installed and performing routine maintenance, you can often avoid the most serious kinds of problems.

Not sure you’re up to the challenge? Contact Rainfire Media for a free consultation and we can help to get you on the right track to success with your WordPress website as well as your business interests.