The Top 8 Mistakes You’re Making in WordPress

Since becoming a certified expert WordPress developer back in 2015, I’ve had the opportunity to work with some of the most unique clients and projects you can imagine. And that means I’ve fixed a huge amount of common mistakes with WordPress installs.

In the interest of being fully transparent with you, to date I’ve successfully completed more than 1900 projects for 725+ real-world clients in my personal business as a solo freelance web developer specializing in all things WordPress.

All this is to say, you can be sure I’ve seen the complete scope of consequences when it comes to DIY web owners taking on their websites with little to no guidance. Of course, not every single one of my clients was in dire straits when our professional relationship began. But I come across these types of clients more often than I’d like.

Individual web owners and starter developers can do pretty well on their own websites using the variety of tools available online, and specifically through WordPress. Even though I look to empower all my non-developer clients, I’ll never come close to putting myself out of business.

No matter how skilled your off-the-shelf skills are working through your own website, the work and knowledge of a professional developer often goes unmatched. Of the things you can do to enhance your skills on WordPress, avoiding common errors should be at the top. Sticking to the list below will put you miles ahead when the time comes for a developer’s help.

Mistake #1: No Backups

Not having a backup solution in place is the number one mistake non-developers make. Backups in essence are the insurance you must have on your site. Simple mistakes quickly turn into worst case scenarios when you don’t have a backup – like forgetting to pay your hosting bill or having a server crash. In my experience, most website owners don’t have the time or resources on-hand to rebuild their entire website from scratch, which makes not having a backup catastrophic.

If you’re unsure about your current backup situation, first check your hosting provider. Some hosts like Media Temple can perform nightly backups automatically.

However, not all hosting platforms include a backup feature, so plugins can be another good option. Backup Buddy and Updraft both allow you to create your own backups and automate future processes. Other plugins out there allow you to export your backups to Google Drive or Dropbox, etc.

Mistake #2: Not Taking Backups Before Running WordPress Updates

Software updates are a necessary part of the online world we live in, and even WordPress itself goes through core updates every so often. While you should always have your software running on the latest version, not every new update will play friendly with your unique website.

Before you ever click “update” for any software release, make sure you take a backup. The intent is to have a rollback point should some functionality or display become altered, or even break, as a result of running the update. If internal WordPress updates cause issues with your website, this is a good time to hire a developer who can squash the bugs introduced with the new software features.

Mistake #3: No Staging Environment for Testing

Any time your website is undergoing changes or updates, a good rule of thumb is to test it in a neutral staging environment. Running any updates on a live website risks your users bumping into something broken, possibly even before you know there’s an issue.

This is especially true for more novice non-developers who rely mostly on Google to understand how to read and write code. A trial-and-error DIY approach can actually take you pretty far. But even simple copying and pasting can lead to major breaks you can’t solve on your own without a developer. With a staging environment, you get to see issues before you push them live. (As with backups, some hosts have plans with staging environments included.)

Mistake #4: Not Using Child Themes

Most WordPress websites are built using themes. Using pre-made themes is arguably the easiest way for non-developers to build websites that look like they were done professionally. But any time you are making code changes to your website, it’s vital to ensure you’re changing the right theme.

Parent themes often run a large percentage of your website. Just like software, they occasionally need tweaks and updates. This means that when the theme is updated, any custom code changes get overwritten and lost. This is a huge hit if your theme makes up 70% or more of your website. This is where child themes come in handy. Keeping your changes within a child theme will allow you to update the parent theme without overwriting the custom code.

Mistake #5: Using ‘admin’ as Your Username

It makes sense why web owners would stick with a simple, default username setting. But having ‘admin’ as your username is actually an open invitation to hackers. In today’s world, automated bots commit the majority of WordPress hacks by mindlessly guessing a username and password anytime they detect a WordPress login form. This is what’s known as brute-force hacking, and it’s very avoidable.

You absolutely still need an administrative account for your website. Just name it literally anything other than admin. When your ‘admin’ user account no longer runs the functions for your website, you are safe to delete it permanently.

Changing the WP-admin path provides an extra layer of protection, since bots won’t be able to find your login page for brute force attacks. WordFence is an additional security plugin and has blocked more than 8 billion attacks just in the last 30 days. You can also use this plugin to change the default /wp-admin path to something unique.

Mistake #6: A Plugin for Every Problem

The large variety of tools and plugins available on WordPress helps users customize each site experience and optimize their on-page content for search engines. But this customizability also means thousands of different theme and plugin combinations existing simultaneously, and it can create a lot of unique performance issues.

Make a deliberate effort to only install the plugins you really need and actually use, and remove the ones you don’t. Not removing unused plugins exposes you to additional security issues. Don’t worry if you can’t quite organize all of your plugins on your own – expert WordPress developers can help with this, too.

Mistake #7: Not Paying Attention to Website Performance

When it comes to performance, every element of the website you see has some impact on its overall speed, which is more important than ever with Google’s newly introduced ranking factors, Core Web Vitals.

Large, bulky images are top hinderers of performance. Image optimization has massive benefits on page weight and load time, which can boost search rankings too. In my humble-yet-expert opinion, WP Smush (Pro) is the most effective way in reducing overall page weight without compromising image quality, and it’s worth the $5/month subscription.

Both high blocking times and a high number of http page requests will significantly impact performance as well. WP Rocket comes with CSS and JavaScript aggressive caching features, code combination, and minification tools. It’s one of the fastest ways to improve performance scores.

A performance audit of your website will show you what red flags you really need to be concerned with, and in what order. Google’s PageSpeed Insights and GTMetrix both provide detailed, actionable reports so you can launch specific efforts to improve your web performance.

Always keep in mind that if any of your performance results reveal complicated issues that DIY plugins cannot resolve, simply consult a WordPress expert for help. Developers will jump at the chance to work with you since you have your audit results in-hand.

Mistake #8: Not Having a WordPress Expert on Your Team

Web owners take great pride in being able to design and run their websites themselves. But you will always need a specialist – at least occasionally. Small businesses who maybe can’t afford a dedicated in-house developer can use platforms like Codeable to find certified, expert WordPress developers to help with any issue under the sun.

Having someone around to help you continually monitor the health of your website isn’t a bad idea either. One of the most commonly missed areas among DIY web owners is that of routine website maintenance. There are huge gains for those who stay on top of keeping their websites well-maintained, and equally leveling consequences for those who choose to ignore it. Chances are you won’t be able to run these kinds of complex services on your own. That’s where your developer comes in.

Emergency issues are the greatest reason to have a well-vetted developer in your back pocket.

While you may not be able to call them in the middle of the night when you run into something urgent, there is significant peace of mind having them on speed dial first thing in the morning. On freelance boards, I too frequently see projects posted with “URGENT” in the subject line because the client didn’t start looking for help until something started negatively impacting their business. While it’s every developer’s desire to help, not all developers want to be introduced to a client and their site with that kind of urgency already on the table.


As a long-time freelance developer, nothing impresses me more than when my clients take it on themselves to learn and implement best practices for their websites. Any prior knowledge you bring to the table with your developer definitely helps the process run more efficiently. Empower yourself and see how your website holds up against this list of common errors.

A small ad for Media Temple's Managed WordPress: "The Faster Way to WordPress" - Hyperfast, streamlined hosting with 24/7 support on every plan.

About the Author Nathan is a certified expert WordPress developer from Orlando, Florida. He's designed, developed, and deployed custom web-based solutions for mom-and-pop shops all the way up to multi-million dollar corporations. Find more of his work at More by this Author