In our last article, we discussed five important slip-ups that a lot of people commit when using WordPress. In this week’s post, we are going to talk about five more important points, which are related to themes, plugins and their combination.
Themes and plugins are like our appearance and abilities. When comparing to the human body, the WordPress core is our heart – it makes us “alive”. Themes are our appearance – how we look. Plugins are our abilities – our skills – both physical and mental.
Thankfully, when it comes to WordPress, we can switch between themes and plugins – “appearances” and “abilities”, with the click of a button. (Would be awesome in real life, wouldn’t it? Oh wait, do we have cyborgs?) But too much of interchanging themes and installing a few too many plugins can have an adverse effect. Let’s take a look at each of them:
6. Installing Too Many Plugins
In our last article, we talked about how the YARRP plugin can cause server resource overuse, which can lead to the suspension of your shared hosting account. A similar problem takes place when you install and activate a lot of unnecessary plugins – ones which you rarely use.
It is important to realize the difference between an installed plugin and an activated plugin. All plugins have two states – activated and deactivated.
- By default, when you install a plugin (irrespective of the method of installation – FTP upload or via the plugin manager), the plugin remains deactivated. You have to manually activate the plugin for it to work.
- The second state is the active state, where the plugin is active and functioning in your WordPress site
The adverse effects begin to arise when you have multiple active plugins. There are two main problems that can arise:
- Inter-plugin and plugin-theme conflicts – A particular plugin (or theme) may not work due to some restriction imposed by another plugin (or theme). Let me introduce you to a programming concept called mutual exclusion. One plugin (or theme) might hold on to a particular resource (for an indefinite amount of time) and not let others use that resource. If another plugin wants to access the resource, it can’t – because it’s previously blocked. Thus, the new plugin wouldn’t work.
- Buggy plugins – There are a plethora of plugins available in the WordPress repository. Anyone can contribute to it – a novice programmer, or an expert with a decade of programming experience. The difference lies in the quality of code where the latter would undoubtedly excel. Therefore, we should avoid plugins with a low download count. Even if we do, make sure to test in in an experimental setup
- Stick to reputed and popular themes and plugins
- Use the required number of plugins (try to keep it as low as possible)
- Deactivate unused plugins
- Avoid downloading plugins that aren’t available in the WordPress repository
- Check for plugin compatibility with your current WordPress version
- Perform a full backup before installing a plugin with major functionality
- Try to create an experimental setup of your WordPress site, and install plugins in it
Some of you may ask – Is it okay to install as many plugins as we want, and activate the ones that are strictly necessary? The answer to this excellent question would be – to your surprise – no! Here’s why:
Certain plugins, for example – WordPress SEO plugin by Yoast, require a certain amount of bookkeeping. The various SEO parameters, custom settings, etc. All of this information is stored in your WordPress database.
Most plugins create new field entries in your WordPress database, the moment you activate them. When you install too many of these plugins, it unnecessarily bloats the database size. Later, even if you deactivate the plugin – the newly created fields in the WordPress database would still continue to exist. So just be sure to put a bit of thought into which plugins you’re activating.
7. Frequent Theme Changes
Themes are the attire to the WordPress site. Some feature-rich themes like the Total WordPress theme can be used in thousand different projects – each with a unique layout. A clean, well-organized theme will do wonders for your conversion rate.
It’s a common practice among novice bloggers (or site owners) to keep jumping from one theme to another. When it comes to WordPress, the temptation is just too much! You have thousands of beautifully crafted free themes – at your fingertips!
Naturally, new WordPress users won’t be satisfied with the theme they’ve installed and would tend to switch themes – in search of the perfect one. I remember the number of themes I switched while constructing my first blog – 27!
Here’s one piece of advice I wish I took:
There’s no such thing as the perfect theme!
Now let’s explore the “why” part.
The Technical Part
Just like plugins, certain feature-rich themes include additional properties such as custom settings, up-votes, ratings, etc. Storing these settings would require the creation of new tables or fields in your WordPress database. Similar to the plugins case, when you install too many themes, the same effect is carried forward. You ultimately end up having a cluttered database, with an increased query response time.
The Psychological Aspect
When someone visits your site, an image is automatically registered in his mind. If the quality of content and design is good, you earn one point in the visitor’s mind. When the same person visits your site again (at another time and sees the same design), his memory will be refreshed. You will then have scored two reputation points in his mind. This is how you establish your site’s reputation.
Now consider the alternative. Suppose you kept on changing your theme. If the visitor sees a completely different design in his second visit, his memory isn’t refreshed. Your previous impression is lost and a new impression is created. All your previously accumulated impression points are lost.
The Brand Factor
Finally, there’s the branding aspect. Every site or business must strive to establish their brand. Once you’ve established a brand name for your company, there’s no limit to your success. Take Elegant Themes for example. Their social sharing plugin – Monarch, got a tremendous response from the online community – right from the day of its launch. We must try to keep a single theme associated with our site/brand.
8. Installing WordPress In A Subfolder Called ‘wordpress’
Many WordPress auto installers like Softaculous install WordPress any way you prefer. Some folks think “Since I’m installing WordPress, I should install it in a proper (named) folder” No! That’s not right!
If you intend to run your site using only one CMS (WordPress), then you should always install it in the base directory – i.e. without using any subfolder. Think about it, www.wpexplorer.com looks way more professional than www.wpexplorer.com/wordpress
The only time you would create a different folder for a new WordPress installation is when you’re using a different CMS for your business portfolio and WordPress for the blog. Even in that case, a folder named ‘blog’ sounds much better than ‘wordpress’.
9. Using ‘admin’ As A Username
During the WordPress installation, the default username is admin. You must ensure that you use a different username. Leaving the default username to ‘admin’ is a serious WordPress security loophole, taking into account the recent bruteforce attack on over half the WordPress sites.
When you have ‘admin’ as the username, it gives hackers a free pass. Half their job (i.e. guessing the correct username) is done. All they need to do is use a series of bruteforce attacks to guess your password. Once done, they infiltrate your site, steal your client’s email address, payment logs and basically destroy what you’ve built for so long. If you already have admin as a username – don’t worry, I’ve made a tutorial specifically for this purpose – How to Delete the WordPress ‘admin’ Username.
10. Using Weak Passwords
This may seem like a silly point. But practically speaking, people still use a lot of vulnerable passwords. If they had used strong passwords, then Twitter would not have published a list of 370 banned passwords. A strong password should always have these three characters in them:
- Special Characters
I get it – it is impractical to remember this crazy passwords like 6efH&9sD2!LP. As a solution, we can use a free online password manager tool like LastPass, which has extensions for almost all web browsers, mobile operating systems, and a standalone Mac app. The principle is simple – you store all your complex passwords in this tool and have to remember only one password to access it.
Next week, we will discuss a couple of slightly advanced security aspects in WordPress and some general advice on using free and pirated themes and plugins.