The WordPress backend can be dangerous ground to tread upon as a beginner. Anything that offers such power must also apportion responsibility to the user, which is where some people can go wrong when getting started.
Without wanting to frighten you too much, there are certain things you can do in WordPress that will just plain break it. On a less worrying (but also important) note, there are other things you can do that I would certainly advise against — whether it represents a potential security risk or simply something that has a negative impact on the user experience.
With the above in mind, in this post I want to cover five things that you must avoid doing in WordPress. With the following recommendations implemented your website will be far safer, reliable, functional and enjoyable for visitors.
1. Don’t Use the Code Editors
There are a couple of landmines contained within the WordPress backend; you can access them via Appearance > Editor and Plugins > Editor in the sidebar.
At first glance these editors are pretty interesting — full access to the back end of your website! Imagine the possibilities.
Imagine the possibilities indeed — with one wrong keystroke you can suddenly find your website well and truly broken:
I only had to remove three characters from my theme’s PHP files to completely change the complexion of my website as seen above.
But that’s not the worst of it — it is all too easy to accidentally disable access to the backend of your WordPress site, which leaves you with no immediate means of restoring order to your site.
Because of this I recommend that you only ever access and edit your site’s PHP files with an FTP application such as Filezilla (my personal favorite and WordPress.org’s recommendation). You should make a copy of any PHP file that you intend to edit before you start so that you can quickly switch back to a working version should you accidentally wreak havoc on your site. It’s far better to be safe than sorry!
2. Don’t Keep Deactivated Themes Installed
In my experience there are three types of WordPress users:
- Those who run a very tight ship
- Those who keep thing reasonably neat and tidy
- Those who have little regard for the backend of their site
If you fall into the second or third type then you should give careful thought to the themes you currently have installed on your WordPress site. I’m not talking about the active theme, but those that you have installed and deactivated.
Although those themes are deactivated, they still exist on your WordPress installation and any security flaws or vulnerabilities can still be exploited. For instance, the most famous of WordPress theme hacks is the TimThumb exploit, which continues to affect certain blogs to this day.
Generally speaking, if you use good quality themes and ensure that they are kept up to date then you shouldn’t run into any problems. However, if you have old themes laying unused on your site’s backend then my recommendation would be to delete them immediately. Due to its huge scale of utilization, WordPress is a big target for hackers. Don’t make yourself an easy target.
3. Don’t Use Your Theme’s SEO Functionality
This recommendation is less of a “you must do this” and more of a suggestion that I strongly urge you to follow.
Depending on what theme you have you may find that it has built-in SEO features. I advise that you avoid using these features for two reasons:
- If you ever decide to change themes then the SEO data within your theme may be lost (or difficult to extract)
- The free WordPress SEO by Yoast plugin has the best SEO functionality of any plugin or theme available
It’s a bold claim but one that it is generally accepted by some of the WordPress community’s most respected users and developers. For instance, as of 31st October 2012 WooThemes deprecated SEO functionality within their themes due to SEO by Yoast being “more beneficial” to WordPress users. WooThemes handing over the SEO reins to another developer is a bold sign of their faith in Yoast’s plugin and an indication of how loved it is.
If you’d like to know more about SEO by Yoast then check our guide on common WordPress SEO mistakes.
4. Don’t Categorize and Tag Prolifically
There are few things I cringe more at than the poor use of categories and tags within WordPress.
Let’s get one thing straight up front — categories and tags can both have a part to play on your website. Contrary to what some people believe, tags aren’t an antiquated taxonomy type that offers no relevance in the modern blogging era. Furthermore, categories are not there to be used and abused.
My favorite definition of categories and tags comes from Lorelle:
Categories are your site’s table of contents [and] tags are your site’s index words.
Now think about this — does the same text in a book show up in different chapters? Of course not. This format should be transferred to your blog. What I mean by this is that a post should rarely be allocated to more than one category. If you feel the need to allocate it to two or more, you probably have too many overlapping categories (7-10 is my rule of thumb for an optimal number).
Categories should represent the broad topics covered on your blog (e.g. “dinner recipes”) and tags should be more specific (e.g. “chicken”). Content should only be tagged when the tags in question are directly related and relevant to the content. Generally speaking I would say that you should only be using not more than 50 tags.
My point is this: both categories and tags should be used in order to benefit the user. That is their primary purpose. If you lose sight of that then navigating your site will become a troublesome experience. At the very least make sure that your categories are clearly defined and well-stocked. If you’re not sure how to tag then either read more on the topic or leave them alone.
5. Don’t Leave Comments Moderation On
I’ll end with a real pet hate of mine. There is nothing more frustrating to me when commenting a blog when I am confronted with the following message:
If you have to wait for your comment to be moderated before it goes live, do you feel encouraged to comment? Do you feel valued by the blogger? I’m guessing that the answer to both questions is no.
In my opinion, comments moderation represent a lack of respect on the part of the blogger for the commenter’s time and should be avoided at all costs. The funny thing is that you often find comments moderation on smaller blogs — rarely is it used on bigger ones (that are likely to receive more spam). I would speculate that it is because bigger bloggers know not to antagonize their most loyal supporters (i.e. those that comment).
In reality spam is not that big an issue — plugins such as Akismet do a great job of stopping most spam. I wrote an article here on WPExplorer about spam prevention. And when a blog gets big and receives a lot of comments, individually moderating each and every one becomes an unnecessarily huge task. Turn comments moderation off via the Settings > Discussion screen accessible from the sidebar.
What Do You Recommend Avoiding?
Above I’ve outlined five things that I think you should avoid doing in WordPress — from serious security flaws to pet hates. There are of course many more warnings and recommendations one could make about using WordPress which is why I want to open it up to you.
So tell us — what do you recommend that we avoid doing in WordPress to keep our sites safe and easy and enjoyable to use? Let us know in the comments section below!