WordPress is a CMS (Content Management System) that allows full user management of your website. It powers more than 30% of all websites, making it the most widely used CMS globally. Many of the websites you visit run on this platform, as it is both free and powerful. But if you own a WordPress website, here are some essential tips you should know.
I’ve been working with WordPress since 2012 when I founded this blog. I’ve learned a lot through it, and I now use my experience professionally as a WordPress developer. Here are some of the most important tips every WordPress owner should follow.
1. Updates are essential
WordPress is open-source, just like the Android operating system, Mozilla Firefox browser, or VLC media player. This means it’s free to download, modify, and share. The advantage is that developers can read and edit the code. The downside, however, is that it may be more vulnerable to attacks if not properly maintained.
That’s why it’s crucial to always keep WordPress and all its plugins updated. Using outdated versions makes your website susceptible to known vulnerabilities. I’ve had to clean malware from compromised websites multiple times – in most cases, simply keeping everything updated would have prevented it.
2. WordPress has system requirements
For your website to run smoothly, your server needs to meet certain technical requirements – such as the PHP version, database version, and so on. These depend on your hosting provider. To ensure your site runs flawlessly with the latest WordPress version, your hosting should support at least:
- PHP version 8.3 or greater.
- MySQL version 8.0 or greater OR MariaDB version 10.6 or greater.
- HTTPS support
I can say with certainty that the WordPress web hosting from WordPress webhosting from Websupport.
3. Free themes can be risky
WordPress is free, you can download free plugins that allow you to add functions. Often, however, some plugins are designed so that you have to pay if you want more extensibility. Some themes are also done this way, the author is constantly updating his theme if someone buys the full version of the theme. But what about themes that don’t have the option of expanding to the full version? It often happens that these themes remain out of date for several years, and then very little is enough to make your website vulnerable.
The worst thing you can do is to download, or have a “programmer” add a theme that has been downloaded from the Internet, the so-called nulled theme. These are usually with a small script that either captures something, has an exploit in it, or you’re lucky and it contains nothing. But even that is difficult to update, and here we get back to point no. 1. I would definitely not start an e-shop on a free theme, as WooCommerce itself has regular updates, and if the theme remains still and you update your WooCommerce, there may be malfunctions.
4. You should have an SSL certificate installed
If your site is still running at http: // instead of https: //, you should fix it by July 2018. If you use web hosting such as WebSupport, then you have the opportunity to use a free SSL Certificate called Let’s Encrypt. In July, websites without https and also your website will be marked as unsecured by a warning at the website address in the browser. The SSL Certificate is thus no longer only necessary for every single e-shop and every single company that has a website, but it also applies to ordinary sites, and blogs. An SSL certificate has several advantages:
- Your website will be marked with a handle and “safely” will be displayed next to it
- Your website will be higher in Google search
- Your website will not be able to be exploited by a Man-in-the-middle attack, thus protecting yourself, as well as your customers who log on to the website
If you have any problems with deploying the https protocol, feel free to contact me.
5. Websites have to be protected
What I wrote above is true, you need to update WordPress whenever possible. But additionally, the WordFence plugin should not be missing from your website, it is very helpful when searching for malware. It regularly scans files and notifies you of out-of-date plugins, it also checks each file for malwares, and notifies you. Its free version has several other benefits:
- Notifies of the login of website administrators
- Limits the number of incorrect password entries
- Blocks spam addresses from abroad that try to log in to your website
- Blocks the entry of vulnerable parameters that could allow attackers to gain access to the website
However, WordFence needs to be set up very well, because sometimes it can be a big burden for the website, as it can use the full max_memory_limit and thus slow down the site.
6. Use a child theme for customizations
I often face the situation that a website was created for a client, and adjustments were made directly in the theme. This has two solutions only, to leave it at that and wait until WordPress and other plugins are updated and bugs come up and edits are deleted, or a child theme is created. So basically the child theme is a derived theme that uses its modified php files, and loads those files that are not modified from the original theme. This step is intended for more advanced users, but if you want to intervene in a programmed theme, you should definitely create a derived theme for smoothness and updating. Especially when updating WordPress.
Other recommendations
Naturally, there are still many things you should know if you have a website, whether it runs using WordPress or not. These include e.g. checking the consent to the processing of personal data in the form, SEO settings, site maps, not displaying errors, having properly secured chmod settings, caching, etc. But this is more challenging for the user and administrator of the WordPress website. However, you can have your WordPress website checked by a professional to avoid problems with the website.
