WordPress WordPress

6 Things You Should Know If You Have a WordPress Website

WordPress is a CMS system, or content management system, that allows you a full user management of your website. It powers more than 30% of all websites, which basically makes it the most used CMS. A lot of the websites you visit are powered by this content management system, as it is free and complex. But here are some tips you should know if you have a WordPress website.

I have been working with WordPress since 2012 when I founded this blog. I have learnt a lot thanks to it, I currently use my experience as a WordPress developer. Here are some of the most important tips that you should follow.

1. Updates are important

WordPress is open-source licensed, similarly to the Android operating system, the Mozilla Firefox browser, or the VLC media player. This means that they are free to download, you can edit and share them. The advantage is that the source code can be read and modified by the programmer. The disadvantage, however, is that it is easier to break, to find a fault and thus jeopardize safety.

Therefore, it is extremely important to always update the WordPress system, as well as the plugins that complete the functions of the website itself. If you use an old plugin, an older WordPress, your web is now vulnerable to at least one of the exploits. I’ve had to deal with a malware on websites multiple times, so it’s best to update your website to prevent subsequent site malfunctions, data loss, or data theft.

2. WordPress has its requests

In order for your website to run as it should, it is first necessary to meet the most basic conditions – PHP version, MySQL database version, etc. Most of the conditions depend on the server, i.e. the web hosting you use. Basically, for a hassle-free website with the latest WordPress version, you should have your web hosting set up as follows:

  • PHP version 7.3+
  • MySQL version 5.6+ or MariaDB version 10.1+
  • HTTPS support

I can say with certainty that the WordPress web hosting from WordPress webhosting from Websupport.

3. Free themes pose a risk

WordPress is free, you can download free plugins that allow you to add functions. Often, however, some plugins are designed so that you have to pay if you want more extensibility. Some themes are also done this way, the author is constantly updating his theme if someone buys the full version of the theme. But what about themes that don’t have the option of expanding to the full version? It often happens that these themes remain out of date for several years, and then very little is enough to make your website vulnerable.

The worst thing you can do is to download, or have a “programmer” add a theme that has been downloaded from the Internet, the so-called nulled theme. These are usually with a small script that either captures something, has an exploit in it, or you’re lucky and it contains nothing. But even that is difficult to update, and here we get back to point no. 1. I would definitely not start an e-shop on a free theme, as WooCommerce itself has regular updates, and if the theme remains still and you update your WooCommerce, there may be malfunctions.

4. You should have an SSL certificate installed

If your site is still running at http: // instead of https: //, you should fix it by July 2018. If you use web hosting such as WebSupport, then you have the opportunity to use a free SSL Certificate called Let’s Encrypt. In July, websites without https and also your website will be marked as unsecured by a warning at the website address in the browser. The SSL Certificate is thus no longer only necessary for every single e-shop and every single company that has a website, but it also applies to ordinary sites, and blogs. An SSL certificate has several advantages:

  1. Your website will be marked with a handle and “safely” will be displayed next to it
  2. Your website will be higher in Google search
  3. Your website will not be able to be exploited by a Man-in-the-middle attack, thus protecting yourself, as well as your customers who log on to the website

If you have any problems with deploying the https protocol, feel free to contact me.

From July 2018, Google began displaying non-https sites as insecure. Source: Google

5. Websites have to be protected

What I wrote above is true, you need to update WordPress whenever possible. But additionally, the WordFence plugin should not be missing from your website, it is very helpful when searching for malware. It regularly scans files and notifies you of out-of-date plugins, it also checks each file for malwares, and notifies you. Its free version has several other benefits:

  • Notifies of the login of website administrators
  • Limits the number of incorrect password entries
  • Blocks spam addresses from abroad that try to log in to your website
  • Blocks the entry of vulnerable parameters that could allow attackers to gain access to the website

However, WordFence needs to be set up very well, because sometimes it can be a big burden for the website, as it can use the full max_memory_limit and thus slow down the site.

6. Adjustments should be done in the child theme

I often face the situation that a website was created for a client, and adjustments were made directly in the theme. This has two solutions only, to leave it at that and wait until WordPress and other plugins are updated and bugs come up and edits are deleted, or a child theme is created. So basically the child theme is a derived theme that uses its modified php files, and loads those files that are not modified from the original theme. This step is intended for more advanced users, but if you want to intervene in a programmed theme, you should definitely create a derived theme for smoothness and updating. Especially when updating WordPress.

Other recommendations

Naturally, there are still many things you should know if you have a website, whether it runs using WordPress or not. These include e.g. checking the consent to the processing of personal data in the form, SEO settings, site maps, not displaying errors, having properly secured chmod settings, caching, etc. But this is more challenging for the user and administrator of the WordPress website. However, you can have your WordPress website checked by a professional to avoid problems with the website.

About me

Michael Šubák

I have been writing on my blog since 2012. I write about IT, Android, VR, Xbox, PC manuals, and the like. Since 2014, I have also been writing about VR in a web magazine about virtual reality. I create websites, e-shops, customized solutions, website editing, and so on. I´m a WordPress freelancer.

Subscribe to new posts