6 Things I Tell My Friends About WordPress.org
I see the back end of a lot of WordPress installations. It’s always with shock that I see the pending updates, and with a bit of conern that I hear their answer to the question, “Have you backed your site up lately?” I’ve come to the conclusion that a lot of people are using the self-hosted version of WordPress (WordPress.org) who don’t have a clue about some of the very basics when it comes to setting up and maintaining a WordPress.org installation. So here’s what I tell my friends who use WordPress, the first things I check and change on a client’s WordPress site. It’s kinda like the “WordPress.org for Dummies”—except, if you’re using WordPress, you’re not a dummy.
1. Never use the “admin” username.
If you hired a web designer who set up your WordPress install and gave you the login username “admin”, fire them at once. “Admin” is the default username and the most commonly used in automatic hack attempts.
If you installed WordPress and gave yourself the default username “admin”, immediately create a new user with a more unique username. Then delete the user “admin”, assigning all your posts to the new user you made.
Plugin Tip: Install Limit Login Attempts to increase your security.
2. Your WordPress.org site does not automatically back itself up.
If your WordPress website is hacked or your host’s servers crash, you could lose all your posts and comments. WordPress.org installations do not automatically back themselves up. Your host may do a backup once a day or once a week, but you’ll want to check to be sure. And it’s still a good idea to make a backup on your own computer, external hard drive, or cloud server, rather than just relying on your host’s backups.
At the very least, choose Tools, Export, All Content once in a while so you have a copy of all your posts/comments on your computer. But that doesn’t backup the database (which stores all the information about how your site is configured) or the images you’ve uploaded to your site. For more detailed information, check out Amy Lynn Andrews’ post: How to Backup WordPress. But remember that no matter what automated backup solution you choose, no backup is as good as a manual one you’ve made and double-checked yourself.
Plugin Tip: BackWPUp gives you lots of options to automatically back up your posts, database, files, or all three, hourly, daily, or weekly, email them to you or store them on your server or another one.
3. WordPress installation, theme, and plugin updates are crucial for security.
You know the little icon that looks like a recyclable logo, that shows up in your admin bar with a number by it? That means it’s time to do an upgrade—and the number indicates how many items are ready to be upgraded. But the update icon should really be a bright red security alert, because having an out-of-date WordPress installation is like hanging out a welcome sign for hackers, advertising that you have all the latest security vulnerabilities. And good plugin authors are always updating their plugins to fix bugs and keep them working with the constantly changing world wide web, not to mention making the plugins more secure, as well. So when your WordPress dashboard tells you that updates are available, make that your first blogging priority of the day.
Do a backup, then upgrade everything that needs upgrading. But be careful doing theme updates—if your theme wasn’t customized correctly (with a child theme or custom CSS file), you could lose your theme customizations.
4. When it comes to plugins, less is more.
Each plugin you install can actually slow down your site if it is poorly coded. It’s easy to go crazy installing cool plugins, but less is really more. Don’t install a plugin if you don’t really need it. Choose a plugin that does three things at once (like giving you Facebook, Pinterest, and Twitter share buttons) rather than installing three separate plugins. Regularly check your installed plugins for those you really don’t need or use any more: deactivate them, and if you don’t miss them, delete them! (Click here for the list of plugins I always install.)
Plugin Tip: P3 (Plugin Performance Profiler) analyzes your WordPress install and lets you know which plugins are slowing down your site’s performance.
5. Use only popular, recently-updated plugins and themes.
There’s nothing worse than finding a cute theme only to realize that its author never updates it when WordPress changes. WordPress plugins are also vulnerable to security loopholes, so don’t install a WordPress plugin unless it has high ratings and has been updated not only recently, but frequently (take a peek at the changelog and stats for these details). You want to know that the author will actively work on improving and updating their plugin or theme to keep up with the latest WordPress features, not to mention keep it secure from hackers!
6. WordPress.org is for techies or for those who can hire techies.
WordPress.org is for novices who are willing to spend hours perusing the likes of wpbeginner.com and bloggingwithamy.com. Or for people who can afford to pay those who already know the necessary facts and codes. And don’t assume that you can just hire a designer for a one-time setup and design fee—you’ll most likely want to have someone on a retainer fee for future updates, upgrades, and changes if you don’t know your way around HTML and CSS or if things like plugin updates and database backups scare you.
Want the features of WordPress without the technical headache? Check out wordpress.com.
Plugin Tip: If you’d like to get the features of wordpress.com on wordpress.org, try out the Jetpack plugin.
Finding your site has been such a wonderful help to me in starting my new wordpress blog! You have saved me from my endless google searches and made me feel like I was making informed decisions regarding site set up. I’ve subscribed to your email list and if there’s anything I can do to encourage you to keep writing let me know! What a blessing you have been!
Following along and seeing you’ve taken care of most of this for me, of course. 🙂 Thanks for the heads up about the update–now I’ll know what that means when it pops up.
I’ve been meaning to browse through your site forever now at the advice of our mutual friend, Vicki Lucas. So I am finally here and realize I have the whole “admin” thing covered in point #1 of this post. HostGator is my host, so I am disappointed they assigned this username. Do I have to contact them to get it changed. WordPress won’t let me change it.
Thanks so much,
BTW, I have learned more in my short little browse on this windy Saturday afternoon than I have in months of tugging and pulling with my WP site. LOL! Thanks so much for sharing your expertise.
HostGator won’t set up or change your WordPress username for you–it just defaulted to that username when WordPress was installed on your HostGator account. To change it, you must first create a new WordPress user with a more unique username. Then delete the user “admin”, assigning all your posts to the new user you made (see screenshot in my post as well as this helpful post from Website Defender). Hope that makes helps! So glad you said hello. 🙂
I figured out what I was doing wrong. I needed to log out of the “admin” user and then log back in with the new user information. Then I could delete the “admin” user account.
Thanks for your help!
I recently started blogging and am hope/trying/praying that it will, with proper time and effort, help bring in some income. I know pretty much nothing about html, etc. To say that I am not techy would be an understatement. A good friend built my site for me in wordpress.org as a gift to help me get started. She is available to help me, but her time is limited and so I am trying to do as much research and work as I can. Right now, my head is absolutely swimming with information and I am feeling, shall we say, a bit on the overwhelmed side. . .
What do you recommend for folks like myself who can’t afford to hire outside technical help, have a tight time budget (I have 3 tykes 3 years and under, with number 4 on the way) and who are trying to do their best? What is are the most important elements to study and apply? Thanks so much for your time!
Hello Monique! Well, this series is a good place to start. 🙂 Hopefully it will help you get a glimpse into what you understand and what you don’t. Good organization of your blog, making use of SEO tools, and making your blog easy to follow are some of the most important places to start.
Great question… I was wondering, well, basically the same things. You are very well spoken and I would love to visit your blog sometime.
Also, Gretchen, thank you so much for the posts and advice. It is so greatly appreciated!