Common Mistakes for New WordPress Users – Part 4

Updated April 27, 2021

Welcome to Part 4 of our series on Common Mistakes for New WordPress Users. If you’ve not already perused Part 1, 2 and 3, be sure to check them out first, as this is a continuation of those previous posts.


Not Compressing or Scaling Images

Page speed is determined by image sizes (most of the time). Showing a huge image only suitable for desktop users to someone on a mobile device and they’ll have to wait an inordinate amount of time for the image, and page, to load. Slow speeds due to images not being compressed and scaled to the appropriate device size leads to a very poor user experience and hampers search rankings bigtime.

While images can be compressed manually one by one, a much easier solution is to use an image optimization plugin like ShortPixel. If you only have a modest number of images to compress each month, it’s free. For busier sites, there’s a small monthly cost associated, though it’s well worth the investment.

Too Many Plugins

If some is good then more is better doesn’t apply to WordPress plugins, although if you asked many new users, they’d argue this one to the bitter end. The problem with installing more and more plugins is that the server ability to deliver pages quickly goes down with each installation.

Look at each and every plugin with a watchful eye and ask yourself if you really need that particular plugin. Uninstall any that aren’t necessary. Do not simply leave them inactive, but still present on the server, as these pose potential security risks.


Allowing Trackbacks and (spam) Pingbacks

Most commonly a tool used by spammers, trackbacks and pingbacks are great conceptually, but, when put into practice, open the floodgates for spam. When humans and search engines visit a site and see a deluge of trackback spam, odds are that their opinion of the site will go down as will the likelihood of any return visits.

To stop trackback and pingback spam cold, login to the WordPress admin panel, select Settings -> Discussion and then untick the box that says, “Allow link notifications from other blogs (pingbacks and trackbacks) on new articles.”.

Allowing Unmoderated (spam) Comments

The biggest mistake a new user can make, with regards to spam, is not moderating comments – by allowing users to make comments and see them instantly appear on the site without needing an administrator to approve them first. A spammy site is not one that’s going to establish a great reputation, build long term value for readers and be a lasting source of income and please.

To start moderating comments so that spam doesn’t automatically appear, login to the WordPress admin panel, select Settings -> Discussion and tick the box that says, “Comment must be manually approved…”.

Not Bothering with Basic Security Procedures

There are certain fundamental steps that site owners should take to make their site secure. Not doing these means the site is more open to being hacked or defaced, either of which means a tarnished reputation and money lost in the time to repair as well as conversions that get missed when a site is offline.


Operating a site without backups is playing with fire. Maybe you’ll never need them…. but if you do, wouldn’t it be better to have a dependable backup of the site? Of course!

The most obvious backup approach is choosing a provider that offers integrated backup systems, like KnownHost, which offers specialist WordPress hosting with automated backups.

The other approach to consider, in addition to the above, is installing a proven dependable backup plugin such as UpdraftPlus. Having a backup on your local machine is great for peace of mind, knowing the site could be restored with a minimum of downtime and frustration.


Themes, plugins and WordPress core files need to be updated regularly to protect against security threats. Failing to keep updated often is the way hackers break into WordPress sites. Getting hacked means going offline and losing money, period.

The most common method of overcoming this risk to new users is to set a manual reminder to login and check these things with the hosting account and WordPress admin panel. But not everyone remembers and not everyone does what their reminders tell them to do.

The more effective approach is to choose fully managed hosting, like KnownHost, where you’ll know that all the core files, themes and plugins are updated regularly to protect your website.

Security Plugin

Although too many plugins is bad, installing a good security plugin can make a site an order of magnitude more difficult to hack, making the security plugin a great idea.

Examples of top notch security plugins include Wordfence and Sucuri Security. You won’t want to install multiple security plugins, since they can interfere with one another (just like SEO plugins). Instead, choose one, spend a bit of time getting to know it and configure it to your liking.

Not Uninstalling Inactive Plugins & Themes

There’s a common misconception amongst new WordPress users that simply deactivating a plugin or theme will make it safe and free of any security concerns. This couldn’t be farther from the truth however. Inactive plugins and themes pose a security risk until the point at which they’re uninstalled. Failure to uninstall means an open door for hackers to do their dastardly deeds.

The solution? Anytime a plugin isn’t going to be used any more, deactivate it and immediately delete it. For themes, activate and test thoroughly any new themes, being relatively certain you’re going to use it for a good while, then remove the old themes so that they’re not left lingering about.

Not Using SSL for https://

An SSL certificate is what gives users of a site protection of their exchanges with the website server. Don’t have SSL? That means text is going back and forth unencrypted so that anyone in between could potentially read that text as clear as a bell. Getting and installing an SSL certificate is critical!

The easiest way to get and install an SSL certificate is to choose hosting like KnownHost which provides site owners with free SSL certificates. By selecting managed hosting, you’ll be getting experts who can install the certificates for you, leaving you to do what you do best – managing your site content and engaging with visitors.

Reusing Passwords / Using Weak Passwords

There’s no excuse for laziness when it comes to passwords. Do NOT. Do not re-use the same password for your WordPress admin account as you’ve used somewhere else. All it takes is one brute-force attack, lucky guess or compromised site online and suddenly you’ll find that someone else has logged into your account, compromised the site, changed your passwords and left you with a mess.

Use unique passwords. Use difficult to guess passwords. Treat them like they’re important, because they are important.

Using Default Username as “admin”

While not the most egregious of mistakes, keeping your default username as “admin” carries two repercussions. First, it makes hacking attempts much more targeted as hackers know exactly which account to start guessing the password. Secondly, it means when you publish posts you come across as the “admin” rather than a human with a name and a face.

For security purposes, it would be ideal if you created another user, granted them admin privileges and then reduced the permissions of the default admin user, so that someone could guess the password but still wouldn’t be able to do any harm to the site.

For publishing content, create a user account named in a human-friendly fashion. It would be better to see EditorMark or DavidDavis publishing than admin, so make use of the publisher account to build some recognition and notoriety.


WordPress users spend more time and money to buy and tweak their theme than any other area within the site design and function. Unfortunately some of the mistakes surrounding themes can lead to legal woes, content publishing pains and the need to do the same work more than once.

Buying a Complex Theme (without the skills to administer it)

There are some gorgeous themes for WordPress which have hundreds of built-in features. On paper, they look perfect for a new user who wants to have it all from square one. Unfortunately, when it comes to making all these things happen, appear on the page with style and connect in to other systems like banking, shipping and email – they require a WordPress expert if there’s to be any hope of them taking shape.

Try to crawl, then walk and finally run. An important part of creating a WordPress website is getting to know how things work, piece by piece. Trying to throw 100 new variables into the equation on day 1 is an open invitation to disaster. Go for a more straightforward theme and learn by adding the other functions one at a time. After you’ve reached a moderate level of expertise then go for a more complex theme.

Top tip: Install a new theme on a test domain and get to know it inside and out with test posts and not by trying it out on your “money site”. Then, when you’re ready to roll it out on the main site, you’ll have found the hurdles and seen how to overcome them first hand.

Buying a Theme Before Creating Any Content

Think of a theme the way you would a suit or a dress. Would you buy either of them without first knowing the size and shape of the person that they’re to fit? Choosing a theme without knowing the content means that any time a new post needs to be created, it will have to be built with the default post format styling, regardless of what you may have preferred to publish.

The moral of the story is for new users to publish a few articles on their site, or test site, and then choose a theme which could easily be implemented or adapted to include that content. Content first, design second.

Editing Core Theme Instead of Using a Child Theme

Making changes to WordPress themes is a necessity for all the but most easily pleased of site owners. We want new functions, features and to change the appearance. The problem is that new WordPress users tend to edit the core theme files, which then get overwritten anytime an update occurs and means their edits are gone in an instant.

Overcoming the core-edit-update problem means creating a child theme and then applying changes to it, rather than the default theme files. Check out our other posts and wiki topics for the steps to follow in creating a WordPress child theme.

Using a Non-Responsive Theme

Mobile first. There’s a reason Google is pushing everyone toward mobile first. It’s because more mobile devices are connecting to the web each day as desktop devices decline in number. Installing a theme without testing whether it’s mobile friendly means you’ll risk alienating the largest segment of your audience.

The solution is to choose a responsive theme that definitely works for phones, tablets, laptops and desktops. Most themes these days are responsive – but do not assume that your choice is mobile friendly until you’ve tried it with a mobile device.

Using Untrusted Themes from Outside the WordPress Repository

There are some sites, other than the basic website, which can be trusted. These include sites like Envato (ThemeForest). However, there are thousands of other sites which sell themes outside of and they cannot be fully trusted. Installing a dodgy theme can mean a lack of security, support or updates – all of which are painfully risky.

The best advice for new users is to stick to the theme repository or choose a theme with a huge install base. Millions of active users means a theme that’s well proven and a solid choice for new site owners.

Using Warez, Nulled or Pirated Themes

Intellectual property theft is still theft. Some new site owners aren’t aware of the fact that the theme they’re installing has come from digital thieves or that it is supposed to be bought and paid for with real money. Violating the rights of intellectual property owners (who have spent countless hours developing and perfecting a theme) is no small matter and can result in demands for payment, reputation damage and the embarrassment that comes with being caught red handed with your hand in the cookie jar.

There’s also a security risk associated with nulled scripts and themes. Hackers aren’t always being benevolent. There are times when they insert malicious code so that sites using the hacked software are given backdoors where they can later hack into them later.

Only buy themes through the WordPress repository or from a site you trust completely. Theme purchases should occur on the theme publisher website or a large reputable market like Envato. Don’t try to save a few dollars by using free versions of paid themes that have been nulled or otherwise pirated.

User Experience

Excerpts as Full Posts (not shortened)

Category pages are great for users to see a glimpse of what several posts are going to be about, without visiting each one at a time. New WordPress users tend to publish short posts and have categories echo the full post rather than a small (50 word or so) excerpt.

Changing the default excerpt length either means editing your theme settings, which could contain this as an option, or editing your child theme functions.php file and adding a function along the lines of:

add_filter( ‘excerpt_length’, function($length) {return 50;} );

By limiting the excerpt length you’ll find that users are able to scan multiple posts at once via category pages and that search engines won’t be detecting the category pages as containing duplicate content (because only small bits of content are duplicated).

Loading the Site with Many Ads

An occasional advertisement isn’t a problem. It’s expected. A site loaded with ads which are only separately by a few sparse paragraphs of content is a dealbreaker. Pop-ups are even worse. No use or search engine wants to see a ton of advertising sprayed across the pages of a site.

If you must use ads, do it sparingly. Do not put ads above the fold and do not show multiple ads per page. Your bounce rates, exit rates and search rankings will thank you for keeping ads under control.

Messy Navigation – Too Many Categories

Categories are meant to make content easy to find, especially within one or two clicks of the homepage. Creating tons of categories with 0 or 1 posts in each is not how categories are supposed to work. It only takes a couple of thin categories getting visits to users who then believe you have no content of real value, will result in high bounce and low return rates.

Start with a handful of categories and then, if necessary, consider adding subcategories. In most small to medium sites, a half-dozen categories can easily contain all the posts. It’s only when a main category is too high volume and general that it needs to be split into subcategories.

If you won’t have 3+ posts in a category or subcategory, within a short period of time, then odds are that you don’t need that extra level of complexity. Keep It Simple S…..!

No Signposting of Related Content

Related content is what web surfing is all about. If it weren’t for this, most of the internet would remain undiscovered, since people don’t know to look for it until they’ve first been exposed to it. Signposting related content is a great way to keep your audience engaged, informed and feeling like you add tremendous value to the space.

Within text content the easy solution is to text link from one post to another. By feeding their ongoing interest, your content linking will help search rankings as well as user page consumption.

The other approach is to use a related posts plugin like YARPP (Yet Another Related Posts Plugin). This will allow you to automatically insert links to related posts on your own site, each and every time you post a new bit of content.

Not Responding to Comments

The thing that sets a blog apart from a static HTML website is that a blog will have engagement in the form of comments. When a visitor makes a comment that begs a response, or asks a question, the site owner really needs to respond or risk looking like they have abandoned the site or don’t care about the audience.

Budget some time to regularly check on pending comments needing moderation, replies or questions where people need answers and generally budget time to manage the ongoing discussions with WordPress users.


Thanks for taking the time to complete Part 4 of our series on Common Mistakes for New WordPress Users. If you’ve not already read Parts 1, 2 and 3, then please take the time to check them out.

If you have any questions about WordPress hosting at KnownHost, just give our technical sales team a call. If you’re an existing customer and need a hand with the installation and configuration, then open a ticket for a Managed Services Administration team who will be glad to set aside the time to help you get things configured properly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.