8 Rookie WordPress Mistakes You Don’t Want to Make

Purchasing from links in this article might provide a commission to this site. We only share resources we use, trust, and believe would be of value to you. Full disclosure.

If you are new to WordPress, there are some things you should know about working with this extremely popular content management system. Don’t make the same blunders that some beginners make. Here are eight WordPress mistakes to avoid when you get started.

1. Choosing a bargain hosting provider

Shared hosting companies make a lot of slick offers: Unlimited bandwidth! Free email and domains! They seem offer everything you’d need, and only cost a few bucks a month. Well, if it seems too good to be true, it usually is.

Many web hosting companies cram hundreds of websites onto their individual servers. This is a great way to save the hosting company some money, but if one of those sites gets big or has a traffic spike, it crowds out all of the others. If that big site happens to be yours, it could crash because you’ve quickly overrun the space on the shared server.

Don’t force your website to live in a crowded space.

Managed hosting services like BigScoots, Flywheel or WP Engine put far fewer sites on their servers so no matter how much traffic it gets, it will never bring down or interfere with others. Keeping fewer sites on one server means the server can dedicate more of its bandwidth to quickly serving requests for your site.

Related: First Steps to Creating Your WordPress Website

2. Using a weak admin login name and password

WordPress is an extremely popular platform for building a website, and because of this, it’s also a regular target for hackers. A lot of attacks against WordPress are really just robots making brute force password cracking attempts, where they guess the admin password to a site over and over again until they get it right.

Picking a weak password for your WordPress admin panel, like your daughters name or a common word is never a good idea. Use a longer password that includes some numbers and symbols, like P1n0cc#10 or Gr33n3gg$&h@m.

It’s also important not to use a default WordPress username, like “admin” or “administrator”. Set your user name to your name, your nickname, or even better, the name of your favorite aunt’s dog. (If you already have your administrator username set to “admin”, create a new administrator-level user with a safer login name, then delete the old “admin” user profile.)

In the event that your site does get compromised, there are many tools and companies that will fix your site for a fee, such as Wordfence or Sucuri. But if you avoid rookie mistake #1, a managed WordPress host like Accelerated WP or WPEngine will handle your site’s security, and if by some small chance your site should happen to get hacked anyway, they will be able to quickly fix it for you.

Related: 8 Easy Ways to Protect Your Website from Hackers

3. Not changing your permalink structure

The URLs of the content you publish on your WordPress website are known as permalinks. Permalinks are what people enter into their browser address bar to view one of your pages, and what search engines and other websites use to link to your website. Permalinks are very important.

WordPress permalink settings can be found in the main settings menu of the WordPress admin area. They look like this:


WordPress automatically enables the default or “Plain” numerical permalink structure after you install WordPress, which is not user-friendly. It is much better to refer a visitor to a URL such as http://www.yourwebsite.com/big-news-story/ than http://www.yourwebsite.com/?page_id=54367.

Search engines also prefer you to use “friendlier” URLs that include a postname, and in fact, the keywords in a postname permalink can help you get better ranking for those terms. Here are the best permalink structure options:

Post Name (/%postname%/ -> www.yourwebsite.com/big-news/) – Post name generates short memorable URLs. This is the best permalink structure if the content on your website will still be relevant for many years to come (also known as “evergreen” content).

Category and Name (/%category%/%postname%/ -> www.yourwebsite.com/sports/big-news/) – Category and name is a hierarchical structure of content on your website and ensures that visitors know what category they are viewing. It also stuffs the most keywords into your URL than any other option; which can be great from an SEO point of view.

Day and Name (/%year%/%monthnum%/%day%/%postname%/ -> www.yourwebsite.com/2016/07/01/big-news/) – News websites can publish dozens of articles per day. That is why most websites with a high posting frequency use the day and name permalink structure. It ensures their page URLs contain the year, month, and day, that an article was published.

If you do not frequently publish to your site, and if you’re content is evergreen (such as reference posts, recipes, photography, etc.), you don’t want to use dates in your permalinks.

Month and Name (/%year%/%monthnum%/%postname%/ -> www.yourwebsite.com/2016/07/big-news/) – Month and name is another popular choice. It generates URLs that are two characters shorter than day and name.

Whichever permalink structure you choose, choose it before you publish anything to your site. Changing your permalinks later requires careful redirection of all your posts and pages because it will break all the links other people have made to your site.

4. Installing tons of plugins

One of the most powerful aspects of WordPress is ability to be extended to meet your needs. There are many really great plugins out there that will accomplish almost anything you want them to.

However, there are also a lot of poorly written and maintained plugins available as well.

Please don’t treat the WordPress Plugin Directory like a candy shop and install every plugin that looks cool. When you’re& looking for plugins, make sure that you know where they’re coming from and have a good understanding of how reliable and maintained they are. The ratings and number of installations the plugin has (in the description in the plugin directory) are good indicators.

Once you find a plugin you think you want to use, ask yourself, “Do I really need this plugin?” “Can I accomplish what this plugin does in a simpler way?” If the answer to these questions is no or maybe, don’t install the plugin.

Plugins can easily conflict with each other or your theme, and break your site. Too many plugins can also really slow your site down, so make sure every plugin you use is one you truly need, and one that has good reviews and regular updates.

5. Installing too many themes

When you are creating a new WordPress site, it can be tempting to install a bunch of new themes to try out on your site until you find the look and feel you want. This is fine, just make sure to delete any themes you aren’t using once you are done “playing dress up.”

Once you’ve settled on a design, the only themes you should have on your WordPress are your main site theme, any child theme required to customize the main theme, and Twenty Fifteen (a default WordPress theme) as a backup.

Extra themes you aren’t using take up space on your server, which can reduce your storage and bandwidth, and can also provide a vulnerable place for hackers to pry into your website.

As a side note, beware that you get what you pay for when it comes to themes. Free themes are not always coded well, are not usually supported if you have troubles, and sometimes they can even come with malware that will compromise your site!

If you can afford it, choose a well-coded, well-supported premium theme from a company like Astra, StudioPress or Theme Forest, or have a web designer create something custom for you that you will really love.

6. Not updating WordPress, themes and plugins

When a WordPress site is compromised by hackers, it is often because the site is running an old version of WordPress, or an outdated theme or plugin.

Because of this, it’s critical that you update your WordPress site, your theme and all of its plugins to the latest versions within a week or two of their release. WordPress core updates will occasionally release security updates as well, because a vulnerability was discovered. These should be installed immediately.

Many managed WordPress hosts, including WPEngine and Accelerated WP, will automatically update WordPress for you, giving you peace of mind and ensuring that your site is always secure.

7. Uploading images without optimizing them

Images are one of the largest web resources that load on a page. Huge, high resolution photos will slow a page load to a crawl. It’s important to squeeze your images down to the smallest size you can before you upload them to your site.

To start, make sure that your images aren’t wider than your maximum page width (if you have one defined). For example, if your blog has a main centered column that is 800px wide, you’ll want all of your images to be 800px wide or smaller. That way, even at the largest size, they fit neatly within the outlines of your site and aren’t wasting extra memory.

Always upload an image at the width that you plan on displaying the image on a page. If you have a 400px wide space available, don’t upload a 1600px image and scale it down to fit. You can reduce your image size with software such as Photoshop, PicMonkey, Canva, or even Preview on a Mac.

Once you’ve scaled your images to the correct display width, you can compress them to make them even smaller. It’s easy to batch compress your images before you upload them to WordPress, using apps like Tinypng.com, Imagify, or ShortPixel.

These applications will take any type of image and make it as small as possible without losing any quality. Just drag your (already scaled) images into the software, and they’ll automatically compress them and save them back into those files.

There are a bunch of great WordPress plugins that can also handle image compression, though you usually get a lot more reduction in file size if you compress your photos before you upload them. A plugin really should be a last resort (See rookie mistake #1).

Each of these have WordPress plugins that will compress your images as you upload them to WordPress. Both plugins also batch optimize previously loaded images so if you’ve already published a bunch of images that weren’t optimized, you can compress them, too. Beware though that image optimizer plugins can sometimes break your site, and always do a backup before you use them.

If your website is new, however, get yourself off to a best-practice, fast-loading start by properly sizing and compressing your images before upload from the very beginning.

8. Not setting up regular backups

On any website, things can go wrong. Software can break, plugins can fail, lines of code can have errors, and hackers can get in. This is why it is so important to keep regular backups of your site, and to take a backup of your site before you make any major changes, like adding plugins or changing themes.

You can install a third-party, premium backup service like Updraft Plus, Vaultpress or BackupBuddy to take nightly or weekly backups. Or, if you have your site hosted on a managed wordpress host like BigScotts or WPEngine, they will take automatic nightly backups of your site for you.

WPEngine also lets you take backup “snapshots” at any time, and make instant one-button site restorations if anything goes wrong.

Avoiding these eight WordPress mistakes will both ensure your new WordPress website gets off to a good start, and prevent any future problems down the road.


  1. Katja

    Thanks, Dawn, for sharing your blogging wisdom. If only I had known some of this when I first started. I have had to pay my VA many hours to go back and fix things after the fact. You are simply the BEST!

    • Dawn Gifford

      Thanks, Katja! I made some of the same mistakes when I started, too. I hope this post will help others avoid all the time we spent going back to fix things!


Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Pin It on Pinterest

Share This