Guest Contributor: Laura Stamey from


As with most things, building and growing an online business or website is not a linear process. Progress is measured in waves, with crests and troughs awaiting you in equal measure. Like a sailboat tacking against the wind, entrepreneurs, developers, and site owners need to frequently change course to adapt to the various forces at play.

Many websites find smooth sailing with WordPress, the incredibly popular content management system that powers more than 28% of all websites. Users appreciate the platform for being a cost-effective option for publishing a well-designed website without having to learn how to code, but the massive open-source platform can challenge novice site owners with seemingly constant maintenance, security, and optimization tasks.

Overall, however, WordPress makes running a website remarkably easy—but the system needs your help to run at peak performance and have the most impact for your website or business. Here are five of the most common WordPress traps to look out for when navigating the occasionally choppy seas.



1. Understand What You’re Getting Into


When setting sail on a new website, WordPress’s popularity makes the platform a natural first choice to organize content and customize how the site looks and operates. Before you even get started, though, WordPress presents a snag: Do you want or

Put simply, WordPress is a blogging platform that comes in two flavors: a software-only version that needs to be installed on a separate web hosting account, and a browser-based system where WordPress takes care of the hosting and technical setup. Both options are free, but—the latter option—restricts certain features and functionalities.

Even though there’s slightly more work involved and room for error, I prefer and recommend the route. Self-hosted WordPress involves manually installing the software and taking full responsibility for technical components along the lines of security, maintenance, and backups.

Although that obligation can leave your site vulnerable to human error or malicious attacks, much of the nuts-and-bolts requirement can easily be accomplished by signing up with a reputable hosting provider. A few top web hosts—Doteasy included—even take care of installing WordPress and the subsequent updates, in addition to providing automatic backups, a domain name registration, security tools, and knowledgeable WordPress experts for support.


2. Help WordPress Move Faster and Smarter


Even hard-core coders have a love/hate relationship with WordPress. According to StackOverflow’s 2017 developer survey, only 35.5% of developers said they loved WordPress, compared to 64.5% who dreaded using the system. The inherently flexible CMS can never seem to shake complaints of slow page loads and a bloated codebase.

Whether the concerns are real or imagined—or, most likely, somewhere in between—you can improve site performance and, in turn, user experience, by optimizing various settings and installing tools to streamline WordPress operations.


Image by ludinko/ via


Before diving into WordPress, though, make sure your host isn’t hampering your attempts to increase your site’s speed. Upgraded hosting plans that are equipped with high-performance solid-state drives, or SSDs, maximize speed and efficiency and can make a noticeable difference in how quickly your WordPress site loads. SSD plans can be somewhat more expensive, however, so do some research to see if SSD hosting is the right fit.

Once your hosting hardware is optimized, turn your attention to the WordPress software and the content you’re adding. For starters, adding a caching plugin will speed up your site by storing and serving up dynamic HTML files to visitors instead of loading all the various scripts and code from scratch every time. Otherwise, there are several ways to shrink heavy image files and select quality themes and plugins to minimize resource consumption.


3. Don’t Take Security for Granted


The popularity of WordPress makes it a major target for attacks. The prevalence of the platform presents ample opportunity for automated assaults on sites that don’t follow best practices. Roughly half of compromised sites are accessed through an insecure theme or plugin, while about 40% of successful attacks are attributed to a vulnerability in the hosting environment or WordPress platform.

Even though securing a website can be quite technical, intimidating, and expensive for small business owners, learning what to look out for and making a few minor adjustments can have a major impact. Many security concerns can be mitigated by updating the WordPress core program, themes, and plugins (more on that later), for example.

Another approach is to fortify the WordPress login or access point. Until WordPress 3.0 was released in 2010, the CMS automatically configured new sites with a profile using the username “admin”—cutting attackers’ work in half because they only had to guess the password. WordPress now cautions against the admin username, but it remains a sore spot for uneducated users. Avoid that username, along with weak passwords like “123456” or, yikes, “password.”

You can further safeguard your login page against brute-force attacks by installing plugins that limit the number of login attempts or introduce two-factor authentication. The latter requires two ways of proving your identity, often combining a password with a code sent to a mobile device. WordPress provides more information on two-factor authentication and recommends a few plugins, while I like to use Loginizer for the additional protections.


4. Stay on Top of Theme, Plugin, and Platform Updates


Yes, site development and creation is a long, arduous process. You might feel a sense of relief or accomplishment when you finally get everything set up and designed just the way you like it, but that’s not the time to sit back and admire your handiwork.

Every new release of the WordPress platform, themes, or plugins typically improves or adds features, boosts performance, and fixes bugs or vulnerable weaknesses. Fewer than half of all WordPress sites, however, are running the most recent version of the CMS—meaning roughly 55% of websites using one of the internet’s most popular technologies are counting on compromised software with known security risks.

Since WordPress 3.7, the platform offers the option to automatically update core, plugin, and theme files as they become available. This solution is a windfall for most casual and professional WordPress users, taking care of a tedious task without a second thought. Although larger business sites and those with more technical customizations could potentially face compatibility concerns with automatic updates, activating that configuration is usually an overwhelmingly positive step forward.


5. Be Patient and Keep Learning


WordPress is often lauded by experts, myself included, for being a beginner-friendly web design and publishing tool. The truth is, however, everyone struggles to make their first website with a new program.

I like how Morten Rand-Hendrickson, the Senior Staff Instructor behind many WordPress and web design courses at, describes how WordPress is incorrectly described to new and prospective users: WordPress is not easy. But learning WordPress is.

Websites take a long time to get just right. In fact, I’d argue they’re never truly finished. Temper your expectations and be ready to work. Spend the time to understand what needs to be done and why those measures are prescribed—a strong foundation and understanding leads to clean code, a secure website, engaged visitors, and ultimately, a successful website.

Laura Stamey writes, designs, and develops for as a Contributing Editor. The HostingAdvice team boasts more than 50 years of combined experience building and scaling personal projects and industry-leading websites and applications.