WordPress is beautiful in its simplicity. Easy to set up, easy to operate. In fact, it’s so simple that people forget content management systems of this kind are also susceptible to flaws. They are the same flaws every time, crippling WordPress sites and leaving the door open to attacks.
Just another WordPress site and other WordPress flaws
Millions of websites feature the friendly sentence “Just another WordPress site” in the page title and subtitle. And yes, it is kind of annoying to see it every time. But at the end of the day, WordPress is free, and it’s free advertising for the platform. Maybe you should opt for a theme without a subtitle at all? Nice idea, but it will still appear when you search for the page. Don’t sweat it though, because it’s easy to fix: Go to Settings > General and then give your page a sensible subtitle. Done!
The proud administrator
Many hackers take great pleasure in WordPress’s habit of suggesting the user name ‘admin’ for the creator of the site (as its first user) and granting them administrator rights. If you do not change the user name (and compound your error by choosing a very weak password like 123456), you can’t complain if your blog is hacked ten times in the first week. Even if you are the administrator and are writing posts, set up a separate user name for yourself. You should only use the admin user account for back-end purposes – use your personal one for writing content.
You’ve installed WordPress. You’re ready to go. But you quickly notice that something isn’t right: the sub-pages of your blog are linked via GET variables by WordPress as standard. This would be fine, except ‘?p=123’ does not look particularly inviting as a sub-page name. Furthermore, Google has trouble reading something meaningful from this code. That’s why it’s best to set up your own permalink structure with meaningful links right off the bat. You can do this in Settings > Permalinks. We recommend that you select targeted key words rather than the text creation date.
Be wary of suspicious themes and plug-ins
Have you been offered free premium themes? That’s fantastic! But watch out: it could be too good to be true. Some providers have simply copied premium themes. Others have even integrated malicious code into the packages. It’s a veritable paradise for hackers and spammers! So be careful. Buy your favorite theme from a serious provider. And if you don’t feel like paying for themes, there are serious providers of high-quality, free themes – some even have responsive designs. Wise up and do your research. It’s worth it. The same applies to plug-ins: download them from official stores.
A bit more on plug-ins
Every plug-in installed puts an additional burden on the server and slows down loading times. But it’s not just the number of plug-ins that does this. So here’s what to do: only use plug-ins that you really need. And only use plug-ins from trustworthy sources, i.e. ones that actually work. Read as many reviews as possible and get a good impression of the plug-in. And don’t load them all at once – do it one by one to find out which plug-in is sucking the life out of your website. Actually, there is a reliable (!) plug-in for this: Performance Profiler WordPress. It shows you which plug-ins are a drag on your site’s performance.
Your WordPress site uses “salts” and “keys” that authenticate logged-in users and their end devices. To ensure that session cookies and a particular session cannot be used by others (as they could be in the past), these encryption barriers have been included in the login data. WordPress has set up its own generator for creating salts and keys at https://api.wordpress.org/secret-key/1.1/salt/. Copy the keys generated into wp-config.php. You’re good to go.
Just like the admin name, predictable index prefixes for the MySQL database are like an early Christmas present for hackers. For WordPress, this prefix could be wp_. The prefix is very easy to change during installation or afterwards in wp-config.php. And if you don’t want to write the code yourself, you can use the “Change DB Prefix” plug-in.
Speed up your site with caching
Each time your page is accessed, the server retrieves data from the database. It collects, processes, renders and finally transmits the complete document to the site visitor. This happens for every visitor and for every new page! Caching can be used to skip the entire procedure and send the complete document in one step: database requests are cached and entire pages stored as static files (like HTML files). There are many different caching plug-ins that you can use to make your website quicker – from the highly complex W3 Total Cache to the simple, streamlined Cachify.
Up-to-date = safe
WordPress is being further refined and improved all the time, from user interface optimization and security upgrades to increased speed and the elimination of bugs. So make sure to keep your WordPress site up to date. And because nothing is certain in this world, make sure to back up your data (especially before updates).
Now have a great time with WordPress!