Divi & WordPress make a lot of things easier – however, you should know and avoid these 15 mistakes
WordPress continues to enjoy enormous popularity. According to statistics portal Statista, WordPress was listed with a global market share of 63.9% in December 2020. In 2nd place was Shopify with 5.1%.
On the one hand, this awareness ensures that WordPress is now running on around one in three websites. At the same time, the design of a website is becoming increasingly easier with the Divi theme or so-called page builders. But there are also downsides: again and again WordPress websites are hacked and manipulated by attackers. In addition, constant further developments and new features ensure that there are more and more things to consider. In the following, we look at 15 mistakes that you should avoid at your Divi website or in WordPress.
Typical mistakes and smart tips for WordPress websites
Mistake #1: Default subtitle not changed
In some themes of WordPress the subtitle is not displayed. Therefore, many users of such templates think that it is not even necessary to adjust the page subtitle. This is already the first fallacy, because Google displays both the page title and the subtitle in its search results. No matter whether it is displayed when the web page is called up or not. The background is that Google and other search engines always index the subtitle of a page, regardless of whether an ad is disabled in the theme or not. Therefore, first go to the settings and change the page subtitle there in the “General” section.
Smart tip #1: Leave a website subtitle
Enter the following search query in Google: “Just another WordPress Site” and you will see how many websites with this error you can find. So take your chance, stand out and avoid this error.
Mistake #2: “Admin” set as username
One of the most common mistakes made are usernames that read “admin”. This is because WordPress automatically suggests to create the first user with the username “Admin”. Completely automatically, this user is also assigned administrator rights by WordPress. Often, very weak (simple) passwords are then also chosen. Ready is the security hole! Default username “Admin” and an easily decryptable password are wide open doors for potential attackers and hackers. 🥷🏻
Smart Tip #2: Assign strong passwords
Be sure to assign an unpredictable login name for your admin user login. Next, choose a complex password. We recommend at least 16 characters – including several uppercase and lowercase letters, numbers, and special characters.
Mistake #3: Publish blog posts with the author “Administrator
However, a complex password and an unpredictable username alone won’t help if you publish posts as an administrator. This is a friendly way to wave at attackers and hackers and explicitly point out that your website is easy to hack. After all, the crooks already know the user name. Finding the corresponding password is then often child’s play.
Smart Tip #3: Create additional user as non-admin user
Disguise your administrator username as much as possible and use it only for working on the backend. Be sure to create at least one additional user who has a role below the administrator. Then publish your posts using the subordinate user.
Error #4: No SEO plugin installed
You have relevant and good content, but it is not listed in Google search results for matching queries? Check whether you have installed an SEO plugin. Because this is an important component in your onpage SEO strategy that you should not forget.
Smart Tip #4: RankMath vs. Yoast SEO
Make sure you install an SEO plugin. We can recommend RankMath or “WordPress SEO by Yoast”. Rankmath offers more features and possibilities than Yoast in the free version and has therefore replaced the long-time top dog on our websites. After installation, be sure to enter the meta description and the SEO title for all your content. You will notice that even these small changes will help you rank better. In this overview you can see all the differences between RankMath and Yoast SEO.
Mistake #5: Uploaded too many images that are too big
To make sure your website uses not only good content, but also great graphics and photos, you want to include high-quality images. You should keep in mind that the more images you upload and the more disk space they occupy, the slower your website will load.
Smart Tip #5:
Edit your images before uploading and compress all graphics as much as possible. You can also reduce the pixel density. Graphics and images that are not needed for professional printing, but are used on the web, can be saved at 75 dpi or 150 dpi. The 300 dpi setting is only needed for printing image files. Also, be sure to use a compression tool (such as Imagify) on your website that will optimize your images again after uploading, giving you an additional ranking advantage.
Mistake #6: Loading time not optimized / did without caching
Do you currently do without caching? Don’t even know what that is? Then you should definitely read on, because you are wasting valuable loading time and server resources, which leads to numerous lost visitors. Brief technical background: WordPress is a dynamic, database-driven content management system (short: CMS). This means that the server queries data with each call, collects them, processes them further, puts them together and finally transmits the finished document – your website – to your visitors. This happens not only at the first website call, but at every single page and every image that the visitor calls up on your homepage. The loading time is also an extremely important factor for a good ranking in search engines. The Google Page Speed Core is particularly relevant here. This not only influences the ranking for desktop search queries, but has also been particularly relevant for mobile usage for some time. According to Google studies, 1 in 4 visitors will leave a website if it takes longer than 4 seconds to load. Moreover, 1 second delay in loading time reduces customer satisfaction by 16%. Quite scary, isn’t it? 😳 Wouldn’t it be great if you could shorten this time-consuming procedure and from now on you won’t lose any visitors because of too long loading times? This is exactly where caching comes into play. But don’t panic, you don’t have to optimize all the technical stuff yourself. NitroPack is a plugin that optimizes your loading times automatically, compresses your images (so you can save additional tools from tip #5) and improves your Google Page Speed Core. Often scores of 100/100 are achieved for desktop and mobile. Just by installing the plugin. Currently I even have a special offer for you. When you book a Nitropack plan you save 5% on the first invoice. You want to know beforehand which load time metrics of your website can improve and how? Just test it without obligation and completely free of charge here.
Smart Tip #6: Use the fully automated caching tool
For us NitroPack is the caching plugin of choice. It is easy to use and has performed best in our tests. In the following image you can see an example of how NitroPack can optimize the website www.nytimes.com. Pay special attention to the speed index on mobile. The improvement here is almost 8 seconds!
Error #7: Use default table prefix in WordPress database
The most effective way to protect yourself from a blog hack is to be unpredictable. Not only the admin name should therefore be changed individually, but also the default table prefix of the database on which the WordPress installation resides. A change is easily possible with many hosting providers during the installation of WordPress or afterwards in the wp-config.php file.
Smart Tip #7: Use custom table prefix
Choose a complex prefix that is hard to guess. Don’t worry, you don’t have to remember the prefix because it is automatically reused by the database. Therefore, you can choose it as complex as possible and you have made a successful further step towards secure WordPress website. Yay! 🥳
Mistake #8: Used dubious sources for downloading themes and plugins
Free is always good, because who wants to pay for something when they can have it for free. Therefore, there are now numerous sources where you can get premium themes completely free of charge. But be careful! Of course, among these offers there are also reputable providers where you can get great free themes. However, downloading a free template or even a copy of a premium theme can quickly result in a rude awakening. If you want to know how to recognize themes with broken code, I recommend you to read the article from WPMUDEV? In principle, however, we would like to urge utmost caution with free “super offers”, because there are countless horror scenarios where your website can become a victim of hackers and spammers due to, for example, malicious code. The same applies to plugins as well. So be careful when choosing the right download source. Smart tip #8: Buy from official vendors Buy your premium themes from official providers. And, if your wallet doesn’t allow it at the moment, go for one of the numerous providers on the market that offer excellent free themes – legal and without hidden pests in the code. By the way, you can get the Divi theme here.
Error #9: Deactivated plugins not deleted
As soon as you disable a plugin with a security vulnerability, you’re on the safe side, you think? Unfortunately no! One of the most common ways to gain access to a WordPress website is via gaps and vulnerabilities in plugins. Even if a plugin is not actively included in the system (i.e. disabled), these vulnerabilities can still be exploited.
Smart Tip #9: Delete all plugins you don’t use
Remove all disabled plugins from your server to minimize potential threats. Simply deactivating them is not enough.
Error #10: Do not customize permalink structure
Once the installation routine of WordPress has been executed, your website is ready. Often the change of the permalink structure is forgotten. Without adjustments through this, the linking of subpages in WordPress is implemented with GET variables. So you get addresses like “http://www.meine-url.de/?p123”. Even if this unattractive design should be ok for you, search engines don’t like this at all. Even worse, such a permalink structure can have a negative impact on your search engine ranking. Changing the permalink structure in WordPress is done within a few seconds – if your webspace provider allows .htaccess and mod_rewrite (but this is usually the case). If your hoster forbids these things, talk to the support of your service provider.
Smart Tip #10: Use individual link structure
Change the link structure of your website or WordPress blog under Settings > Permalinks. Always make sure that the permalinks are easy to read and remember, so that you have maximum success with Googel & Co.
Error #11: Too many (bad) plugins installed
Every installed plugin demands its load from the server. This means that each plugin you install slows down your site a bit and puts a bit more demand on the server. Quick question for you: how long do you wait for a page to fully load before you close the page while it’s building and switch to another provider? According to Google studies, 1 in 4 visitors will leave the site if it takes longer than 4 seconds to load. Your site visitors will feel the same way if your site takes too much time to load. In addition to possible losses in performance, plugins (as well as installed themes) also bring security risks. However, the number of extensions is not the biggest problem: a high number of plugins in combination with poorly programmed plugins is the main problem you should worry about.
Smart Tip #11: As little as possible, as much as necessary
Use a plugin only when it is really necessary and trust only reputable plugin sources. Check the reviews and installation numbers of each plugin. Do this before you install it. Install one plugin at a time and check the impact on your site after each installation. This way you can quickly identify performance killers and error sources and eliminate them from your website development in time. For example, you can also use the Performance Profiler WordPress plugin from GoDaddy to test your plugins and see which one has the most impact on the performance of your homepage.
Error #12: No regular backups created
When was the last time you backed up your website? Regular backups are important not only when testing WordPress updates. With any system, you can’t rely on 100% security – not in terms of hackers and also not in terms of technical defects. A failure or loss can hit anyone, including you. It is helpful to have a current backup at hand. Some providers offer automatic backups in some hosting packages. Others shift the responsibility to the user.
Smart Tip #12: Create at least weekly backups
From experience, we would not rely on the backup solutions included in the hosting package – depending on the hoster. Therefore, we recommend backup plugins such as BackWPup. This enables regular backup of the database as well as the complete website. The backups made can be uploaded to other servers or cloud services. In addition, the service ValuePress (now part of Jetpack) from WordPress manufacturer Automattic, offers the possibility to not only make backups in real time, but also to restore them to your server with one click.
Error #13: Ignore updates (for too long)
As with any software, there are regular optimizations and updates to WordPress. Usually the administrator is informed about available updates in the back-end. Of course, each core update brings certain risks and can in the worst case break the website. But ignoring updates is also the wrong way, because WordPress updates often include important (security-related) improvements in the background of the system.
Smart Tip #13: Regularly check for updates and update website
Ignore available updates only as long as necessary and as short as possible. But make a backup before every plugin, theme and system update. This is the only way to be optimally protected and prepared for worst-case scenarios.
Error #14: Incorrect website migration
Especially experienced users like to develop their WordPress website on a local machine. This saves them annoying upload times during development. However, the website must eventually find its way to a public server. With WordPress, this is possible with a few simple steps after an upload and database import to the target server. However, in order to now enable the full functionality of the site, some adjustments to the database are required. If an upload is only possible via FTP, the complete website must first be transferred to the server uncompressed. For this you should know that the basic version of WordPress alone already contains over 1,000 individual files. So bring time with you (depending on your internet connection), because even a few megabytes can lead to upload times of half an hour.
Smart Tip #14: Use automated migrations
Save a lot of time and hassle with the free Duplicator plugin. Similar to the BackWPUP plugin mentioned above, Duplicator also creates a complete copy of your WordPress website and database. Afterwards, an installer file is created. The thus created complete package now consists of only two files. Thus, an upload should be completed in significantly less time. The subsequent setup on the target server is then done using WordPress-Installer.
Error #15: Fill media library via FTP client
In the backend of your website you have the option to upload images and other files conveniently via drag and drop. If you only want to upload a few files to the server, this solution is adequate. However, if you want to upload a large number of images, multiple videos or other files to your WordPress library, you will quickly reach your limits with this method. All the content you upload to your website is stored in the /wp-content/uploads folder. So why not use an FTP client to fill the media library? This is possible, but you won’t be able to see the content on your website or find it in the media library. This is because WordPress expects files to be uploaded through the media library interface. For each media file you upload, meta information is created in the database. Files that come from outside the interface are therefore not recognized by the system and are therefore not available in the backend. But there is a solution and we’ll tell you about it in our last Smart Tip #15.
Smart Tip #15: Show missing images in media library
Here too we have a simple solution for you. The plugin “Add From Server” automatically fills your media library with the content that you have stored on the server via FTP, SSH or another transfer method of your choice.
Conclusion – these 15 WordPress mistakes you should avoid
We hope our article has given you a good overview of the most common 15 WordPress mistakes and you now know how to avoid them. Learning WordPress & Divi isn’t hard if you know what to look for. And that’s what Divi Fox is here to help you with. 🦊 Do you know more mistakes to avoid? Leave us a comment below