Tutorials UPDATED: 30 June 2023

Common Mistakes WordPress Developers Make

Tassos Antoniou

14 min read

It’s very easy to slip into bad habits when you are doing the same kind of work day after day. WordPress developers are no exception! As such, it’s good to sometimes reflect on how you are working and whether there are avoidable mistakes you’re making on a regular basis that could come back to haunt you. In this article we take a look at some of the common mistakes made by WordPress developers. How many can you spot that apply to you?!


After perhaps years of trouble free work with WordPress, security concerns can sometimes fade into the background. Big mistake! Whilst WordPress is inherently secure, it does rely on the end user (you) keeping things in shape to ensure it remains that way.

Ignoring Updates

Unless you’re a very diligent person you’re probably guilty of ignoring an update… or several of them! If you’ve yet to get into trouble because you ignored either core or theme/plugin updates then count yourself lucky. It’s imperative that you do religiously update your theme files and plugins plus of course your WordPress core.

Outdated plugins are a well known culprit on a variety of issues related to low performance, broken functionality, and can even cause downtime and crashes. 

Security threats evolve and so should the defence against them. Plugin developers release updates occasionally to fix bugs and to close security loopholes. This is the main reason why you should update them as soon as the new version is out there. You can also enable automatic updates for all or some of the plugins.

And for much the same reason it’s super important to keep your WordPress core and themes up-to-date.

So, for something that is relatively simple to do, why do so many developers neglect this critical component of WordPress maintenance? Well, the likely No.1 reason is that updating a WordPress site can sometimes break it. If you have a live site with a lot of traffic this is obviously something you don’t want to do! The problem is, the longer you neglect to update themes/plugins/core files, the harder this ultimately becomes. This is where using a managed WordPress host (like Pressidium) can really come into its own.

Not only do we take care of core updates (and in doing so try our best to ensure that these won’t break your site) but we offer a reliable, easy-to-use backup system as well as staging servers. Both of these mean you can update with confidence. You can either take a backup (a couple of clicks from your Dashboard will do it), update your site and check the result. If something has gone wrong, a couple of clicks will revert your site back to its pre-update stage. Alternatively you can quickly clone your site to a staging server, perform the updates and test these there and then push these updates live. Either way, updating can now be done with complete confidence.

Using ‘Orphan’ Plugins or Themes

Even if you always keep up-to-date with themes and plugins, it is possible to jeopardize your security level if your extensions are not carefully selected. 

When searching for any theme or plugin, make sure you’ve checked the ongoing status of its maintenance as some can be neglected or abandoned by their developers. This makes them much more vulnerable to attacks/and or more likely to break your website. 

You can check the status of plugins downloaded from the WordPress plugin repository by looking at the status section on the right hand side as shown below.

Key things to check are “Last updated”, “Active installations”, “Tested up to” and “Rating”. The number of installations can also be a useful metric to gauge trust in the plugin… the more installs the better!

Unknown Resources 

Occasionally websites are infected because the developer has used so called ‘nulled themes’ or plugins. 

A Nulled plugin or theme is an extension that has been further modified by someone other than the official developer(s). The plugin licence will also have been removed so that it can be used without any limitations. That means that it can be further customized (possibly a good thing) or compromised (not good!).

Try our Award-Winning WordPress Hosting today!

The point here is that such extensions are not found in the official library for a reason. They can frequently be infected with Malware and can ultimately cause a lot of damage to your site. They’re also questionable from a moral perspective. A nulled plugin in many regards can be regarded as stolen. The licence has been removed and it’s being offered for use by a third party (not the developer) for no fee. That’s hardly fair on the developer who worked hard to create the plugin in the first place.

Always make sure you download from the official libraries.

Using ‘Admin’ as Your Username

It’s hard to believe but yes, this still happens! And WordPress developers should know better! It shouldn’t need repeating but DON’T use ‘Admin’ as your username! Usernames should be hard to guess and a unique one ideally should be used for each site that you build/manage.


We touched briefly on the topics below when looking at updating your site. Read on to find out if you’re making the most of the tools available today to keep the management of your sites as safe as possible.

No Backups 

A lot of people in this industry have not realized how often websites are under attack, even if they are not popular or of a high traffic, and this is the reason many still neglect the importance of backing up their website periodically.

Fortunately, the WordPress plugin library provides a variety of solutions that can help you backup your website, unless of course your hosting provider offers automated backups like we do at Pressidium.

It is well worth comparing the backup solutions available. Backups can save you a ton of grief and they are so easy to do these days, there can be no justification for not taking this simple step to keep your website safe and secure especially when maintaining, updating or developing a website.

No Staging Environment

Speaking of mistakes on maintenance and development of a WordPress website, we ought to mention staging environments. 

Many new developers don’t seem to realize how useful it is to use a testing/staging environment when modifying a website in any way, even during typical stuff like updating plugins.

It is the safest way available to apply any type of changes. You pull a copy from the live site to the testing/staging environment, do your updates or development, test it and if everything works as expected, push back and replace the live version with the improved one. No worries about downtimes, no frustration at all.

One of the main reasons customers prefer advanced hosting solutions like Pressidium is that things like staging environments are built right in with no plugins needed making them super easy to use.


A lot of issues around WordPress development can arise when the correct coding standards are not applied. Although it can be time consuming, it’s important to keep on top of that latest changes in coding and to apply these to your work.

Knowing WordPress Standards

WordPress provides PHP, HTML, CSS and JavaScript Coding Standards for anyone who wants to either develop the platform or create/customize any theme or plugin or other component. These are particularly important when multiple developers will be involved in a project.

Following those rules, you make sure that what you leave behind is as user-friendly and readable for any developer that may choose to extend or take over your work.

Host your website with Pressidium



You want them to be able to understand how all the languages and technologies used are written and communicate with each other. This is the baseline for collaboration that WordPress follows since it was founded.


Are you one of the many developers that spend hours trying to troubleshoot bugs while dealing with downtime on a site? If so, it is time to better appreciate the debugging tools available to you. 

WordPress offers debugging options that will display all the PHP errors and warnings, even the notices about deprecated functions you are not aware of using.

Under the root folder of your installation, you will find the wp-config.php file. Open it with your favorite editor and find the line

define('WP_DEBUG', false);

Set the value to ‘true’, if not already set, and add the following lines right after  /* That's all, stop editing! Happy blogging. */ 

// Enable Debug logging to the /wp-content/debug.log file
define( 'WP_DEBUG_LOG', true );

// Disable display of errors and warnings
define( 'WP_DEBUG_DISPLAY', false );
@ini_set( 'display_errors', 0 );

// Use dev versions of core JS and CSS files (only needed if you are modifying these core files)
define( 'SCRIPT_DEBUG', true );

WP_DEBUG_LOG works only if ‘WP_DEBUG’ is set to true. What it does is saves all errors in a debug.log file for you to view in real-time or at a later date. 

The location of the file depends on the value you set. If it is set to true, then the location is the default, under the wp-content folder. Otherwise you can set desired location instead of the true value like this:

define( 'WP_DEBUG_LOG', '/tmp/wp-errors.log' );

The WP_DEBUG_DISPLAY, if set to true, displays the messages inside the HTML of pages.

For more information on this WordPress debugging, please visit the official documentation.

NOTE: These features are not meant to be used on a live site, but in a testing environment.

Not Using Child Themes

As we have explained in our article on child themes, child themes are used so that customizations on layout, styling, and functionality of the parent theme are not lost when you undertake any theme updates. 

Using a child theme however is something that many developers neglect to do, preferring to directly modify the parent theme. Because changes have been made to the parent theme they are then reluctant to update the theme files in the future. Bad idea!

Modifying WordPress Core Files

Another questionable behavior that is sometimes seen is the direct modification of the WordPress core files.

WordPress has provided functions and filters that should be used when you want to override the core functionality. Doing this means the core files are kept intact as they are meant to be.

Besides, even if you succeed in directly editing the core files, these changes will be lost when you next update the core in much the same way as happens with theme files.


While customizing or extending the functionality of a website, WordPress developers often need to use some custom queries or to include the URL of a file in their code. 

To do either of these things, there is the ‘right’ WordPress way that can be followed. Unfortunately some people tend to deviate from the right way and use hardcoded values.

You may for example choose to use a query like the one below to count users:

$user_count = $wpdb->get_var( "SELECT COUNT(*) FROM wp_users" );

This however won’t work correctly if, for some reason, the table prefix changes. That is why you always have to use the built-in wpdb class to access the database.

global $wpdb;
$user_count = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->users" );

Likewise, if you ever need to use custom fonts for example, and enqueue a script you should not hardcode the URL. Instead you should use functions like this:

function my_custom_fonts() { 
    wp_enqueue_style( 'my-custom-fonts', get_template_directory_uri() . '/assets/fonts/open-sans/open-sans.css', false );
add_action( 'wp_enqueue_scripts', 'my_custom_fonts' );

You can check the official documentation to see what function should be used in what case.

Not Disabling Indexing During Development

Another mistake that can cause a lot of trouble is when a developer does not prevent search engines from indexing the website while it is still under construction. This may even lead to being penalized by Google as it can find duplicate content while migrating the website to another server.


We all know the benefits of a fast website. Speed and performance however can be neglected during the development process to the detriment of the final site.

Too Many Resources

Using too many plugins is probably one of the most common mistakes WordPress users and junior developers make.

It is wise to try different plugins until you find the one that suits you best, but always remember to use as few as possible and clean up the plugin list by removing the deactivated/unused plugins prior to launching your site.

Loading Unoptimized Images

Another aspect that is often not taken into consideration is image optimization. Because most of us get to enjoy fast internet connections even large images can appear to be loaded pretty quickly. Despite this, it can significantly affect the performance of your site and have a major impact on mobile users.

Always try to use the correct images sizes, and definitely optimize your images with a compression tool, unless your hosting provider offers a better image smacker for this purpose.

In case you are not familiar with what permalinks are in WordPress, it is simply how your website’s URLs are structured. When permalinks contains keywords, they are more SEO friendly which can improve your search engine ranking. 

When creating a post in for example, the default permalink WordPress creates for that post will look something like this: 


In this example 541 is the post ID. This is what you see in the browser’s address bar when you visit the post in the front end. It doesn;t look great and, as mentioned, isn’t optimal from an SEO perspective.

Instead, WordPress allows you to enable permalinks which can be configured to display the url in various ways. For example, if you use the post title in the permalink you would now see a url that looks like this:


This looks MUCH better is the type of URL that can help boost your search engine rankings.


The theme you use should be responsive across all devices, and most importantly on mobile as more than 50% of site visits now come from mobile devices.

WordPress themes are by default mobile-friendly, but developers must take care not to compromise this mobile functionality when customizing them.

Use the right tools, like the Chrome developer tools, to consult and modify your CSS accordingly so that you get the best out of your design for everyone.

Choosing the Wrong Host

You can have the perfect website but run it on cheap servers and the experience will be ruined for your users… and probably for you as a developer as well! Cheap hosting is cheap for a reason and your websites deserve so much more. Premium WordPress hosting can help ensure your site loads quickly, can handle bursts of high traffic, stay secure and normally come with a range of tools such as automated backups and staging servers that can make your life so much easier as a developer. If you’re in any doubt about what kind of hosting to use, make sure you check out our article ‘What WordPress Hosting Should I Use?‘.

Start Your 14 Day Free Trial

Try our award winning WordPress Hosting!


See how Pressidium can help you scale
your business with ease.