The Most Frequent Mistakes Made When Managing a WordPress Website

Your WordPress website is ready and live online. Now you can start projecting a professional online brand, and highlighting your services or products for your business or organisation without any worries. Not really. Websites, just like a company head office, needs to be managed and maintained periodically. Otherwise, they can fall victim to hackers, open slowly due to broken links, or look obsolete if the design is not refreshed every once in a while.

Managing a WordPress website is an ongoing task. And it starts from the moment when the website is uploaded to the hosting server. Website management mistakes expose your website to the risk of being taken hostage or becoming infected with a virus which, in turn, infects your visitors’ computers.

In this blog post, we will take a look at the most common mistakes made by website owners and administrators. Although some of them seem minor and without a huge impact on the functionality of the website, they can hurt your SEO efforts and online brand reputation.

1. Ignoring Updates

WordPress is an open source website building platform which gets frequent updates. These are not just modifications created by developers who want to add more plugins, or functionality to their existing plugin; they fix bugs and vulnerabilities before a lot of hackers manage to exploit them. This is why website managers should always update to the latest WordPress, theme and plugin versions as soon as the notification appears in their admin.

Ignoring updates is extremely risky; you leave your website exposed to all types of vulnerabilities which hackers will exploit to their advantage, i.e. gaining control of your website. The sooner you apply updates, the safer your website will be.

2. Not Changing the Default Admin Username

When your website is created, WordPress creates a default username for the site administrator called “admin”. Many website owners never change it. Why should it matter if you have a strong password?

The problem is that hackers use many combinations of username and password during brute force attacks. If you continue to log in with the default username, you have solved a big problem for the hackers. After hundreds of thousands of combinations (which specialized software performs in a few minutes), they will eventually guess your password as well.

3. Not Customising the Favicon

The favicon is a tiny file in the WordPress website structure which most beginner website owners are prone to ignore. However, it is very important – it is like a business card of your website. This icon is displayed in the website address bar, next to the website name. For instance, on, the famous “swoosh” logo displays as the the favicon on this site.

You should use your company or organisation logo as the favicon, or any other graphic which is representative for your brand.

4. Not Moderating Comments

Comments are welcome on your articles and blog posts, as long as they create an engaging dialogue. However, not everyone plays nice on the internet. You will encounter abusive and vulgar language, direct attacks towards other people who commented on your website, and spam links leading to malicious websites.

As a general rule, comments should be subject to moderation before being displayed publicly on your website. It takes time, but it is the only way to make sure that you spot and delete inappropriate and spam comments.

5. Not Security Hardening Your WordPress Website

Just like a computer or smartphone, your website also needs to be protected against viruses and malware. There are many avenues for hackers to exploit a WordPress website in it’s default form, and therefore using the services of a professional to security harden your site is a must. If your are unsure if this has been done on your website or not, ask your web developer, and see if they can run a security audit for you. It is much easier to plug the security holes in your website, than dealing with the fall out once it has been hacked.

Of course, avoiding all these mistakes takes time. If you want to make sure that you avoid them without investing time every day to look after your WordPress website, the best choice is to opt for a service provider that can handle this for you, like Swish Web Care.