Sh*t You Shouldn’t Do in WordPress – a Starting Point


Kai Armstrong of ZippyKid gave a talk at the 2012 Orlando WordCamp and talked about the kind of things that you really should avoid doing on your WordPress sites. The points were fairly elementary, but for those new to WordPress, it’s certainly worth a look:

  • Don’t ever write changes directly to a theme. Create a child theme. Every time.
  • Don’t upload massive images unless you need them. Resize them to as big as you need them. Then compress them.
  • Remove unused plugins and themes. Update, update, update!
  • Never use the admin username. If you have a user called admin, change it.
  • Make sure your password is strong and unique.
  • BACKUP! You’ve got no one to blame but yourself if your site breaks, gets hacked or you suffer from a hardware failure, and you don’t have a recent copy of your site to restore from.
  • RTFM: if you have any questions about WordPress, start with searching the Codex. There’s a crap load of information there and chances are, your question will be answered there. Don’t ask for support if you haven’t done a couple of minutes of research first.

Like I said, nothing groundbreaking here, but a good list to start with before you start getting into bad habits.

15 thoughts on “Sh*t You Shouldn’t Do in WordPress – a Starting Point”

  1. I disagree with the child theme *always* point. It’s impossible to *always* do a child theme, if there is no parent. Most of my time doing theme development has been creating a theme from scratch using a base starting point. I will agree that a child theme is the correct way to go if you’ve purchased a premium theme or are using a finished free theme that is close to what you need but not completely there. I just don’t agree if you’re one who prefers to make the parent theme from the getgo.

  2. Robert says:

    At first, these tips sound simple, but they are crucial to protect your WP blog :) Hope WP site owners can read this post and don’t make silly mistakes on their websites.

  3. Ravi says:

    Do not hack the core.

    Do not download themes and plugins from not so reputed source.

    Here is my complete list of WordPress DON’TS

  4. Of course, Michael. But that´s exactly what Dave meant: He said “Don’t ever write changes directly to a theme”, so there you have the parent theme.
    If you create your theme from scratch this doesn´t apply (and of course that is no sh*t you shouldn´t do!).

    1. Thanks Luis, yes that’s the point exactly. Clearly, if you are creating a theme from scratch, then you don’t need to create a child theme. But if you’re making any edits to a theme, which is what most people do, then there is no excuse to not create a child theme and make the edits there.

  5. Matt says:

    Great article. I’ve been editing themes directly, so I guess I should probably learn how to properly create child themes so I don’t run in to any problems!

    1. Absolutely. That’s a no-no. Definitely go the way of creating a child theme.

  6. Jason Cyr says:

    Dave, just stumbled across your site for the first time and glad I have! I’m a new WordPress designer, mostly working with small businesses and small projects. I’m technically proficient but all self taught. I think like most of us, I have learned a few things the “hard” way. How do you handle any changes you make to a themes PHP? I do create child themes for all my projects but when it comes time to update a theme, I find I have to manually go and make the same PHP changes.

    Excellent blog, stoked I found you!


    1. Hi Jason,

      Not sure what you mean: if you’re creating child themes, there’s no need to make extra changes when the parent theme updates: that’s kind of the whole point of child themes. When are you saying that you need make changes again? And to what?

  7. Jason Cyr says:

    I’m talking about changing the actual PHP files for a theme…I understand how child themes handle CSS changes but if I make any small (or large) customization to a themes PHP files and I update that theme, my changes are now gone.

    Is there a way to make changes to a php theme file and maintain those changes when you update a theme? What I now do is look at the change log and only update a theme with the new, changed files by the developer. However, not all theme developers give great detail on what exactly has changed for the new version of the theme.

    Does this make sense?

    1. I think so, but I want to make sure that we’re on the same page. In a child theme, you can also create new PHP files that will take precedence over the same file in the parent theme. So if you want to change the appearance of single.php, you can just copy the file from the parent theme and paste it into the child theme, and then edit it. Then, when the theme updates in future, your modifications will again be kept safe for the same reason.

      The only issue with that is that if new functionality is introduced into one of these theme files (for instance, they add social sharing buttons in single.php), then your theme won’t adopt them, because your own single.php is overriding the updated file in the parent theme. So in instances like this, you would need to look for the changes in the parent theme file and copy those changes to your own version in the child theme.

      Hope that clears it up. I have another article all about child themes, which should help explain it a little more.

  8. Jason Cyr says:

    Ahh, that’s exactly what I needed to know! Cheers!

  9. Dan Thomas says:

    One other thing I would add is check your website speed after you add a plug in. I added what seemed like a simple ad insertion plugin to put some adds in posts and it slowed down my page load times by a factor of three. It took a while to figure it out once I discovered it and I am much more careful now when I add a plug in. I also now keep a log of changes I make to the site so if I notice something wrong I can start backing things out.

  10. Agree with every one of these, Dave, except searching Codex, the most horribly written documentation since Sony user manuals. First search if you want clearly written articles on how to really do it. If it’s not there, try some forums. But the WordPress forums have so much stale and irrelevant material, they are nearly as useless as Codex.

    1. The Codex is very useful, but because it’s community-sourced, it can be a bit omissive, and incomplete, but the information that is there is excellent IMHO.

Leave a Reply