Never host a WordPress site on a non-WordPress host
If you do so in many cases it has been observed that performance of such sites hardly touches their optimum level as they ideally would if hosted in proper WordPress hosts.
Avoid leaving unwanted white spaces in your code
This is a bad practise. It can sometime cause your site to end up with a White Screen of Death, without giving you any typical WordPress generated error info. You will often be find yourself in hard time figuring out what actually went wrong! It is recommended that you get rid of unwanted white spaces in your code.
Always keep your Plugins updated
It is strongly recommended that you keep an eye what plugins have released updates and go ahead updating them as and when they are available. With every updates plugin developers make sure that more security has been incorporated into it along with some other stuffs. By not doing or ignoring available updates you are actually making your site more vulnerable and exposed to hackers. However, there are times when updating plugins may cause your site to behave abnormally. So to be in a safer side, take a full backup of your site before you actually go for an update.
Always keep removing Inactive Plugins
Allowing inactive plugins to sit inside your CMS again makes your site more exposed to hackers. So it is strongly recommended that you remove all Inactive plugins. This also improves your site’s performance. Greater the number of plugins in your CMS lower is the performance.
Plugin Compatibility with WordPress version and Choosing the right one for your site
WordPress community is huge across the globe and evidently there are thousands of contributed plugins available for you to choose. At times, you may get overwhelmed to see that you have multiple plugins available for doing the same task. In such a situation you should see Plugin reviews, rating, number of downloads and obviously whether it is compatible with your current WordPress version.
Every plugin has its own page on WordPress.org and you can go there to check the above information. One more thing is very important to look at: Last Update date. Plugins with closest update date means it is under continuous monitoring and development. Such plugins are always recommended to use in development. In case of doubts you can always contact the plugin developer via WordPress community forum.
Never use plugins which are not updated since long, even if it runs OK with your current WordPress version. Such plugins lack security measures and might result into a site hack!
Disabling Debugging tools and scripts on Production
You must remove all plugins or disable scripts which you have used for debugging in your development environment before you move your site to production. It is never recommended that your site runs with Debugging enabled on production server. What you can do however, is to enable logging debug message in a log file and can refer it any time you want.
Do not Block your site to be accessible by Search Engines
It is crazy to set a site’s privacy settings so Google or other search engines cannot reach your site. By doing this you are only making it hard for your target customer and potential traffic to find and visit your site. You are creating a roadblock for yourself. So not letting Search Engines to reach your site will not do any good for the site at all – irrespective of your site’s quality, content and other stuffs.
Use the latest WordPress version always
At the time of writing this article WordPress has released its 4.8.1 version, which is the latest and claimed to be stable as well. It is strongly recommended that you always use the latest version of it. You may find it difficult at times, specially when working on an existing project which was built with a lower version. But apart from such scenarios, using the latest version is always the best practice.
Communicate directly with Plugin Developer
This is always a good and effective practice to contact plugin developer directly for any issues rather than searching for a solution elsewhere. This should be your first choice. If you do not get a timely reply from developer, you can then go for communities like Stack Overflow, WordPress Forum and so on.
As mentioned earlier checking Last Update date for any plugin before you download is very important. If you see the plugin is not being updated for a long time, you may keep this aside and search for another similar plugin which suits you need. It is very likely that you won’t get your question answered from the developer if he plugin is not under continuous development. On the other hand, if you are using an active plugin, placing your issues or questions directly on developer’s desk makes sure that your issue would be taken care of and you get your desired output.
Also it benefits other developers as well who are using the same plugin. Do not hesitate to contact plugin developer. He would always be happy to fix issues that may have come up!
Choosing the right platform
There are two platforms you can choose from – WordPress.com blog and Self-hosted Installation of WordPress. The .com version is suitable for bloggers who are very much engaged in writing and posting write-ups while a Self-hosted installation is the right platform for those who wish to have more control over the platform, not just the content.
Default Permalink – Do not neglect it
WordPress installs a number of default Permalink structures with it. Many beginners do a common mistake of simply ignoring this these default permalink structures. You must immediately change to something more SEO friendly, so that the post URLs look more professional. Once the URLs are SEO friendly, the pages will be indexed properly and in a faster way in search engine database.
Do not use Default Username – “admin”
Always change default username and also if possible keep changing in a certain interval regularly. When WordPress installs it gives you the option to change the default username, which is “admin” and you should immediately change it to something more secure. A secure username can be 10-12 character long consisting of lowercase alphabets, uppercase alphabets and numbers. By leaving username as “admin” you have compromised you site’s security to a great extent and exposed it more towards hacking!
Choose the right theme – make search engines happy
This may sound a bit odd but choosing wrong theme for your site can decrease the chance of your site to get properly indexed in search engines. A theme should reflect the central idea of your website and this is exactly search engines likes to see as well. Use of a proper theme will always give you more breathing space and make search engines happy!
According to the report published by bgr.com on November 02, 2016, it is seen that mobile internet usage had surpassed that of desktop for the first time and it is an upward trend! So it is very important that your site is built keeping mobile and hand-held devices in mind and it must render very well in smaller devices like mobile and tabs.
My recommendation is you develop your site layout for mobile first and then make necessary changes for desktops. Search Engines index a site separately for mobile and desktop, so it is very important to keep this in mind. There are many contributed themes available for WordPress but I recommend you to first check it for mobile devices with contents placed before you go further into the development and suddenly find yourself at point of no return! Twitter Bootstrap is a popular framework built for this purpose and gives you out-of-the-box flexibility to use their built in classes to make your site responsive easily, which you can use to build your site or if you are familiar and well-versed with Media Queries, you can use that as well. If you want to know more about Media Queries you can check out Responsive Web Design – Media Queries.
WordPress Coding Standards
Most WordPress beginners make the following mistakes:
- Do not follow or reluctant to follow WordPress coding standards
- Copy-Paste without knowing real impact of the code
If you are new to WordPress but want to become a better WordPress developer it is strongly recommended that you read about WordPress Coding Standard first before you actually begin. And for all your issues and problems the first place you should look into is nowhere other than WordPress Codex.
Create Child Themes
This is probably one of the mostly discussed item in WordPress world. Almost all WordPress beginners start their projects by downloading contributed themes from huge WordPress theme directory, which is absolutely fine. Even an experienced developer do this. But in most cases it is observed that beginners make changes to the original files of the theme, which is never recommended. You must create a child theme off the original theme you have downloaded and make changes there. A child theme folder is typically named like parentthemename-child.
If you make your changes to the original theme files, and then you have to update the theme to its latest version you will lose all your changes! But creating a child theme makes sure that all your hard works remain in your child theme folder and at the same and you have the latest update of the theme in place.
There are many other small areas which you can take care of for a nice and smooth secured WordPress website but I hope the above items will give you a good platform and understanding to start with. WordPress is one of the most popular and loved CMS solution across the globe. So it is recommended that when you are doing development, you should be well aware of the basics about this system. Once you get the basics going right for you, its time for you to dig more into it and gradually getting into more complex areas. At the end all I can say to become a better developer and stand out in the crowd, there is no alternative above learning and implementing. So, first you learn then use it.