Question

What are major WordPress Concern you faced when you are working on Wordpress?

What are major WordPress Concerns you faced when you were working on WordPress?

what problems have you faced when developing applications or web on WordPress such as security issues, core web vital issues or any functioning issues?


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
July 14, 2024

Heya,

Here are my top 3 concerns I have with some solutions:

1. Security Issues

WordPress, being the most popular CMS, is a prime target for hackers. Common security concerns include:

  • Vulnerable Plugins and Themes: Outdated or poorly coded plugins and themes can introduce security vulnerabilities.
  • Brute Force Attacks: Attackers often try to guess usernames and passwords to gain access.
  • SQL Injection and Cross-Site Scripting (XSS): These are common types of attacks on WordPress sites.

Solutions:

  • Keep WordPress, plugins, and themes updated.
  • Use security plugins like Wordfence or Sucuri.
  • Implement strong passwords and two-factor authentication.
  • Regularly back up your site.

2. Performance Issues

Performance can be a significant concern, especially for high-traffic sites.

  • Slow Load Times: Can be caused by unoptimized images, excessive plugins, or inefficient code.
  • High Server Load: Can occur due to inadequate hosting or poorly optimized queries.

Solutions:

  • Use caching plugins like W3 Total Cache or WP Super Cache.
  • Optimize images using plugins like Smush.
  • Choose a good hosting provider.
  • Use a Content Delivery Network (CDN).

3. Compatibility Issues

WordPress updates can sometimes break compatibility with themes or plugins.

  • Plugin Conflicts: Plugins can conflict with each other or with the theme.
  • Theme Issues: Updates or changes in themes can cause layout or functionality problems.

Solutions:

  • Test updates in a staging environment before applying them to the live site.
  • Choose well-supported and regularly updated themes and plugins.
  • Keep a backup before making significant changes.
Bobby Iliev
Site Moderator
Site Moderator badge
July 13, 2024

Hello,

I will try to focus purely on the Wordpress side of things, but of course, having a secure server is also extremely important.

Here are some of the things that I could suggest:

The basics:

  • Always update WordPress to the latest version Security is arguably the most important reason why you should keep your WordPress website up to date. You really do not have any excuses for not updating your WordPress version as this can be done with just a click of a button and it only takes a few seconds/minutes.

  • Keep an eye on your plugins I would strongly recommend to keep the plugin count to a minimum and always keep your plugins updated. More often than not attackers are able to gain access via an outdated plugin. I would also suggest deleting any plugins that you are not using

  • Delete any themes that you’re not using Quite often people would install a few themes and just leave them on the site disabled and outdated. This opens up a lot of vulnerabilities so I would suggest just deleting any themes that you do not use and just have your active theme installed.

The power of the .htaccess file - Here are some nice .htaccess rules that you could use in order to protect your site, this takes only a few minutes to copy and paste these rules into your .htaccess file so I strongly suggest that you add at least some of them.

  • Protect your wp-config.php:
<files wp-config.php>
  order allow,deny
  deny from all
</files>
  • Secure your wp-includes folder:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
  • Protect the .htaccess
<files ~ "^.*\.([Hh][Tt][Aa])">
  order allow,deny
  deny from all
  satisfy all
</files>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
  • Disable directory listing
Options -Indexes
  • Disable all php files in your uploads folder. This one is a bit more specific as you should not add it to your main .htaccess file. Upload a file called .htaccess to the root of wp-content/uploads with the following line:
<Files *.php>
  deny from all
</Files>

Protect your wp-admin area

  • Use 2FA - For example, you could try using the Google authentication plugin.

  • Enable limit login attempts - This would protect you against brute force attacks.

  • Enable reCacptcha - Generally speaking, this would protect you against any kind of bots.

  • Last but not least - Use a complex unique password for your admin user.

I hope that this helps and if anyone has any other suggestions please feel free to add them below!

- Bobby

Source

alexdo
Site Moderator
Site Moderator badge
July 15, 2024

Heya,

This is a really good topic regarding WordPress. On top of my mind comes issues with compatibility like:

  • Plugin Conflicts: Different plugins may conflict with each other, leading to functionality issues or even site crashes. Thorough testing and using reliable plugins can mitigate this.
  • Custom Development: Customizing themes and plugins can sometimes lead to issues, especially after updates. Using child themes and adhering to WordPress coding standards can help.
  • Database Optimization: Over time, the WordPress database can become cluttered, leading to performance issues. Regular database optimization and cleanup are necessary.

Also when you’re tied on using paid theme from a vendor some features of the theme and the plugins will be paid and unless you subscribe you might wont be able to make some deep changes on the functionality and the site’s appearance, so this is something you should definitely keep in mind.

Regards

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more