Hey there WordPress wizards, Anuoluwapo Olabode Oludare here, the brain behind Olabode Consulting Services Limited (UK) and Bodecraft Strategic Consulting Services Limited (Nigeria).

I'm a conversion-led WordPress Website Developer and Designer with 8 years of working experience developing WordPress websites before establishing my consulting agency. And of those 8 years, I have never had a record of any of my clients' websites being hacked and I've helped many clients restore their brand image after their website was hacked and their domain red-flagged by Google.

So today, I want to share with you 7 common but serious mistakes you make as a WordPress super admin, page-building expert, or Website developer and designer. Let's proceed!

Mistake 1. Using a bad hosting service and a bad domain name registrar

Clients are always on a budget, and like to have cheap websites, I get it. But when something goes wrong, you'll bear the blame.

If there's anything to cut costs on, it's not good Hosting.

The hosting service you use to develop the WordPress Website is like the foundation of that website. You have to take your time and do some research about what kind of hosting service would help you provide value to your client.

Settle for a Budget-Friendly and very good hosting service like Hostinger and if the client can't afford it, go for Namecheap. Avoid Godaddy like a plague.

At Olabode Consulting, we use Hostinger Cloud Hosting for our client's websites.

Mistake 2. Using a Soft and Simple WordPress Admin Password

Setting up your WordPress website dashboard using admin as username and a very simple password. A bad password or simple password is a bad idea.

But thank goodness even browsers or the software you're using to install WordPress or to set up the hosting account will yell at you for using a very simple password when you try to.

You can simply use the Avast antivirus random password generator to generate a military-grade password that even you would find difficult to remember.

Then save the password to your Google account through your Chrome browser or to your Microsoft account through your Microsoft Edge browser and you're good to go.

Using a bad password is like opening the back door of your house in a hostile environment and expecting a thief not to come in.

As a WordPress Website developer, you have to be alert every time and this starts with what you use as the admin password for the account.

Mistake 3. Not Setting Up an SSL certificate on the Website immediately after installing WordPress

While you can add an SSL certificate to the website during or after development, from experience, I've learned that the best practice is to install SSL from the onset.

I mean after purchasing the domain name and hosting and connecting both with the hosting service nameservers and installing WordPress, the next thing you do is to install SSL before installing themes, and plugins and uploading any content be it images text, or video.

The reason why you need to install an SSL certificate immediately after setting up the domain name, connecting with the hosting, and installing WordPress is so that the website you're building will be built on a secured foundation, and all the files will be protected as you build the website. The files would be in HTTPS not HTTP which means to browsers that the website is secured and safe for users to use.

SSL is not an optional accessory; it's a must-have. Install it right after connecting your domain and hosting, and build your website on a secure foundation.

Mistake 4. Using self-signed SSL certificates

I know you would be like SSL is SSL and as long as it shows HTTPS, not HTTP.

I want to tell you SSL is not SSL. Not all SSLs are created equal. It's not just about the ‘s' in HTTPS; it's about winning the online battle against fraudsters, BOTs and so much more.

Self-signed SSL is okay for maybe side projects or something that falls in that category but for production websites, going out there to challenge competitors and win over some percentage of the market share, just any SSL won't cut it.

And that's why I always recommend using military-grade 3rd party SSL companies like CloudFlare. It has so many features and functionalities that you, your client, and the website will benefit from functionalities such as BOT stopping, faster website loading via CloudFlare CDN, and so on. You don't get these from a self-signed SSL certificate.

Mistake 5. Using heavy Images and Not converting the images to Webp format

Webp renders faster than jpg, jpeg, and PNG although Avif is currently the fastest; it usually comes in a premium plugin or paid solution.

Remember, always run the images through Webp from scratch when you set up the website. This way, you'll be getting a fast-loading website straight off the bat and won't need to spend much time optimizing the website load speed from scratch again except if there are other improvements to work on like the CSS, JS, HTML, and overall page weight.

You can install a free plugin that lets you convert the images to Webp format automatically after uploading images. A good example is the Converter for Media plugin. It's free, effective, and easily converts PNG and jpg to Webp. The paid version of Converter for Media comes with the ability to convert your images to the AVIF format.

Mistake 6. Not installing a cache plugin

Installing a cache plugin that helps you minify CSS, JavaScript, and HTML codes is highly recommended.

You can use a plugin like Litespeed Server Cache if your website runs on a Litespeed-powered hosting service or you can use WP Rocket, W3 Total Cache, WP Fastest Cache, NitroPack, or any other Cache plugin that helps you get the job done.

Not installing a cache plugin beforehand is a bad idea. Installing beforehand helps you optimize the website as you build and helps you enjoy testing the website as you work on it.

Plugins like Nitropack or FlyingPress can help you optimize the website when you finish development and if you can afford it on a monthly and yearly basis, it's recommended but if you can't, it's best to install a good Cache plugin before you jet off full guns blazing into developing the website.

Mistake 7. Not doing enough research before using a theme or plugin

Yup, we don't normally spend time doing this and it usually plunges us into a situation where we've gone deep into the development and we then hit a rock and spend weeks trying to break that rock.

Adequate research is very important to help know if a plugin or theme is regularly updated and has good codes and standards. Reading reviews and not settling for less is very important.

Some plugins can get your website hacked because of bad codes. But if you're using a good host like Hostinger that has a malware scanner and auto remover and repair, you'd be in safe hands till you can replace that plugin with a much better one. Sometimes even Hostinger would advise you to uninstall the plugin immediately.

In conclusion:

These are the 7 common mistakes you make as a WordPress super admin when starting a website project. You can create a checklist to follow when starting a new project to avoid these mistakes.

Stay tuned for more updates by subscribing to our weekly newsletter.