We love WordPress. If it wasn’t for WordPress, there would be no ThemeTrust. It really is that simple. That being said, though, WordPress has its flaws – flaws that every site owner should address. Some of them are crucial for site security, others are more cosmetic in nature but can be equally frustrating.
Let’s find out what those problems are and how to fix them:
1. WordPress isn’t always secure
We start with security because it’s one of the most serious problems on many WordPress sites.
Every year, we witness more and more sites falling victim to hackers and malicious scripts. For instance, just in 2014, two major vulnerabilities were reported:
- the first one affected 50,000+ sites,
- and the other one around 100,000 sites.
Taking care of your site security really is no joke, but unfortunately, WordPress doesn’t offer any rock-solid protection right off the gate. That’s why you should take matters into your own hands and look for some solutions:
- Always use secure passwords. If you’re using any of the most common passwords, you’re doing it wrong. Pick something more complex.
- Update the WordPress core and the plugins you use as soon as the notification pops up. WordPress updates and plugin updates always fix a number of bugs and patch common vulnerabilities.
- Don’t download plugins or themes from unknown sources. Either get them from the official repositories at WordPress.org, or other trusted sources, such as here at ThemeTrust.
- Use a dedicated security plugin. A solution like Sucuri Security or Wordfence will protect you from various common attacks.
I really can’t emphasize this enough. WordPress security is no joke. You could lose your whole site due to a single vulnerability if you neglect this.
2. There’s no backup functionality built-in
WordPress does a lot of things out of the box, but backups aren’t one of them.
So if you want to save yourself from any unfortunate crashes, you need to take the necessary steps yourself. There’s a handful of ways to enable backup functionality in WordPress:
- if you want a top-quality premium tool, consider VaultPress (it’s a complete backup-and-restore solution; starts at $99 per year),
- if you’d prefer to keep things free, try the plugin called WordPress Backup to Dropbox (it takes your whole site and backs it up in your Dropbox profile).
3. WordPress tends to load slowly
It’s been reported that just one second delay in your site’s load time can result in a 11% drop in page views.
People just don’t have the time to wait, or the patience to wait, or can’t be bothered. Either way, it’s clear that load time matters a lot for your site’s potential growth.
There are a lot of things that can make your site sluggish:
- Slow plugins. Your plugins contribute to the majority of the loading time. Check which of your plugins are slow (do this with the P3 analyzer plugin), and replace them with faster alternatives.
- Slow web host. If your web host is sub-par then there’s unfortunately nothing else you can do other than ditch it for a faster one. In general, cheap hosting plans aren’t very effective. The quality stuff starts at more than $10 / month.
- No caching. Caching is a fairly complicated concept, and equally as boring. What’s important, though, is that you can make your site faster by getting a caching plugin that works on autopilot (like W3 Total Cache).
- No gzip compression. In short, zip compression reduces the size of your website files. You can enable it by adding these lines to your .htaccess file:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript4. Your theme could be unsafe
WordPress themes often have various vulnerabilities in them, and it’s basically impossible to find them on your own while performing some standard administrative tasks.
To improve your chances, you can test your current theme with the Theme Check plugin. It will look through the theme’s source code and make sure that there’s nothing malicious lurking in the dark.
5. There’s negative social proof
Social media is huge these days. It’s literally impossible to imagine a successful WordPress site that has no social media integration at all.
One of the most popular ways to make your site social media friendly is to simply display share buttons alongside your posts and pages.
That’s where negative social proof comes into the picture.
Basically, if you use social media buttons that display how many shares the post has garnered, but those numbers are all zeros (or there’s just 1 or 2 shares), then you’re just making things worse. Buttons like that tell your visitors one thing: this content is unpopular.
Fixing this is quite simple. For instance, you could use SumoMe to handle your social media buttons. In the Share module’s settings, just select the option not to display the numbers until they reach a given threshold:
6. The JPEG compression isn’t always helpful
WordPress has an interesting setting when it comes to the image compression it uses.
By default, every JPEG is set to render at 90% quality. For some scenarios this is perfectly fine, but if your site relies on its visuals more heavily, then you should consider resetting the compression level back to 100% – using the original versions of images.
Add this to your functions.php file:
add_filter( 'jpeg_quality', 'reset_jpeg_quality' );
function reset_jpeg_quality() {
return 100;
}7. The image thumbnails aren’t always optimized
WordPress uses thumbnails in various places around your website. For instance, next to your post listings, in the footer, and so on.
Here’s the thing, though, if you ever change your theme, the thumbnail settings will change along with it. What doesn’t change, however, are the thumbnails that were generated previously. This you need to do on your own.
A plugin like Regenerate Thumbnails will help you out. It takes your images and generates new thumbnails according to the current settings.
8. Your site has broken links
Why am I so sure?
Well, broken links don’t appear on your site in some magical way. This is more of a natural process. For instance, if you linked to a third-party site, say, two months ago, but then that site went offline, then you now have a broken link.
Of course, finding all broken links by hand would be impossible. Instead, use a plugin called Broken Link Checker to get the job done.
9. Pingbacks can cause a real mess
Pingbacks are one of those ancient WordPress features that have been with us for years.
In theory, pingbacks are a cool thing. They allow your site to communicate with other WordPress sites and notify them of new links.
However, they can also be used as a DDoS attack tool, as pointed out by Sucuri. At this point in time, you’re better off disabling pingbacks altogether.
You can do it in Settings > Discussion (leave the box unchecked):
Your turn
Is there anything else that’s surprisingly frustrating to you about WordPress and the way it works (or the way it’s set up)? Feel free to share in the comments.