Wordpress on old-fashioned typewriter

What Are Your WordPress Pro Tips?

ByJeffrey Costa

Our pain is your gain.

We often get asked: “What do you wish you knew when you got started?” Or the variant of that: “What advice would you give someone just starting out today?” We thought about it, and realized we had quite a bit of wisdom to share. The list below – in no particular order – represents our collected wisdom, circa August 2024:

  • Learn how to back up and restore WordPress without the need of a plugin.
  • Learn how to turn on debug mode. Then turn it off to ensure it does not negatively impact performance.
  • Learn how to turn off plugins – from the command line.
    • Corollary: Learn how to use WP-CLI
  • Understand that WordPress is open source, with varying degrees of support and quality in plugins and themes. Many issues you encounter are not a core WordPress issue, just a poor developer issue.
  • Learn to back everything up. Remotely. Backup your backups. If you are unsure if the backups have everything, back them up again. And then back that up. Get the idea?
  • Vet plugins and themes. Software gets abandoned all the time. And anyone can make a plugin. So use ratings, popularity, and support response to vet what you install. We, ahem, wrote a post about that…
  • Keep things updated. Security updates, patches and new features are released all the time.
  • Theme developers and plugin developers have economies of scale on their side.
  • Choose a fast web host. 
  • Did we mention backing your site up?
  • Use a local WAF (Wordfence) AND a remove WAF (Cloudflare). This layering of protection is known as “defense in depth.”
  • Always check that your backups are being successfully created on the target (destination) server. You don’t want to discover this is not happening when you need to perform a restore.
  • Optimize your images
  • Keep your page size (payload) small
  • Have at least one offsite (out of server/hosting) backup.
  • Keep backups of at least a few weeks of previous site versions.
  • Enable two-factor authorization (2FA) to safeguard your site.
  • Have a backup admin account ready for use.
  • Use strong passwords
  • Use the function.php file in a child theme
  • Make sure users have a way to contact you directly
  • Use the minimal amount of plugins
  • If you give third parties access to your site, for maintenance or development, revoke it as soon as possible.

If you found this list valuable, leave a comment below.

Jeffrey has been a product manager for 12 years, with extensive experience in B2B SaaS products and Wordpress. He has successfully launched several large 0-to-1 products and holds and MBA from the University of Dayton. He also holds CISSP and AWS Cloud Practitioner certifications. His expertise includes product strategy, API design, and WordPress development.