IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

​The biggest WordPress website mistakes, and how to fix them

We highlight three basic mistakes WordPress website users make, and explain how to fix them

As one of the best website builder platforms, WordPress is a brilliant tool for creating sites via the best WordPress hosting and best web hosting services, but being such an expansive platform, it can easily lead users to make configuration mistakes. 

Even seasoned WordPress users can be caught out by changes to the CMS, or overlook a new feature added to the ever-evolving service. Poorly configuring your WordPress installation can cause a series of issues relating to security, performance, and even day-to-day management, with fixing these often complex mistakes time-consuming. 

There are a number of such mistakes that users seem to make repeatedly, and we've highlighted these common issues in this article. We discuss some of the biggest and most common WordPress website mistakes we've noticed people make, and the steps you can take to fix them.

1. Not providing team members, contractors, or vendors with the right levels of access 

man wearing a WordPress shirt working on a computer

Giving users the right WordPress access goes a long way towards ensuring your site works well


WordPress's robust access permission system allows you to give all the users working on your website appropriate access. However, in the rush to get a site live, user permissions can often be overlooked. Rather than setting up different user accounts for team members, SEO specialists you might employ, your web host, or even a virtual assistant, many take the easy path, and share usernames and passwords.

However, sharing passwords or giving users too high a level of access to your site is a huge security concern, which can leave your website vulnerable to attack. Instead, you should give users a WordPress account with the appropriate level of access. 

WordPress has five user permission levels:

  • A subscriber can only read the content on a site
  • A contributor can edit, read, and delete their own posts, but can’t publish them
  • Anyone with author permissions can view comments, but can’t moderate or delete them
  • An editor can create, edit, publish, and delete all pages and posts, manage comments, and alter links in menus. They can’t install or edit themes or add new users
  • Finally, an administrator has complete authority over the WordPress installation, and can do everything from installing new plugins to deleting old user accounts

Provide every user working on your site their own WordPress user account, with the lowest access permission level that they need to do their job. There should only be a select few with administrator access, and nobody should share passwords. In turn, when someone leaves your company, or no longer needs access to your WordPress site, disable their user account.

2. Not completing basic yet critical SEO for every page and post 

Google Search open on a smartphone

Part and parcel of optimisation when it comes to keywords is ensuring every page and post is in top shape


SEO, the process of optimising webpages to make them perform better on search engines, helps create a well-optimised website that appears higher in important searches. If your site is ranked higher than your competitor’s, you can gain more customers.

Search engines consider a series of factors when deciding which sites to list in search results, and in which order. Many people assume they only need to post content on their site and it’ll be optimised, but there are many things you can do to improve website rankings. 

These include optimising all of the images, so your site loads quickly. Also, use subheadings and internal links containing natural keyword phrases, so search engines can accurately gauge what your site is focused on. 

Also, at the very least, you should write a compelling HTML title that clearly states the topic of the page, and includes a keyphrase people will search for. It should be around 50 to 55 characters long. Fill in the 160-character meta description, too, as this is also displayed in search results, and entices people to visit your page.

3. Not creating redirects when a URL is changed, or a post or page is deleted 

a Google Chrome tab showing a 404 error

If your visitors are seeing this error, you've not been careful with redirects


When you move a webpage to a new URL, there could be thousands of links to the old page still in existence. URLs get changed all the time when optimising for SEO, changing tags, or altering site categories. Instead of visitors being confronted with a 404 page and leaving the site, redirect old pages to new ones automatically.

There are a number of ways to perform redirects, with pros and cons for each. With a WordPress site, the easiest and most comprehensive way to ensure all pages are redirected when the URL changes is to use a plugin. Redirection plugins for WordPress, such as Safe Redirect Manager, take care of the process automatically, so you'll never lose out on business.

Further reading on WordPress, website builders, and web hosting

Take a look at our full WordPress review to learn more about the service, and if you decide to use WordPress, read our step-by-step guide on how to build a website with WordPress, our guide to the best WordPress website builders, and our comparison pitting WordPress vs Wix vs Squarespace.

If you elect to utilize WordPress hosting, find out seven great reasons to choose managed WordPress hosting, and the four S's of managed WordPress: security, scalability, speed, and service. 

Featured Resources

Defending against malware attacks starts here

The ultimate guide to building your malware defence strategy

Free Download

Datto SMB cyber security for MSPs report

A world of opportunity for MSPs

Free Download

The essential guide to preventing ransomware attacks

Vital tips and guidelines to protect your business using ZTNA and SSE

Free Download

Medium businesses: Fuelling the UK’s economic engine

A Connected Thinking report

Free Download

Most Popular

Getting the best value from your remote support software
Advertisement Feature

Getting the best value from your remote support software

13 Mar 2023
Microsoft set to block emails from unsupported Exchange servers

Microsoft set to block emails from unsupported Exchange servers

28 Mar 2023
What the UK can learn from the rest of the world when it comes to the shift to IP

What the UK can learn from the rest of the world when it comes to the shift to IP

20 Mar 2023