Tag Archives: deadly sins in WordPress Developments

7 Deadly Sins Of Custom WordPress Development – Part 2

Like our Previous Post, Here too we’ll look at some cardinal offenses committed in Custom WordPress Development and how you can avoid them. Remember if your WordPress website is judged, you will be held accountable for any of these sins.

1. Overloading Your Theme’s “Functions.php” With Tons Of Plugins

7_deadly_sins_2_01

There are a number of reasons for you to avoid this as much as possible. First being the sake of your whole website as this makes it really hard to troubleshoot plugin conflicts especially after upgrades.

As an example, let’s just consider that you added tons of functionality into the theme’s functions.php. Now, if down the road your website starts having a problem, there would be no easy way for you to turn each part off one by one and find out what is causing trouble.

What’s the remedy: If you have WordPress developers working on the same website, it’s better to keep the presentations separated from your website’s functionality. If all such functionality exists in separate plugins, you would be able to troubleshoot errors more easily and isolate stuff that needs to be updated or removed.

2. Still Having The Default URL

7_deadly_sins_2_02

Your default URL on WordPress which looks similar to this: “www.yoursite.com/?p=120”, would make sense to WP, but it means nothing to search engines and even your users.
www.yoursite.com/get-me-a-pizza (hint*) makes way more sense to your users and it is also great for the SEO purposes.

What’s the remedy: You can set the URL structure for the pages of your WordPress website by going to the “settings” menu in your WP install and selecting “permalinks”.

3. Welcoming The Comments From Hell

7_deadly_sins_2_03

If you want your website to encourage users to participate after engaging them through your content, one way of doing this is through your website’s comments portion. Hence “comments” should be there on your website but you should keep out all the spammers.

What’s the remedy: The easiest way to get rid of spammers is not by using Captchas, but by activating Akismet. This fine plugin comes bundled with WP and rids most of the spam for you. All you need is an API key which too, you can find here.

4. Having no backup plan

7_deadly_sins_2_04

So you don’t have a Backup plan. Imagine what will happen if your website decides to go for a nap which lasts a bit longer than you expect. What will become of your content or your post comments? All gone, but it doesn’t have to happen like that; you can still make amends now and save your website.

What’s the remedy: Simply install WP-DB-Backup. This plugin will let you schedule a site backup whenever you like. You can further mail that backup to your email as well.

5. Displaying Your WordPress Version

7_deadly_sins_2_05

You don’t need to be all flashy about the version of WordPress install. As WordPress normally shows its version number in the header of your website. This can be a potential vulnerability for your website; hence let your custom WordPress development team remove it and make your website more secure.

What’s the remedy: Here is how you can remove the WP version from your website’s header. Simply add this code into your theme’s functions.php file or tell your WordPress developer to do so.

remove_action('wp_head', 'wp_generator');

Not feeling like playing with the code, here you can do the same with this plugin: WP Remove WordPress Generator Meta Tag.

6. Not Optimizing Your Website

7_deadly_sins_2_06

How many times have you wondered why is your website still slow even after going exactly by the books? There can be multiple reasons for your website being slow, but if you have already addressed the hosting and too-many-plugins issues, then improvise and use the below mentioned caching systems for your WP website.

What’s the remedy: You can use a site cache system like W3 Total Cache and optimize the images used in your website using WP Smush it

7. Neglecting On-Page Schemes And WordPress SEO Tools

7_deadly_sins_2_07

Besides full-fledged online marketing campaigns, On-page SEO activities are the basis for your website to be crawled by search engines. These are tasks that let you make your website friendly for Search engines so that they can be crawled easily and quickly.

What’s the remedy: Before your online marketing teams tells you to round up your WordPress developers and integrate on-page SEO tools, meta titles, descriptions and tags- Try getting this done when your website is being made. Moreover, to get your website easily optimized we recommend you to use All in One SEO pack and Simple Google Sitemap XML plugin.

Always remember that Awareness is the key but making progress in WordPress can become much easier when you become cognizant of theses 7 Deadly sins of Custom WordPress Development. Drop your suggestions in the Comments below,

What are some of the most harmful and annoying development practices that you’ve come across?

7 Deadly Sins Of Custom WordPress Development

WordPress, the choicest CMS all over the world is renowned for its freedom that lets WordPress Developers extend their platform to just about anything. However, when coding for WordPress, you should make sure that your plugins & themes can play nice and smooth with other WordPress extensions. This is because; Developing in a vacuum is just inexcusable and down the road it can cause you or your client a lot of trouble.

We call such inexcusable schemes the Deadly Sins of WordPress and here are some of the major things that you should abstain from!

1. Loading Your Very Own JQuery Copy

7_deadly_sins_01_1

Now this would sound dumb! But yeah Some WordPress developers load their own copy of JQuery for God knows whatever reasons. People!  Loading your own copy of JQuery is one fine way for ruining everything on your WordPress.

Some WordPress Developers while making a WordPress website in many cases de-register the jQuery copy that comes with WordPress, which looks similar to this:

<!--?php if(!is_admin()){
wp_deregister_script('jquery');
wp_register_script('jquery', ("http://cdn.jquerytools.org/1.1.2/jquery.tools.min.js"), false, '1.3.2');
//wp_register_script('jquery', ("http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"), false, '1.7.2');
wp_enqueue_script('jquery');
}
?>

By de-registering the WordPress’s copy of jQuery and loading another one, you can easily break all kinds of JavaScript in the rest of your WordPress themes & plugins.

What’s the Remedy: Don’t do this. Just use the jQuery copy that comes with WordPress.

2. Loading JS/CSS Files Improperly

7_deadly_sins_01_2

Now, what makes this Sin Deadly in WordPress development are two smaller sins. The first is incorporating both inline Script and Stylesheet tags through your header file. This activity can cause both of them not to load at the right time and once they do, they will be loading on your website’s every single page. Result- Your WordPress website will take ages to load.

What’s the Remedy: You can use WP Enqueue Script or WP Register Script which will help you load your JS/CSS files the right way, on right pages and at the right time.

The Second junior Deadly Sin related to the bad loading of JS/CSS files is loading custom JavaScript & styles on each page of your WordPress website– instead of loading it conditionally or when necessary.This activity is often unwanted and can significantly delay the overall loading time of your website.

What’s the Remedy: Only load your scripts when necessary to keep your website running smooth and fast. Here is how you can do this via a very common example by Phil Bank’s tutorial on Loading plugin Scripts During WordPress Development.

add_action('wp_print_scripts', 'deregister_cf7_javascript', 15);
function deregister_cf7_javascript(){
if(!is_page(15)){
wp_deregister_script('contact-form-7');
}
}
add_action('wp_print_styles', 'deregister_cf7_styles', 15);
function deregister_cf7_styles(){
if(!is_page(15)){
wp_deregister_style('contact-form-7');
}
}

Originally, this script disallows contact form script from loading on every other page except the contact form page, by using the ID of the page. Although it would take you some time, but you can tweak the same method during your WordPress development so that it may stop unnecessary loading of useless scripts.

3. Not Sanitizing User Input In SQL And Encoding It For Output

7_deadly_sins_01_3

The SQL injection attacks are the most commonly used ways to exploit any website’s vulnerabilities and they can be deadly for WordPress websites as well. Hence if you don’t escape an SQL based input from a user, you can leave your website extremely vulnerable for this kind of attack.

Secondly, these types of attacks can also be lured if your Custom WordPress website design  and Development team are using plugins and extensions that come from an untrustworthy or obsolete source.

What’s the remedy: Make sure youclean and moderate user input in-order to protect your WordPress website from such sort of attacks. You can later encode user input for display to inhibit XSS vulnerabilities on your website. We found the Data Validation information on WordPress Codex really useful in this regard. Also, go through the excellent reference by WP Tuts on Data Sanitization and Validation With WordPress that goes into more detail.

4. Adding Too Many 3rd Party Services

7_deadly_sins_01_4

You can literally overload your website with too many social media buttons and third party services and this seriously is a bad idea. The only place where such type of exhaustive integration makes sense is when you have rather significant number of user base, which is active round the clock on social network. – And you are offering the ability to register via Facebook, Twitter and Google+. Only then such type of connection is convenient. But if that’s not the case with you, you will simply make your website sluggish with such sophisticated functionality as they’ll be running every time your website loads.

What’s the remedy: Only integrate third party services if absolutely necessary otherwise, sparingly.

5. Being “Admin” For The Rest Of Your WordPress Life

7_deadly_sins_01_5

Keeping “Admin” as your administrator username and “Password” literally as your password is like a jackpot for a hacker. Furthermore, there actually are some evil bots that lurk around on the web looking for WordPress installations that have this practice in order exploit them.

What’s the remedy: Give your WordPress a unique username and a very strong password. If you have a Custom WordPress design and development team at your side, enforce them to change the username and password just after WordPress installation. You can even force your users to select strong passwords by adding this plugin.

6. Not Testing Your Work

7_deadly_sins_01_6

If you keep on making changes in your website, but you don’t verify them being formatted correctly you are welcoming trouble and putting your time and if your website’s is live, your company image at stake. Once your WordPress Designers or Developers make anything, don’t force it to go live in miniature deadlines. At the very first what you should do is- testing.

What’s the remedy: Of course, you can do cross browser testing, but WordPress codex also provides a number of tools to help make this process a lot easier. You can use Debug mode to single out PHP warnings and errors. Use Theme Unit Test to pre-format post data and also Theme Check to examine the codebase of your theme

7. Expecting A Lot From Shared Hosting Plan

7_deadly_sins_01_7

Shared hosting can never fulfill your website’s needs. End of Discussion, So don’t fall for hosting plans that offer a buffet type of deal boasting on unlimited number of resources. For starters, such hosting plans may sound and feel great but eventually when all the resources get oversold and your site slows down, you will have to waste a lot of time and effort trying to sort things out with your host.
It definitely is a mistake to think that you can add all types of media snippets, plugins and extensions into your WordPress website while being on a shared hosting plan and have them running seamlessly.

What’s the remedy: Go for a better hosting plan from the beginning, especially when you want your website to grow. Dedicated hosting is good, but if you have a bigger budget, Cloud hosting can be great! If you do some research and find an affordable hosting provider with same offerings, you can let your custom WordPress designer & development team to accommodate anything you want in your website.

These are our picks on the deadliest WordPress development sins, however, there is more to come. So stay tuned for our next post. In the meantime, please use the comments box to suggest what you would add to the list!