Six Common Ways WordPress Users Break Their Websites

WordPress may seem simple on the outside, but on the inside, it’s a complex system that simultaneously serves your content, handles customer transactions, and manages huge amounts of data. And while WordPress is an incredibly stable platform, it’s not unbreakable. 

Even if you’re careful about managing it, you can sometimes find yourself with a broken site. Here are six of the most common ways that happens:

1. Using too many plugins

WordPress users are spoiled for choice — there are an extensive number of plugins available to website managers. There is no magical number of plugins you should or shouldn’t have installed, but it’s important to understand that each one has an impact on your site. How? 

  1. It’s loading PHP code, the programming language with which WordPress is largely written. This could be perfectly fine … unless the code is poorly written and insecure. 
  2. It’s loading CSS, JavaScript, and assets like images, which can slow down your website.
  3. It requires updates for security and functionality, which could potentially cause problems.

Every plugin you install increases the chance that you encounter an issue. The more plugins you have, the more likely it is that one will “brick” your site.

Like the heavy clay bricks that are commonly found on a construction site, a single brick doesn’t provide much value on its own — it’s hardly useful for anything more than a paperweight. A website becomes a “brick” when it can no longer provide the functionality it was built to perform. 

Plugin updates can brick a website with bad code, because they conflict with another plugin or theme or clash with settings in your server. In these situations, it’s not uncommon to see error messages like: “Error Establishing Database Connection,” “Internal Server Error,” and “Connection Timed Out.” You may even see strings of code on your site.

 

database-connection-error

Plugin problems can cause unexpected website errors.

 

Before you install a plugin, ask whether you’ll use the majority of the features it offers. If not, you may be better off looking for smaller, simpler plugins to provide only the functionality you need. Less plugin code running means less risk.

Alternatively, plugins like Jetpack provide multiple valuable features so you can install one plugin to accomplish a variety of tasks instead of several plugins, each of which carries its own risks. And you can always turn off Jetpack features that you don’t need! Plugins like Jetpack are ideal for reducing plugin bloat by using a single solution to meet many needs.

You should also check how regularly the plugin is updated — old plugins are more likely to be insecure — and read reviews. Luckily the WordPress.org repository makes this easy! 

2. Installing plugins or themes from untrusted sources

It’s important that you only download plugins and themes from trusted vendors. WordPress.org is one of these, but ensure that you purchase premium plugins from their official developers.

“Nulled” or “cracked” premium themes or plugins are often modified to include malicious code, which can do all sorts of nasty things and ultimately break or deface your website. And premium products without a license key won’t receive any updates, leaving your site vulnerable.

Jetpack, however, is created by Automattic, a top contributor to WordPress and the company behind WordPress.com. This means that it’s always up to date and provides trustworthy, reliable solutions for website owners. 

3. Editing your website code

We’ve all been there. You search for a problem that you’ve been trying to solve on your website and find a potential solution that tells you to copy and paste some code. If you’re an experienced developer and have a good understanding of the code, this may be fine. If you’re not, this can be dangerous for two reasons:

  1. If you don’t understand exactly what the code is doing, you cannot fully understand the consequences or the impact that it may have on your site.
  2. You may be tempted to put the code in your theme’s functions.php file, to edit a plugin’s code, or to modify WordPress core. All of these are bad ideas. If you happen to remove any original code when you do this, your website may break.

Make sure you understand the purpose of the code and test on a staging website, if possible.

4. Getting hacked

WordPress is the most used content management system in the world. While this offers a wide ecosystem with lots of plugins and themes and a stellar community, it also makes WordPress a target for hackers. 

Plugin vulnerabilities are found daily and most, but not all, developers are very quick to patch their plugins. Unfortunately, if you don’t keep your plugins up to date, your website becomes a target for hackers. Even websites that don’t generate much traffic can be hacked. 

Hackers often use bots to get into your site, which automates the entire process. If your website is findable on a search engine, it’s findable by a hacker. The WPScan Vulnerability Database is a good resource for checking the latest bugs. As you’ll see, new vulnerabilities are found frequently, sometimes in plugins with thousands or millions of installs. To protect your site, implement a security solution like Jetpack, which offers security scanning, brute force attack prevention, downtime monitoring, and automatic plugin updates. 

5. Out-of-date server software

The server that holds your website has an operating system and underlying software that powers it, just like your computer. Like all software, it has to be consistently updated. Many people don’t realize the update happens, because their web host does it for them behind the scenes. 

But what if your web host isn’t applying updates quickly? Many websites are still running PHP 5.6, despite the fact that it no longer receives any security updates. Even PHP 7.1 will reach the end of its lifespan in December 2019

There are several downsides to having out-of-date server software:

  • Security issues: older software versions may have vulnerabilities.
  • Speed issues: PHP 7.3 is much faster than older versions.
  • Compatibility issues: some PHP functions are available in PHP 7.3 but not PHP 5.6. If a plugin only supports 7.3 and you’re running 5.6, this can cause issues. (To help you out, the WordPress plugin repository displays the minimum PHP version required on each plugin’s page.)

6. Poorly configured user access

If you have a website that allows multiple users to log in and add or edit content, you’re increasing the risk of breaking your site. Giving too many permissions to too many people opens up the possibility that someone will cause an issue. 

Too often, website owners give all contributors administrator-level access. This is incredibly dangerous, as all these newly-minted admins can:

  • Install and update plugins.
  • Change your website code.
  • Edit your theme.
  • Add or delete pages/posts/products/any other post type.
  • Access confidential data (including financial data, for online stores).

Any of the above can potentially break a site. Users should be given the exact permissions they need to do their job — nothing more. WordPress comes with some built-in user roles, but you can also create your own using code or a plugin such as User Role Editor or Members. And WooCommerce provides a great guide to understanding WordPress user roles from a security perspective.

Jetpack Activity provides transparency for a website with multiple users. It records actions taken on your site, including login attempts, published or updated pages, plugin installations, setting modifications, and more. You can see who performed each action and when each one took place, and restore a backup of your site from that exact point in time if needed.

What to do if your WordPress site breaks

In the end, websites will still break. Whether you’re an experienced web developer or novice website builder, you’ll probably break your website at some point. 

The best way to ensure minimal downtime is to have a comprehensive, off-site backup strategy. Don’t just rely on your host for backups, because:

  • You may not have control over backups. Your host may only back up your website once a week, but what happens on a busy site where data changes every hour? Real-time backups are critical! If you have an eCommerce store, orders could be placed at any time of day. Without real-time backups, you could lose customer data from the period between the backup and the site crash. 
  • You can never be too backed up. It’s not wise to put 100% of your trust in your host; they can also be compromised. A multi-faceted approach to backups mitigates your risk.
  • Retrieving a backup from your host is not always as simple as it sounds. You may need to contact support and ask them to restore a backup, which can take a long time and, depending on your host, be a difficult process. If your website is a source of income, every minute it’s down could mean lost revenue.

There are also many WordPress plugin backup solutions, both free and paid. Plugins certainly provide valid options, but not all backup plugins are equal. Some common drawbacks:

  • By default, some plugins back up to your web server. If your server has a catastrophic failure, your backups may also be lost. 
  • Some plugins allow you to back up your data to an off-site account, like Amazon S3 or Dropbox. While this is a great idea, it requires you to have an account with an off-site provider, which may mean additional fees.
  • Many free backup plugins are missing features like real-time backups. Premium versions can be both expensive and require you to have separate accounts for off-site backups.

However, Jetpack is an excellent solution for WordPress backups. No matter the type of site you have, Jetpack has a solid backup option. Daily backups are a great option for restaurants, blogs, and portfolios, and include a 30-day archive period, so you can easily access the last 30 days of backups. eCommerce stores, news organizations, membership sites, and online forums will want real-time backups with an unlimited archive, so you can restore your website from any point in time. 

jetpack-backup-rewind-screenshot

Backup features let you “rewind” a website to a previous date.

Every significant change to your website is automatically saved. Did someone just write a review? Did you add a new product? Did you update a plugin that broke your site? It’s all backed up. 

This provides not only great peace of mind but also a rock-solid off-site platform for your backups. Jetpack even includes a migration feature that allows you to move your whole site to another host or server. If your server faces catastrophic failure or you just want to move your site to another host, Jetpack has you covered. 

Breaking a website is a common occurrence. Even for the most careful of website owners, something beyond your control can go wrong. Having both on-site and off-site backup solutions is a great way to help mitigate your risk. And with relatively minimal costs, there’s no reason to risk the safety of your site. 

Find out more about Jetpack Backup or compare plans to explore other benefits of activating Jetpack on your WordPress website.

This entry was posted in Security and tagged , , , , . Bookmark the permalink.

Explore the benefits of Jetpack plans

Compare plans in detail to see how Jetpack can help you design, market, and secure your WordPress site.

Compare plans

Have a question about this article?

Comments are currently closed for this article, but rest assured we're still here to help! Send us a message and we'll get back to you.

Contact us
  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 106,615 other followers

  • Our most popular posts

  • Browse by topic

  • %d bloggers like this: