How to avoid bad WordPress development practices

TipoIT - author
Posted by : Darko Borojevic | contact me | go home

Recognize and avoid bad WordPress theme development practices

WordPress on itself is a very practical platform that enables any web designer / developer to launch a website (primarily a Blog website), but WordPress also has its flaws and it is not perfect. The plugin architecture enables a lot of functionality out of the box, however, the number of the plugins installed can slow down your app dramatically and can also represent a perfect backdoor entrance for hackers. That’s why developing with WordPress requires in-depth knowledge of this system, but not only that, but also an in-depth knowledge of underlying architecture. Unfortunately, there are a lot of self-taught developers out there who do not follow these rules but still market their services. Let’s make a list of things to watch out for when ordering a WordPress theme so that you can learn how to differentiate good from bad development practices:

Too many plugins

If your WordPress web app is slow and you don’t know why it is slow, the first thing to check is the sheer number of plugins that your theme is using. Installing and activating too many plugins is simply a bad practice. For me personally, everything more than 10-15 plugins is becoming cumbersome to maintain, and it becomes a never ending plugin rhapsody that is making your web pages slow and user experience bad. It is always a better practice to find a skilled developer and pay a bit more for development than go cheap and install 150 plugins afterwards to be able to run your site. Also, the inactive plugins should always be removed from the installation. Real WordPress developers should understand PHP and be able to write clean code with it, and not just use the theme customizer and plugin directory in order to solve every problem in developing the easy way. If you don’t know and understand PHP, you shouldn’t call yourself a WordPress developer.

Security issues

Plugins are a great tool but also a security issue. A lot of plugins generate more opportunities for hackers to find a backdoor entrance to your app and crash your system down or steal your data. WordPress is widely used, but it is also widely hacked, if used and maintained in a wrong way.

Open access to wp-includes directory

If you type in your URL bar the address of your website and add a wp-includes at the end like this –, and you get a big listing of different folders instead of redirect or a forbidden access message, you have been scammed. This is not a developer work, but an amateur one. Needles to say, the listing of folders on your server which is accessible via URL, is a security disaster.

Old versions of WordPress

WordPress updates relatively often and your installation should be updated accordingly. This is very important. If you do not update your system regularly this can also be a potential security breach in your web application.

Bad mobile experience

If your theme looks bad on mobile and tablet devices you should change your developer, and your theme. Responsive design is a must have in this day and age of web app development. Poor mobile visibility will affect your domain rankings and the overall user experience will be a complete disaster.

Bad PHP code

WordPress is all about PHP. This is a CMS, but still, if you are developing a theme from scratch, you will use WordPress more as a framework than CMS. Sooner or later you will write your own code, using default WordPress functions, or writing your own and using it inside a functions.php file in the same way you use native WP functions. So using clean code and good coding practices is still a must have if you want to develop with WordPress, instead of only customizing it. Basic coding constructs like loops, arrays and SQL queries are still basic building blocks of any PHP app and this applies to WordPress as same as any other app. Using these constructs in a wrong way will destroy your WordPress app as same as any other PHP web app.

Bad hosting plan

Choosing the right hosting package can be the most important factor in WordPress performance. You have to think about, and do a quick research to find out what option would be the optimal. There are a lot of hosting providers out there that offer customized WordPress hosting packages and I would say that this is always a better option than regular shared hosting, and many times you can see that hosting providers also offer free hosting plans. Free, does not mean good, even if it sounds good. Dedicated WordPress hosting is always a better solution than free shared hosting, even if it costs you some pennies.

Pitfalls of WordPress plugin freedom

Although WordPress will seemingly, give you a lot of freedom to do what ever you want with your web content through the vast number of plugins, the matter of fact is that a lot of plugins will eventually slow down your app and you will have to search professional help to resolve the situation. So think twice if you want to install a plugin for every little thing on your WP domain, or just pay a developer to create this feature for you.

Posted on: March 27, 2022

Print article Email article