12 Common WordPress Setup Mistakes

This post was originally published on December 6, 2017 and was updated on June 3, 2020.

Disclosure: This post contains affiliate links for products or services that I personally use and highly recommend. If you click on the link and make a purchase, I may receive a commission, at no additional cost to you. I only recommend products or services I believe will be good for my readers and clients. (I don’t recommend junk; that’s not how I roll.)

When you first setup your WordPress website, you probably just want to jump right in to making it look beautiful… and adding all your content. It’s easy to neglect (or not even know about!) some very important setup steps that need to happen before you start writing your first web page or blog post. So whether you’re just starting to setup your new website – or you’ve already created it  but you’re thinking you might have missed some steps, here are some common WordPress setup mistakes I’ve seen. And don’t worry… I also include my tips for how to prevent those mistakes (or fix them if you already made them)!

Mistake #1: Using Poor Web Hosting

Before you even think about how to setup up your WordPress website, you’ll want to think about who will be hosting your website. While it may be tempting to choose that $3/month plan (or even a free plan!) – keep in mind that not all web hosts are created equal. (Important Note: When I refer to “WordPress websites”, I am referring to using the WordPress software on your web hosting account… not a WordPress.com website.)

You’ll want to make sure you’re choosing a web host that has the support and features that you need.

  • How responsive and knowledgeable is their Technical Support if you have issues or questions?
  • How quickly will your website load?
  • What security features do they include?
  • Does your web hosting account include automatic backups?

Bottom line: Choose a web host that is going to make sure all your hard work (your website) is in good hands!

How to Prevent or Fix this Mistake: Do your research and choose a good web host for your WordPress website. Personally I use (and recommend!) Flywheel web hosting or SiteGround web hosting for WordPress websites.

Mistake #2: Using the Default WordPress admin Username

WordPress is setup by default with an “admin” username as the administrator account. So if someone wants to hack into your website, the first username they’ll try is “admin”. Then all they need to do is figure out your password (which can be easier than you think!). When you setup your new WordPress website, make sure you’re using a username that’s not very obvious or easy-to-guess. 

How to Prevent or Fix this Mistake: If you already installed WordPress with “admin” as the username (or another easy-to-guess username), change it to something else. Here’s the easy way to change your WordPress admin username

Mistake #3: Choosing a Weak WordPress Password

This one is pretty self-explanatory; but you’d be surprised at how many people pick ridiculously easy-to-guess passwords. (I’m looking at you, “password” password!) 

How to Fix this Mistake: If you’re using a weak password:

  1. Login to your WordPress website
  2. Click on Users > Your Profile
  3. In the “Account Management” section click on the “Generate Password” button. A new, strong password will be generated for you. You can either use this one – or type in your own, new password. Just make sure your password stays “Strong”.
  4. Click the “Update Profile” button to save your new password.

Wordpress Website Setup Mistakes
Choose a Strong Password for your WordPress login

Mistake #4: Using Ugly Permalinks

Permalinks are the URLs WordPress uses for your web pages and blog posts. By default, your permalinks are setup to be something like this:


Not only is that ugly; but it’s not very intuitive for your website visitors. What does “p=123” mean? Not much to most people. And it certainly doesn’t mean much to search engines either!

The words inside the web URLs are an indicator for both people and search engines as to what that page or post is all about. For example, the URL for this blog post that you’re reading right now is:


See how easy that is for you (and for Google!) to know exactly what this blog post is all about?

How to Prevent this Mistake when you Setup WordPress: Login to your WordPress admin area and:

  1. Click Settings > Permalinks.
  2. Select “Post Name” (instead of the default “Plain” option) so your posts are saved using URLs that include the words from your post/page title.
  3. Click the “Save Changes” button

How to Fix this Mistake: if you’ve already been using the default “plain” WordPress permalinks for a while, you don’t want to go and change the permalinks without first creating redirects for your existing links. In other words, if someone tries to go to your old (ugly) link, you want them to be automatically taken to your new (pretty) link. You also want search engines to use the new (pretty) link as well. To do this, you should setup 301 redirects for each of your pages and posts. You can easily do this with a WordPress plugin. (For example: the Redirection plugin.) After you setup 301 redirects for your pages and posts, you can change your Permalinks following the instructions above.

Mistake #5: Using a Bad WordPress Theme

What makes a theme “bad?” It could be quite a few different things – but I’ll save that full list for another blog post: Tips for Choosing a WordPress Theme. You can read through that post for all the details. Or here’s a brief list below, of things you’ll want to look for when choosing which WordPress theme you’re going to use. And if you are having a custom web design created instead of using a pre-made theme, you’ll want to ask your designer about these items as well.

  • Make sure it’s responsive – so it looks great on different screen sizes and devices.
  • Does it have the features and functionality that you’re looking for?
  • Does the theme provider offer good support (documentation, access to Tech Support, etc.)?
  • Is the theme continuously updated to accommodate new WordPress versions and to fix any bugs?
  • Are you able to modify the colors and layout (if the theme doesn’t match exactly what you’re looking for with the design)?

How to Prevent this Mistake: Do your research before choosing your theme. Make sure you have a good idea of what features you want on your website – and what kind of design you’re looking for. And make sure you’re choosing a theme provider that has a great reputation – not only with support issues but also with how well their themes are designed and developed.

How to Fix this Mistake: If you’ve chosen a theme that just isn’t working for you, you can hire a web designer/developer to fix the issues that you’re struggling with. Or it just might be time for a website redesign with a new theme!

Mistake #6: Not Using Your Own Favicon

A favicon is the tiny graphic associated with your website that appears in many places, including:

  • on browser tabs
  • on the website address bar on many browsers
  • in browser bookmarks and favorites
  • as the application icon on mobile devices (for example, when someone adds your website to their phone’s home screen)

If you’re using a WordPress theme that you purchased, your website will most likely display the theme developer’s favicon. Or it might not include any favicon at all! Either way, this is a missed opportunity for you to include your own branding on your website.

How to Fix this Mistake: I recommend using a website favicon that matches your logo as this will help with brand recognition. Here’s how to add a favicon to your website.

Wordpress setup mistakes: favicon

Mistake #7: Not Deleting Sample Content

I’m always surprised by the number of websites I see that have the WordPress default web page, blog post and tagline displaying on their website. By default, WordPress adds a “Just Another Blog” tagline to every WordPress install. It looks really unprofessional to have that “dummy” text on your website. Do you really want your website to say “Just Another Blog” – or “Hello World! Welcome to WordPress. This is your first post.”?

(Please say no.)

No!! So trash it!

Also – some themes include demo/sample content as well. So you’ll want to make sure you are either editing or deleting that too.

How to Fix this Mistake:

To get rid of the WordPress default tagline:

  1. Go to Settings > General in your WordPress dashboard.
  2. Change or delete the default tagline.
  3. Click the “Save Changes” button.

To get rid of the default WordPress sample post:

  1. Go to Posts > All Posts.
  2. Hover your mouse on the “Hello World” post and then click the link to delete it.
  3. Repeat this process for any of your theme’s sample posts that you don’t want.

To get rid of the default WordPress sample page:

  1. Go to Pages > All Pages.
  2. Hover your mouse on the “Sample Page” page and then click the link to delete it.
  3. Repeat this process for any of your theme’s sample pages that you don’t want.

Mistake #8: Using the “Uncategorized” Category

This is another item that WordPress sets up by default – and that I recommend changing. When you first install WordPress, it creates a default category, called “Uncategorized”. An uncategorized category? That sounds really dumb.  🙄

Plus, you don’t want your “Uncategorized” category page to show up in search engines… because that just looks, well… dumb too! So let’s fix that.

How to Fix this Mistake: Go to Posts > Categories. And edit the Name and slug (which is part of the URL for that category page) of the “Uncategorized” category. Change it to a more descriptive default category name. For example, a fashion blog might use “Fashion” for the default category.

Mistake #9: Editing Your Theme’s Files

Let’s pretend you found the perfect theme… but then you realize it’s only “about 95% perfect” and you want to make a few quick edits to the theme’s files to make it 100% perfect. So you edit the code in one of the theme files… and now your theme really is perfect! Sounds good, right?

Not so fast!

Let’s fast forward to a couple weeks from now when your theme has a new update available. Because you know the importance of keeping your WordPress software, theme and plugins all updated – you click that Update button and update your theme to the latest version. Uh oh… now your theme is only 95% perfect again! What happened?!

Every time you update your theme, you risk overwriting your code changes with the theme’s original code. Now you have to go in and add your code changes into the theme files again. Not fun.

How to Prevent this Mistake: Use a child theme! Put all of your custom code within a child theme so it doesn’t get overwritten by any of your theme’s updates. Here’s a tutorial from Smashing Magazine about how to create a WordPress child theme.  Or if that seems too complicated, you can hire a web developer to set this up for you.

Mistake #10: Not Being Friendly with Search Engines

A crucial part of getting traffic to your website is making sure you’re getting found in search engine results. So make sure your website is setup in a way that helps with this. Did you know there is a setting in WordPress that tells search engines NOT to put your website in their search engine results? Now why would you ever want to do that? Well, sometimes when you’re first creating your website, you might want the search engines to ignore your website until you have everything ready. But just make sure you remember to turn that setting off when you’re ready for some website traffic to get sent your way.

How to Fix this Mistake: Go to Settings > Reading. And make sure the “Search Engine Visibility” option is NOT CHECKED. (If it’s checked: uncheck it and then click the “Save Changes” button.)

I also recommend using the Yoast SEO plugin for additional SEO features.

Mistake #11: Not Creating Website Backups

I know you don’t want to think about this – but what would happen if your entire website was deleted or hacked? Do you have a backup plan? (See what I did there? A “Backup” plan?! 😆 )

I’ve had clients call me in a panic because their website was down – or was hacked and unusable. One of my first questions is: “Do you have a backup we can use?” (And then I hold my breath, waiting for their answer… hoping and praying that they say “yes!”) Make it easy on yourself – and your web developer – and make sure you’re creating regular website backups.

How to Fix this Mistake: There are several backup plugins you can install on your WordPress website that allow you to create backups of your website. I’ve used BackupBuddy, Updraft Plus and BackWPup for my clients.

Even better? Choose a web host that creates daily backups for you. Backup plugins can be complicated and can slow down your website as they’re running. One of the reasons I use Flywheel for my website and for my Website TLC plans for my clients – is because they run backups every night and store them off-site for 30 days. So I don’t need to use a backup plugin – and I can easily restore my website with one of those backups, if I need to.

Mistake #12: Not Having Security Measures in Place

Besides making sure you’re using a strong username and password (see Mistakes #2 and #3 above), you need to make sure you’re taking steps to prevent anyone from harming your website.

How to Fix this Mistake:

  1. Make sure you’re keeping your WordPress software, your theme(s) and any plugins updated. Updates not only give you access to the latest features, but also give you any security updates as well.
  2. Delete any themes or plugins that you don’t need anymore. Each theme and plugin you have installed on your website is one more opportunity for a hacker to gain access to your website. So if you don’t need a certain theme or plugin… get rid of it.
  3. Use a good web host that includes security features. As I already mentioned, I use Flywheel for my web hosting. One of the reasons why I use them is because they work hard to make sure my website is always malware-free. And in the unlikely event my website gets hacked, they’ll fix it for free. No security plugins needed!
  4. If you’re using a web host that doesn’t manage website security for you – you can use a security plugin. Sucuri and Wordfence are two popular security WordPress plugins.

It may seem a little overwhelming when you start to think about #allthethings that you need to deal with when you setup your WordPress website. That’s why I created these two services with this in mind:

  1. a website package that helps you with this entire process: No Mess – No Stress! Website Setup package. I like to think of it as your “Easy Button” for getting your website setup without the stress and mess of DIY-ing your website!
  2. a Website Care Plan that takes care of web hosting, security, backups and updates for you!

Don’t forget it… Pin it! Pin it to Pinterest

Common WordPress Setup Mistakes (and How to Fix Them)