Below are a few sections of my best advice as a WordPress developer since the beginning of WordPress. This post will be evolving over-time. There are no affiliate links and no choices are biased. 

 

 

The best WordPress Theme

 

Divi

I’ve used hundreds of WordPress themes, this one is by far the best. It’s the best of the best mainly because of the integrated visual builder. I am typing this text on the page itself, not in the backend page editor. (which also has a very functional page builder system within Divi).  I love Divi so much that I actually migrated all my clients WordPress sites to it, free of charge. This allows them user-friendly control over their content. The amount of times clients now request an update is lower than it has ever been, because they can easily perform these updates themselves.

 

 

The Best WordPress Plugins

Below is a list of my favorite plugin in each category.

Security:

Wordfence Security

URL Migration:

Velvet Blues Update URL’s

Caching:

WP Super-Cache

Custom Content:

Toolset Types

Form Builder:

Quform

Backup/Migration:

Duplicator

 

 

my wordpress rules

Never use “admin” as an administrators username.

Attackers scan the web for wordpress sites, when they find one, they brute-force it with username/password combinations. The most popular one being the default “admin” username. Change your default admin username to something that isn’t obvious.

Choose a very hard to guess password, no exceptions. 

The number one reason why WordPress sites get hacked is because passwords are guessed. Don’t keep users that you don’t need, make sure administrator roles are only applicable to those actually needing them.

Never install a plugin that is not trusted.

Malicious plugins are how attackers get their code inside your installation.

Always install Wordfence

Wordfence will tell you if any of your files have been compromised in any way, it has a firewall that automatically blocks bad visitors, allows you to whitelist/blacklist any ip you want and a whole lot more. This plugin has saved me countless hours in hack cleanups by preventing them in the first place.

Install WordPress in root if it’s going to be accessed from root

It was once a good idea to put your WordPress installation in a sub-folder then modify your servers configuration to mask the actual folder the wordpress installation lives in to serve the site from the root directory. This is no longer beneficial in any way whatsoever and only causes issues for os migrations, client confusion, etc.

Keep the experience simple, that is the point of WordPress.

If you are developing for yourself, do whatever you want, but if you’re developing a wordpress site for a client without extensive WordPress knowledge then you’re going to want to keep the post-production questions to a minimum. This means that the site’s pages should be really easy to understand and modify as necessary. No content whatsoever should be hard-coded in WordPress. A client should never have to resort to Appearance > File Editor to update the content on their site. There are ways to provide the client with an easy way to update any kind of content. Even if it’s a data table or layers in a map. Never hard-code content!

Know your permissions

All files in your wordpress installation should be 644, all your directories should be 755. If this isn’t the case, you can run the following commands from terminal while running as the same user that owns the files.

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;

Know your permissions

All files in your wordpress installation should be 644, all your directories should be 755. If this isn’t the case, you can run the following commands from terminal while running as the same user that owns the files.