20 Critical Problems Your WordPress Website Probably Has Right Now

by | Last updated Nov 5, 2022

These are the most common and dire problems that I find on existing client websites that I work on for the first time. Check your website for these issues today, or contact a web developer to do a site audit!

1. Your site is not getting backed up regularly

Many non-web developers (and web “designers”) often forget about setting up a backup strategy after their sites have launched. This is like walking a tightrope with no net. After investing thousands of dollars, a hack, server failure, or admin error could bring your site down for days, if not permanently if you have no backups.

I like to set up at least two backup methods: one automated (at the server level if possible), and one manual, which I do using a plugin.

2. Your backups were never verified

Backups are no good if you can’t restore the site from them. Whenever I work on a new site, I make a backup and bring it up on my local computer to confirm the integrity of the backup archive files. You don’t want to find out that your backups are flawed during an emergency.

3. Your site’s plugins / theme are grossly out of date

When I start looking at a new site that’s been around for a while, it’s not uncommon to find that the plugins and theme haven’t been updated for years. This is one of the most common ways sites get hacked.

4. Your PHP software is out of date

PHP is the server-side language that WordPress is written in. Most non-web developers don’t know anything about PHP, but it needs to be updated every year or two for security reasons. If left un-updated for long enough, things will start to break when you update your plugins and theme.

Actually updating your server is easy; often it’s a button in your hosting control panel. The harder part is testing and fixing issues that come up due to version incompatibilities.

5. Your Page sizes are huge due to unnecessarily large images files

Oh boy, I see this SO often. The user has uploaded 5MB photos straight from their camera or phone. The landing page struggles to load due to the bloat. A simple site uses multiple gigabytes of server space.

I manually resize photos before I upload them. For clients, I install a plugin that automatically shrinks down large photos.

If you switch themes, you should regenerate thumbnails so that they are properly sized for the theme; otherwise, the theme might grab the huge un-resized versions.

6. Transactional email not getting sent or delivered reliably

Another super common mistake is not testing a site’s contact form regularly. I commonly find email broken on sites… meaning: no contact form submissions have been received, sometimes for years. The whole purpose of the site has been defeated!!

The most reliable way to send transactional email from a website is to use an SMTP plugin to send email using a real email account (Microsoft, Google, or another third party). Here’s how to set up transactional emailing using a Microsoft or Google mail account.

7. Your Contact form email addresses are out of date

Another common problem I find is that the contact form submissions are being sent to someone who left the organization years ago. Another reason for regular testing of your website’s forms!

8. Your site violates web accessibility laws

This is the case for the vast majority of websites out there, and can lead to lawsuits and legal nightmares. The problem is real: trolls are targeting sites (real estate sites at the moment) that don’t meet legal accessibility standards and shaking them down for money.

Check out my web accessibility checklist for more information about this.

9. Your site violates online privacy laws

Does your site display a privacy policy? Is it up to date? Is your site compliant with privacy laws in California and Europe? When I look at sites, many times, the answer to these questions is “no”.

See more information about website privacy here.

10. Your web server is hosting video instead of using a third-party service

Similar to large images, sometimes folks plop a 50MB video file above the fold in their site’s landing page and wonder why it takes forever to load (especially on mobile).

You should upload our videos to a third party like YouTube or Vimeo, and let them stream the video from their servers, not yours.

11. Your site has layout or functional problems on mobile

Despite the mantra of “mobile first”, so many folks (including web designers) seem to only test their sites on desktop. Most sites get the majority of their traffic from mobile devices.

I often find broken functionality or layout problems when testing sites on mobile.

12. You don’t have control over your site’s domain name

This can have catastrophic results, and I’ve seen it more than a few times. Someone in your organization purchased your domain name years ago using their login and credit card. They’re long gone now and no one has access or knows anything about the domain name. One day, the site just disappears and you’ve lost the domain unless you go through a long and painful process to prove that you really do own it.

If your organization has left your domain name ownership in the hands of a third party like your marketing agency… well, here’s what I have to say about that.

13. You don’t have control over your site’s web hosting account

Same deal as the previous item, but for your web hosting.

14. One WordPress login is shared between all users

This is pretty common. All of your employees use the same login to get into website. This includes ex-employees who no longer work there! Imagine what damage a disgruntled employee who was fired could do to your site!

Give each user thier OWN login, and DELETE it when they leave! Do NOT share one login for everyone!

15. Your password / username are weak

Building on the previous issue, I still see “admin” as the username often, with an insanely weak password that could be guessed in a few tries. You know what to do.

16. Your database is bloated and hasn’t been optimized recently (or ever)

Sometimes I come across an older but simple, non-e-commerce site where the database is multiple GB in size due to out-of-control log entries or other reason. This slows down the site and makes backups tedious. There are plugins that will optimize your database, but make a backup first!

17. Your site/server has no security software installed

Sometimes I come across a site that has no security plugin or server software installed and by some miracle is not hacked yet (often times they are already hacked).

Security software is not a substitute for keeping your plugins, theme, and server updated, but it is a weapon in your battle against hackers.

18. Your site is using unlicensed images or fonts

I used to see this all of the time: whoever made your site just copied images from the first Google search they did. I know someone who did this and got a threatening letter for Getty Images and ended up paying almost $2000 to make the problem go away.

There are lots of sources of legal free stock images. Or, you can pay a little for better-quality images. Do not just copy any images you like on the web!

Ditto all of this for fonts. Just because you own the font on your desktop computer does not mean you have a license to use it on a website. Most of the time, they are different licenses requiring separate payment. More on web fonts.

19. Your site is missing SSL

If you don’t see the lock icon in the browser after your site loads (or if the web address begins with “http” instead of “https”), it means your site doesn’t have SSL (secure socket layer) security. Often, this is a pretty easy fix if you have access to the server. If you are GoDaddy, however, you’ll have to pay for the SSL certificate.

20. You haven’t set up analytics / GA 4

Wait, why is this a “critical” issue? Let’s say your boss wants to know the ROI of the website and asks you for the traffic over the last year. If you didn’t have an analytics service already installed on the site, you’re out of luck. Installing analytics now only gets you data starting from today; you can’t get it from the past.

Even if you were diligent and installed Google Analytics, the bad news is that it is going away in July 2023, to be replaced by Google Analytics 4. Now is the time to install GA4 so that you have some data going back in time because your old Google Analytics data will eventually go away.


I hope this list has raised some red flags and prompted you to at least look into some of these issues. Some are easy to do, like testing your contact form today. Some will require research, such as tracking down who actually owns your organization’s domain name. But, you’ll be glad you got these issues squared away now before they become disasters.

Please leave your questions or comments below! – Brian


Subscribe to My Posts

Leave a Comment or Question

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments


What You Need to Know About Privacy Laws and Your Website

What You Need to Know About Privacy Laws and Your Website

There has been an avalanche of legislation in the United States and Europe regarding online privacy since the rise of the Internet. Today, publishing anything on the web requires familiarity and compliance with privacy laws to avoid the possibility of legal action or...

What You Need to Know About Using Contact Forms on your Website

What You Need to Know About Using Contact Forms on your Website

A contact form is a common feature of many business websites. After all, you want to make it as easy as possible for your visitors to get in touch with you to purchase your goods or services. However, contact forms have several important pitfalls that you may not know...

What You Need to Know About Using Fonts on Your Website

What You Need to Know About Using Fonts on Your Website

Often designers will hand me a website design that uses custom fonts (i.e., not the free ones available online). And just as often, they and the client are unaware of the costs and implications of using these fonts on the web. Web Font Licensing Costs Unfortunately,...

How to Set Up Your Domain Name, Custom Email, and Web Hosting

How to Set Up Your Domain Name, Custom Email, and Web Hosting

Sometimes I get a client who is starting from scratch and needs to get a domain name, branded email accounts, and web hosting (or sometimes they have the domain name already). Here's my process to get that all set up, along with some tips and tricks. Note, the order...

Why I Use the WordPress Divi Theme

Why I Use the WordPress Divi Theme

If you ask a WordPress developer what their favorite builder theme is, you'll get a very opinionated answer, kind of like asking a photographer what brand of camera is best, or a gamer what console is best. The truth is, there are a lot of great themes out there. Many...

My Website Accessibility Checklist

My Website Accessibility Checklist

Before I begin, let me stress that I am not a lawyer and this article is for informational purposes only. It is not legal advice! Per United States and European law, odds are that your website needs to be designed so that folks with various types of physical or...

Why You Should Own Your Own Domain Name and Web Hosting Accounts

Why You Should Own Your Own Domain Name and Web Hosting Accounts

I always tell my clients to set up their own domain name and web hosting accounts and pay for with their own credit card. I do not provide hosting. Here's why I think you should not let your web developer, agency, or any third party own your web and domain name...

My Website Project Kickoff Questionnaire

My Website Project Kickoff Questionnaire

These are some questions I think about before starting a new website project. It's a great checklist to go through before starting to help you scope out your project. 1. Audience and Purpose Who is the target audience of the website? What is the site tagline, in...

Pin It on Pinterest