Things You Should Never Do With WordPress

You know what’s crazy?

This next week, my little girl turns 16. How the hell did that happen? Soon she’s going to be getting her driver’s license.

It’s like you blink and then… that happened. Just crazy.

We’re heading to Orlando to do the theme park thing for a day for her birthday. And apparently I’ve been informed that several of her friends will be at our house on Friday night.

Wish me luck. 🤪

In the meantime, got a packed issue for you today. Also…

I just smacked the ‘Publish’ button on my review of hosting. I’ve got a video version coming shortly, but didn’t want to delay this newsletter for it.

Also, the new Digital Sovereignty workshop has been posted for ONEPass members. Updated version of the checklist for it coming soon and will be posted inside the workshop.

Have a great week… and let’s dive in….

Let Somebody Else Deal With The “Tech Stuff”

With WP Concierge, you no longer have to deal with the tech stuff. We’ll provide all the software, maintain it for you, and provide personal support along the way. All included… and you’ll be on a first name basis with your “web guy”

Things You Should Never Do With WordPress

WordPress is awesome. And with all the various kinds of plugins available for it, you can pretty much make it do almost anything you’d want.

But, that doesn’t make everything a good idea.

And in fact, there are a couple things I see people doing VERY OFTEN that really isn’t the best idea. They think it is a good idea, but it isn’t. And you may be a little surprised by this.

First up, there’s the matter of security.

People who don’t understand the in’s and out’s of WordPress very well can be easily scared into thinking that WordPress is just really prone to security issues. And we know the problems of bots, spammers, and more.

So, what do people do? They search for a plugin to solve it, of course. 🤓 And chief among them is WordFence.

Simply put, you should not be using WordPress security plugins like WordFence to solve your security concerns. In fact, using WordPress to try to defend itself is not a good idea at all. Tools like WordFence are notorious for slowing down (and often breaking) websites.

The problem is that by the time a tool like WordFence is defending your site, the problem has already gotten to your website! You’re making WordPress defend itself.

Instead, you want to keep the bad guys from getting to your site in the first place. WordPress shouldn’t have to deal with it.

How do you do that?

By using remote security options that sit out in front.

Two of the most popular options for this are Cloudflare and Sucuri. Both of them will prevent attacks at the DNS level so the bad guys never even get to WordPress.

For my Concierge clients, I employ the services of MalCare to protect my clients’ websites. This offloads this functionality do Malcare servers so that WordPress and the web host are not sitting there trying to bat away bots. There’s simply no need to run security plugins like WordFence.

Now, onto the second thing you really don’t need to be doing with WordPress…

This one may come as a shocker. But…


Yeah, I said it. If you’re doing things properly, you should not have to use a caching plugin on your WordPress site.

W3 Total Cache, Breeze, WP Rocket, WP Super Cache…. you shouldn’t need any of them.

All of these cache plugins produce static HTML files right on your server, then serves it out to visitors as a way to avoid having to re-process the PHP code every time. Thing is… for those static files to be delivered, it is still loading up the WordPress core to do it.

After all, if a caching plugin is a plugin, then that plugin isn’t loading unless WordPress is. Sure, it isn’t loading up all of it. That’s kind of the point. But, it is still hitting WordPress and hitting your server.

Now, you can remove the load off of WordPress using server-level caching. Some hosts have that. Others don’t. Or…

You can offload it entirely.

By distributing your cache globally using a content delivery network such as Cloudflare, your site can be served globally as quickly as possible. And most of that static traffic doesn’t even need to hit your server at all.

This is one of the big reasons I now host my sites with Rocket.Net… and why I now host my Concierge client sites on Rocket as well.

See, Rocket not only provides incredibly powerful servers, but they have a direct pipeline and integration with Cloudflare Enterprise. My client sites are served mostly via Cloudflare, with all the bells and whistles of Cloudflare Enterprise (which usually costs thousands of dollars, I might add).

With this kind of hosting, there is simply no need for a caching plugin.

We still use object caching when needed, but that’s an entirely different kind of caching.

So, those are 2 things you really should NOT be doing with WordPress itself.

Security and Caching.

You CAN do that with WordPress, but that doesn’t make it the best method.

Now You Can Embed Content From X (Again)

Speaking for me personally, I get way more value out of X (formerly Twitter) than any other social network. And things have definitely been shifting there now that Elon owns it.

I know full well that Elon garners a lot of different reactions. And frankly, a lot of them are the result of propaganda from the media now because Elon doesn’t tow the proper line anymore. But, whether you like him or not, X is on the move. It is evolving like a startup again. And I’m excited to see where things lead.

I upgraded my account at X to their Premium+. Why not, right? For one, I’m all for helping X not be reliant on advertisers. Secondly, it hides all the ads so I don’t even see them anymore. But with long-form content and videos now becoming more popular on X, being able to utilize that stuff off-site is absolutely paramount.

Embedding content was shut down for awhile unless you had API access. But, they’ve just launched X Publish.

Using Publish, you can now embed videos, posts, buttons or even your timeline from X right on your website.

Now when you create those posts or threads on X, you can put them on your website, too.

BTW, have you tried out Grok?

Grok is the new ChatGPT alternative that is now part of X and available to all Premium+ members. For being such an early product, it is actually quite good! Plus, it has an attitude. Much like it’s founder. 🤪

WordPress Quick Bits…

Spencer Forman interviews Syed Balkhi. If you’re not aware, Syed is the CEO of Awesome Motive. They’re one of the biggest companies in the WordPress space. And frankly, they’ve got a reputation among some for some of the annoying marketing tactics and outright domineering market practices. Awesome Motive are the people who acquired Thrive Themes and, as far as I’m concerned, they’re killing it. The irony of it, tho, is that Syed is actually a nice dude. I’ve hung out with him on many occasions, actually. He’s a good guy, but… he does play hardball when it comes to business. And Spencer did a great interview with him and didn’t shy away from asking him some of the tough questions. Check out the interview here.

WP Awards Results. The WP Weekly does an annual survey where people can vote on their favorite tools, plugins and themes in various categories. And, the results are in. Top 5 vote-getters were:

  • ACF Pro (love this one)
  • The Admin Bar (great community on Facebook for WordPress pros)
  • WordFence (great security plugins, but as I said up above, you shouldn’t use it)
  • RankMath SEO (this is my favorite SEO plugins right now)
  • Elementor (solid page builder, but I’d much prefer using Kadence myself)

FluentCRM won the vote for marketing automation plugins. As it should. Check out the full results here.

Kadence AI is now in it’s pre-release phase. This will use the power of AI to help you get a massive jumpstart with designs and content on sites being built with Kadence Theme. Check out the video here.

Kinsta gets a new (ugly) design. Kinsta is a pretty good web hosting company. Some things I don’t like about them, but overall… pretty good. But, their new design is… ugly. Bunch of red pills all over it? I don’t get it. Do you?

Make sure to update Elementor. If you use the Elementor page builder, make sure you are using the latest version. Last week, a big security flaw was found in Elementor and it has been patched now.

Make sure you’re on WordPress 6.4.2. Similarly, there was a fairly large security hole plugged in WordPress core. Many sites were auto-updated already. But, if your’s didn’t, make sure to check that you’re running 6.4.2.