Seven Ways To Break Any WordPress Website

wp-borken I’ve noticed that WordPress beginners have a tendency to avoid experimenting with their websites for fear that something might break.

That’s unfortunate, because trial and error is actually a pretty good way to learn how WordPress works. Plus just about anything you do in WordPress can easily be undone. It’s actually nearly impossible to break a WordPress site beyond repair.

If you’re really worried about breaking your WordPress website, there are a few things to avoid.

Here are seven sure fire ways to break any WordPress website. Some of these will break your site outright, while others increase the likelihood that your site gets hacked.

1. Avoid updating WordPress. Each WordPress update fixes critical bugs and address security vulnerabilities. Only install these updates if you want a secure and reliable website that works as expected. If you enjoy the thrill of running a website at risk of being hacked, be sure to avoid these updates.

2. Avoid updating plugins. Ditto from WordPress updates.

3. Install themes from a dodgy source. Not only is this a great way to ensure that your site gets hacked, it’s also a sure fire way to ruin your search engine rankings. The fact that spammers and hackers use free WordPress themes to infiltrate innocent WordPress sites has been well documented. By contrast, themes from the official WordPress Theme Directory are a terrible way to break your WordPress site. Every theme in the directory has been meticulously reviewed by the official WordPress Theme Review Team to ensure quality and security.

4. Install plugins that aren’t tested to work with your version of WordPress. You’ve heard that there are thousands of WordPress plugins that let you do all kinds of amazing things with your website. As it turns out, many of those plugins are quite old (literally ancient in WordPress years). Fortunately, the Plugin Directory lists information about WordPress version compatibility with every plugin. This information can be a real time saver when you’re trying to break your WordPress site. Just stick with plugins that aren’t compatible with your WordPress version and there’s a pretty good chance something will eventually go wrong.

5. Add random code to your theme’s functions.php file (especially if you have no idea what it is or how it works). functions.php is a magic file that lives in your theme folder. The code inside functions.php can do anything a plugin can do – it’s quite powerful and potentially very dangerous, if you don’t know what you’re doing. It’s easy enough to cut–and–paste code that you found on some blog to your functions.php file, but if you don’t have a firm understanding of PHP, you may be in for world trouble. Expect to encounter the dreaded “white screen of death” and be prepared to spend some time reading through your error logs to figure out what went wrong. If that doesn’t sound like a fun way to spend an afternoon, then just avoid adding code to your functions.php file.

6. Enable comments without turning on Akismet. I have seen new blogs buried under a mountain of spam in matter of days. Why? Because the site owner forgot to enable Akismet. It’s amazing how slow 109,000 comments advertising hair restoration pills can make your website.

7. Upload files to your website using regular FTP instead of secure FTP. By using regular FTP you increase the likelihood that hackers intercept your password and break into your website at some point in the future. This is actually quite common, to the point where many good web hosting companies no longer allow regular FTP connections. If you’re hosting your site with one of those conscientious web hosts that requires secure FTP, you’ll have to work a bit harder to get your website hacked.

Incidentally, there’s almost no reason to use FTP with WordPress anymore. Images, plugins, and themes are easily uploaded directly through the WordPress admin interface. But what fun is that when you’re trying to break your website?

Have I missed anything? What’s your favorite way to break a WordPress site?


4 thoughts on “Seven Ways To Break Any WordPress Website”

  1. I’d like to add one – wrong permission/chmod for ftp.

    Yup, I agreed with you. No need to use ftp anymore. We’re are living in 2013. FTP is just not reliable, Cpanel is much faster.

  2. Yep, that’ll do it. I should have probably made the list eight and added “breaking WP with bad settings.”

  3. Ditto on Mark’s comment. I’ve seen that settings site location issue before, which often prevents WP admin access altogether (FTP high-jack required).

Comments are closed.