WordPress Basics
WordPress powers over 40% of all websites. This guide covers everything a beginner needs to get started — without the overwhelm.
WordPress.com vs WordPress.org — The Big Difference
This is the most common point of confusion for WordPress beginners. They sound the same but they're completely different products.
The free, open-source software you download and install on your own hosting server. You have full control — any theme, any plugin, any code change. This is what most professionals mean when they say "WordPress". You need to buy your own hosting (from £3/month) and manage your own updates and security.
A hosting service run by Automattic where WordPress is managed for you. Free plan available but heavily limited — Automattic ads shown, no custom plugins, limited themes, and WordPress branding in your URL. Paid plans remove some restrictions but remain more constrained than self-hosted.
For any serious website — a business, portfolio, or blog you want to control fully — use WordPress.org with your own hosting. It's the version this guide covers.
Dashboard Overview
After installing WordPress and logging in, you'll see the admin dashboard at yoursite.com/wp-admin. The left sidebar is your main navigation. Here's what each section does:
- Posts — Create and manage blog posts (date-based content)
- Pages — Create and manage static pages (About, Contact, Services)
- Media — Your image and file library — upload, organise, and manage files
- Comments — Manage visitor comments on posts
- Appearance — Themes, menus, widgets, and the customiser
- Plugins — Install, activate, deactivate, and delete plugins
- Users — Add and manage user accounts and roles
- Settings — Site title, URL structure (permalinks), reading settings, and more
Pages vs Posts
Pages are static, timeless content — About, Contact, Services, Privacy Policy. They don't have an author or publish date displayed, aren't part of a feed, and aren't organised by category or tag. Use pages for content that's always relevant and doesn't change often.
Posts are time-based entries — blog articles, news updates, case studies. They appear in reverse chronological order in your blog feed, can be categorised and tagged, and usually show publish date and author. Use posts for regularly updated content.
A common mistake: creating a "Blog" page and wondering why it's empty. You need to go to Settings → Reading and set a specific page as your "Posts page" — then WordPress will automatically populate it with your latest posts.
Themes
A WordPress theme controls your site's visual design — colours, fonts, layout structure, and component styles. You can install new themes from Appearance → Themes → Add New, or upload a .zip file of a purchased theme.
For beginners, start with a block-based theme (compatible with the Gutenberg block editor) or a page builder theme like Astra or GeneratePress. These are lightweight, fast, and highly customisable without code.
Plugins
Plugins extend WordPress with new functionality. There are over 60,000 free plugins in the WordPress.org directory. They're installed from Plugins → Add New. A plugin can add contact forms, SEO tools, e-commerce, caching, security monitoring, or almost anything else.
The rule: install only what you need. Every plugin adds weight to your site and a potential security or compatibility risk. Too many plugins also slows your admin dashboard. Aim to keep active plugins to 10–15 maximum. And always keep them updated — outdated plugins are the most common cause of WordPress hacks.
10 Essential Plugins Every WordPress Site Should Have
Adds meta title and description fields to every post and page, generates your sitemap.xml automatically, analyses content for SEO best practices, and handles technical SEO setup like canonical tags and robots meta. Yoast SEO is the most established; Rank Math offers more features for free. Install one — not both.
WordPress generates pages dynamically from a database on every visit. Caching plugins save a static version of each page so it loads much faster for returning visitors. This is essential for site speed. WP Super Cache is simpler; W3 Total Cache offers more control. If you're on Cloudflare, their caching can replace this.
Automatically backs up your entire site (files + database) on a schedule and stores backups offsite in Dropbox, Google Drive, or Amazon S3. Backups save you from disasters — a bad plugin update, a hack, or a hosting failure. The free version covers everything most sites need. Set it up on day one.
A security firewall and malware scanner that protects against brute force attacks, malicious file uploads, and known vulnerabilities. It also emails you if your WordPress version or plugins are outdated. The free version is genuinely effective. Don't run a WordPress site without some form of security plugin.
Simple drag-and-drop contact form builder. WPForms Lite is more beginner-friendly; Contact Form 7 is free and highly flexible but requires more configuration. Both handle form submissions, spam filtering, and email notifications. Your theme may not include a contact form, so you'll need a plugin.
Automatically compresses images when you upload them and can bulk-optimise existing ones. Unoptimised images are the single biggest cause of slow WordPress sites. Smush is the most popular free option; ShortPixel offers higher compression quality with a generous free monthly quota.
Automatically filters spam comments using a massive community database of known spam patterns. If you have comments enabled, this is essential — without it, your comment queue fills with hundreds of spam messages within days. Comes pre-installed with WordPress. Just activate it and add a free API key.
Manages 301 redirects when you change a page's URL or delete content. Without redirects, old URLs return 404 errors — losing any SEO value they had. Redirection also logs 404 errors on your site so you can identify and fix broken links. Set up a redirect every time you change a URL.
Create sortable, searchable data tables inside posts and pages without any coding. If your site ever needs pricing tables, comparison charts, or structured data, TablePress makes this easy. It uses shortcodes to embed tables anywhere in your content.
If you prefer the old-style WordPress editor over the modern Gutenberg block editor, this plugin restores it. Useful for sites that rely on plugins built for the classic editor, or for clients who find Gutenberg confusing. Not needed if you're comfortable with blocks.
Common Beginner Mistakes
- Not setting up backups on day one. A corrupted database or hacked site with no backup means starting from scratch. UpdraftPlus takes five minutes to configure.
- Using the "Plain" permalink structure. Always change to "Post name" under Settings → Permalinks before publishing anything.
- Installing too many plugins. Every new plugin adds risk and weight. Be ruthless — if you're not using it, delete it (not just deactivate).
- Not keeping WordPress, themes, and plugins updated. Outdated software is the main attack vector for WordPress hacks. Update weekly at minimum.
- Using a weak admin password. WordPress admin accounts are targeted constantly by brute force attacks. Use a strong, unique password and consider two-factor authentication.
- Editing the theme directly. Theme updates overwrite direct edits. Use child themes or the Custom CSS option in the customiser.
- Choosing a bloated theme. Many popular themes include dozens of features you'll never use. A lighter theme like Astra or GeneratePress performs significantly better.
- Not testing on mobile. Your WordPress theme may look fine on desktop but break on a phone. Check every layout on a real device before going live.