I go to the school of hard knocks.  Part of the reason is the pace of change in technology is so dizzying that formal education often won’t offer much as it is outdated by the time it’s become packaged and sold.  So here are some WordPress development lessons I learned the hard way, so you don’t have to!

Always back up your WordPress installs.  This can be accomplished by a plugin like BackWPUp.  Also make sure to have it do off site backups, perhaps to your Dropbox.  The reason this has become more important is malware attacks have become more rampant.  One insecure plugin or theme and your whole site could be a goner.  Also backing up the content using Tools > Export is a good way to keep the site’s content in case something happens to the entire install.

One site per server.  If you are hosting multiple sites, make sure each WordPress install is on a separate server instance (for example each one has its own cPanel).  A lot of hosts offer multi site plans and you should take advantage of these.  This way if one of your sites gets infected the infection won’t cascade to the others.

The Less WordPress plugins the better.  Every plugin can turn into an engine for malware at any moment.  The less of them you have the less likely your site will be compromised.  The ones you do have should be updated regularly.  WordPress auto updates but plugins do not.  Also be on the lookout for plugins that haven’t been updated in a while.  Googling the plugin name sometimes will give you information.

Make sure your theme is up to date.  Themes can spread malware as well.  This is particularly true with older versions of popular themes as those are the most likely worth the effort to make an exploit for.

These tips might take a little work but could be a life saver.