I’m a big WordPress user, with the vast majority of my websites running the popular CMS. The one group of sites I had on a different system were my eCommerce sites, which were all running on Shopify, but these are changing to WordPress as well as I’m currently moving over to Woocommerce, which means a switch to WordPress for these sites as well.
Before we go any deeper, I’m talking about WordPress.org here. The self-hosted version you install on your servers, not WordPress.com, the blogging platform version.
Why WordPress? For me, at least, that’s an easy question to answer. Flexibility and Community. Flexibility because I like things the way I like them and anything I use needs to help me get this done, and community to provide the answers to things I don’t know how to do. Come up against any issue with a WordPress site, and chances are someone has coded a plugin to solve that particular problem, or there’s a walkthrough online detailing the precise steps you need to take to get to the solution.
One of the ongoing arguments against the use of WordPress has to do with security. Search online, and you’ll find a wealth of information pointing to the security issues with the platform. I’ve deployed hundreds of WordPress sites and only ever fallen victim to a hacker once, and that was down to me not updating a plugin that had a vulnerability.
Yes, WordPress sites leave a considerable footprint during installation, and Yes, you do need to keep everything up to date to be safe. Beyond that, basic common sense prevails. If you use Admin as your username and password, please don’t complain about WordPress having security exploits!
That ties in rather nicely with the topic of this article. Make sure your WordPress install is up to date. That means the core of the CMS, your plugins, and your site theme.
I’m not a great believer in themes as such, preferring to use a framework such as Genesis, for example, which I can customize the functionality I want for any of my sites. Think of your framework as the foundation of your website. You add a child theme to that for the look and feel.
The WordPress Codex defines a child theme as a theme that “inherits the functionality and styling of another theme, called the parent theme.”
Think of your WordPress site as a shiny new sports car. WordPress core is your engine. Your framework (or parent theme) is the body, and your child theme is the paint job.
Using a child theme in your WordPress site means you can make changes to the style without having to change anything in the framework. Take a site header, for example. Your particular layout might call for pages with different header styles than the rest of your site or even for pages with no header at all. If you are customizing directly onto the parent theme, any updates will break your custom styling, as any files you modify will revert to their defaults after the update.
Forgoing updates opens you up to broken sites and even hacks, so if the parent theme has an update, you don’t want to ignore it. Themes and plugins can have updates for a variety of reasons. Retaining compatibility with the latest version of WordPress core is one. Fixing vulnerabilities is another. The critical point here is: keep up to date.
Do I need a Child Theme?
If you plan to edit any of the following then Yes, you need a child theme:
- Theme CSS stylesheet
- Theme PHP templates
- Theme PHP files
Edit any theme assets (images for example)
If you make edits to the parent theme files and then update the theme, your changes will, in all likelihood, disappear.
Make the same changes on a child theme and update the parent theme; your edits will still be there.
Child themes are also referred to as Vanilla themes, meaning, for all intents and purposes, a blank canvas. Your child theme inherits the functionality of the parent theme, but any customizations won’t be affected by theme updates. You can update the engine, and the body, and your paint job will still be there.
Now there are ways to make CSS changes, for example, that don’t involve editing theme files at all. That usually means installing another plugin. While it gets the job done and safeguards you from update issues, it does add that little bit of extra load to your site with the accompanying page speed impact. I try to avoid additional plugins wherever possible, so for me, at least, that’s not the route I take.
The manual method involves creating two files on your hosting. The first is the style.css file; the second is the functions.php file. Both entirely straightforward to do and a search on Google for “how to create a child theme” will give you all the steps you need to follow.
The process is far too simple to overlook and makes for a much more secure WordPress install since you won’t be skipping any updates and also makes managing your site far more straightforward.
Next time you deploy a WordPress site, plan to use a child theme. I guarantee you’ll never go back to editing parent themes again!