Setting up WordPress for first time might be maximum 20 mins work but tweaking it up for better security and control may take hours. In this tutorial we will go over list of things you should perform after setting up WordPress for first time.
I’ve personally moved and installed blogs quite a few times. We have been providing Full WebSite Design Service for quite a some time now, more than 8 years. During this 8 years we have set up WordPress for more than 400 times. This tutorial contains those most tricks.
NOTE:
based on requirements you may need some more tuning but below applies to all basic WordPress setups.
Below tutorial also works if you have below questions:
- Top 10 Most Important Things To Do After Installing WordPress
- Things You Should Do After Installing WordPress
- Essential Settings after installing WordPress
- What to do after installing wordpress
- Essentials to do after you install WordPress
- Next step after installing wordpress
- The Very First Steps After a Fresh WordPress Install
Let’s get started:
Step-1 – update Permalinks
- Go to WordPress Admin Panel
- Click on
Settings
->Permalinks
- Click
save changes
.
Permalinks is a URL structure of your blog Posts. There are number of URL structures WordPress provides but I believe Post Name
is widely used around the globe. Initial days people were saying about SEO advantages for Month and name
structure but I personally don’t believe that. Once you click Save Changes
, it will create .htaccess
file under your site’s root folder.
If you use FileZilla
to check file contents. Below a screenshot about .htaccess
file under Slakify’s root directory
.
In our case WordPress puts below entries into .htaccess
file.
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress
Step-2 Change Media Settings
- Go to Settings -> Media page
- Disable option for ==> Organize my uploads into month- and year-based folders
- Set
Width
andHeight
to 0 if you think your theme is not going to use those image sizes
If you need new featured image size then you could add it to theme’s functions.php
file. In my case I need 300x100 px
size for featured image on home page.
Below code will do the tricks:
//* Add new featured image size add_image_size( 'grid-featured', 300, 100, TRUE );
Step-3
Go to Settings
-> General
page and change your time zone. Default timezone may not be right.
Step-4
Clean up WordPress header. Put below into your theme’s function.php
file to remove unnecessary headers being added to site header.
remove_action( 'wp_head', 'rsd_link' ) ; remove_action( 'wp_head', 'wp_generator' ) ; remove_action( 'wp_head', 'wlwmanifest_link' ) ;
Sample example:
<meta name="generator" content="WordPress 4.4" />
You don’t need this information in header as sometime hacker may search for this and attack only sites which are running older version of WordPress.
Step-5
Block unnecessary cron jobs
. In my case I use Disqus and it performs unnecessary cron comment sync-job tasks. Add below to your site to prevent unnecessary cron jobs
.
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{QUERY_STRING} !="" RewriteCond %{QUERY_STRING} !^s=.* RewriteCond %{QUERY_STRING} !^cx=.* RewriteCond %{REQUEST_URI} !^/wp-admin.* RewriteRule ^(.*)$ /$1? [R=301,L] </IfModule>
If you want to learn more than follow this detailed tutorial which I wrote couple of weeks back.
Step-6
Add below line to .htaccess file.
Options All -Indexes
This will prevent people from browsing your site’s folder. Try visiting your site’s upload folder.
i.e. http://<your_blog>/wp-content/uploads/
and make sure none of the files are visible in browser.
Add below expiry headers to .htaccess file.
## EXPIRES CACHING ## <IfModule mod_expires.c> ExpiresActive On ExpiresByType image/jpg "access 1 year" ExpiresByType image/jpeg "access 1 year" ExpiresByType image/gif "access 1 year" ExpiresByType image/png "access 1 year" ExpiresByType text/css "access 1 month" ExpiresByType text/html "access 1 month" ExpiresByType application/pdf "access 1 month" ExpiresByType text/x-javascript "access 1 month" ExpiresByType application/x-shockwave-flash "access 1 month" ExpiresByType image/x-icon "access 1 year" ExpiresDefault "access 1 month" </IfModule> ## EXPIRES CACHING ##
Step-7
Change default admin
username. Please change it to better and unpredictable username. Let’s not allow hackers to even guess username :).
Also, prevent all login errors by putting below to theme’s functions.php file.
function slakify_prevent_login_error(){ return ''; } add_filter( 'login_errors', 'slakify_prevent_login_error' );
Step-8
Add below to wp-config.php
file.
define( 'WP_POST_REVISIONS', 1); // only allow 1 post revisions define( 'AUTOSAVE_INTERVAL', 120 ); // set default save interval to 2 mins
Step-9
If you are using default WordPress comment then add below to functions.php
file avoid displaying .html content.
Also, better stop loading admin bar.
add_filter( 'pre_comment_content', 'esc_html' ); // remove html from comemnt add_filter('show_admin_bar', '__return_false'); // disable admin bar
Step-10
Disable Auto Embed Script
for WordPress 4.4. Please follow this tutorial which I wrote couple of days back: http://on.slakify.com/1R6hEP1
Step-11
Stop loading emoji scripts
. Please follow this tutorial which I wrote couple of days back: http://on.slakify.com/1R6hGqe
Step-12
Remove unnecessary themes
and Plugins. It’s absolutely not required to keep old themes and plugins which are not in use. Simply delete from your admin panel.
Step-13
Add essential WordPress Plugins. Please stay tuned for detailed post. I’ll publish it sometime today evening.
Step-14
Add your own Google’s custom search and don’t use WordPress’s default search option.
Step-15
Setup below 3 Google Services which I use on daily basis:
- Google Feedburner
- Google Search Console
- Google Analytics
I’ll publish more detailed tutorial on how to setup each 3 in coming days.
The post 15 Essential Settings and Optimization Tasks After Installing WordPress appeared first on Slakify.
Author: App Shah