15 Essential Settings and Optimization Tasks After Installing WordPress

Setting up WordPress for first time might be maximum 20 mins work but tweaking it up for better security and control may take hours. In this tutorial we will go over list of things you should perform after setting up WordPress for first time.

I’ve personally moved and installed blogs quite a few times. We have been providing Full WebSite Design Service for quite a some time now, more than 8 years. During this 8 years we have set up WordPress for more than 400 times. This tutorial contains those most tricks.

NOTE: based on requirements you may need some more tuning but below applies to all basic WordPress setups.

Below tutorial also works if you have below questions:

Top 10 Most Important Things To Do After Installing WordPress
Things You Should Do After Installing WordPress
Essential Settings after installing WordPress
What to do after installing wordpress
Essentials to do after you install WordPress
Next step after installing wordpress
The Very First Steps After a Fresh WordPress Install

Let’s get started:

Step-1 – update Permalinks

Go to WordPress Admin Panel
Click on Settings -> Permalinks

Click save changes.

Permalinks is a URL structure of your blog Posts. There are number of URL structures WordPress provides but I believe Post Name is widely used around the globe. Initial days people were saying about SEO advantages for Month and name structure but I personally don’t believe that. Once you click Save Changes, it will create .htaccess file under your site’s root folder.

If you use FileZilla to check file contents. Below a screenshot about .htaccess file under Slakify’s root directory.

In our case WordPress puts below entries into .htaccess file.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Step-2 Change Media Settings

Go to Settings -> Media page
Disable option for ==> Organize my uploads into month- and year-based folders
Set Width and Height to 0 if you think your theme is not going to use those image sizes

If you need new featured image size then you could add it to theme’s functions.php file. In my case I need 300x100 px size for featured image on home page.

Below code will do the tricks:

//* Add new featured image size
add_image_size( 'grid-featured', 300, 100, TRUE );

Step-3

Go to Settings -> General page and change your time zone. Default timezone may not be right.

Step-4

Clean up WordPress header. Put below into your theme’s function.php file to remove unnecessary headers being added to site header.

remove_action( 'wp_head', 'rsd_link' ) ;
remove_action( 'wp_head', 'wp_generator' ) ;
remove_action( 'wp_head', 'wlwmanifest_link' ) ;

Sample example:

<meta name="generator" content="WordPress 4.4" />

You don’t need this information in header as sometime hacker may search for this and attack only sites which are running older version of WordPress.

Step-5

Block unnecessary cron jobs. In my case I use Disqus and it performs unnecessary cron comment sync-job tasks. Add below to your site to prevent unnecessary cron jobs.

<IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteCond %{QUERY_STRING} !=""
 RewriteCond %{QUERY_STRING} !^s=.*
 RewriteCond %{QUERY_STRING} !^cx=.*
 RewriteCond %{REQUEST_URI} !^/wp-admin.*
 RewriteRule ^(.*)$ /$1? [R=301,L]
</IfModule>

If you want to learn more than follow this detailed tutorial which I wrote couple of weeks back.

Step-6

Add below line to .htaccess file.

Options All -Indexes

This will prevent people from browsing your site’s folder. Try visiting your site’s upload folder.

i.e. http://<your_blog>/wp-content/uploads/ and make sure none of the files are visible in browser.

Add below expiry headers to .htaccess file.

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>
## EXPIRES CACHING ##

Step-7

Change default admin username. Please change it to better and unpredictable username. Let’s not allow hackers to even guess username :).

Also, prevent all login errors by putting below to theme’s functions.php file.

function slakify_prevent_login_error(){
  return '';
}
add_filter( 'login_errors', 'slakify_prevent_login_error' );

Step-8

Add below to wp-config.php file.

define( 'WP_POST_REVISIONS', 1); // only allow 1 post revisions

define( 'AUTOSAVE_INTERVAL', 120 );  // set default save interval to 2 mins

Step-9

If you are using default WordPress comment then add below to functions.php file avoid displaying .html content.

Also, better stop loading admin bar.

add_filter( 'pre_comment_content', 'esc_html' );  // remove html from comemnt

add_filter('show_admin_bar', '__return_false'); // disable admin bar

Step-10

Disable Auto Embed Script for WordPress 4.4. Please follow this tutorial which I wrote couple of days back: http://on.slakify.com/1R6hEP1

Step-11

Stop loading emoji scripts. Please follow this tutorial which I wrote couple of days back: http://on.slakify.com/1R6hGqe

Step-12

Remove unnecessary themes and Plugins. It’s absolutely not required to keep old themes and plugins which are not in use. Simply delete from your admin panel.