I love WordPress so much that you’ll often find me making child themes with it, but we’ve also been together long enough that I can tell you it’s not perfect. There are some things that I wish WordPress would do right out of the box, but luckily there are some great plugins out there to help make it better.
So you’ve installed WordPress, now what?
Now that you’ve installed WordPress, it’s time to get serious and start making it awesome. This tutorial is designed to help people new to WordPress get over the first few hurdles after installing WordPress onto a new hosting company. If you’re not familiar with how to install WordPress, I’d recommend getting started with a simpler tutorial on installing WordPress.
Step one, make sure WordPress is secure by taking a few steps to secure WordPress.
Read (and implement) the article on Hardening WordPress. This is an article from the official WordPress repository and will cover most of the steps you’ll need to keep your WordPress website updated, and protected from the majority of basic attacks. Remember, no site is completely secure, but this post will help you protect against most attacks.
Protect your WP Config file
The most critical file (from a security perspective) on your website is named wp-config.php and is located in the root of your website folder. It’s likely the only file on your website that contains your database credentials (address, username, and password) so it’s vital that this file be as safe, or safer, than the rest of your website. We can protect it by doing a couple of things:
- first, let’s run the Protect WP-Config.php plugin plugin (or implement a similar solution) that’ll stop people from typing to load the file from web browsers;
- next, on many servers we can move the wp-config.php file out of our public_html directory and into a more secure location.
Hide your current WordPress version
By default, WordPress includes a special tag in the HTML of your website document which identifies WordPress and it’s version number to web browsers, as well as malicious hackers. Obviously it’s easier for hackers to attack your website if they know your version number, so instead let’s hide your current WordPress version.
Add better WordPress security
There’s a variety of plugins out there that’ll help boost your WordPress security, personally I use Better WordPress Security to change your admin account, test your users passwords, and monitor your traffic for potential hacking attempts. In addition, you should follow my tips for making WordPress more secure and How to Hack WordPress.
Protect your WordPress content
When you’re improving the security of your website, you should also consider adding protect from people who are trying to steal your content.
My frame buster plugin is designed to stop other people’s websites from loading your content into website frames and profiting off of them. While far less common in 2014 than before, it was at one point a common practise for less reputable sites to load banner ads and display the content of another website below them.
Another common practice that has gone out of style is that of bandwidth theft, or loading images from other domains. In years gone past websites would often load images from other domains to save on website hosting costs. The Hotlink Protection plugin was designed to cut down on the number of external sites loading images directly from your domain.
Improving the WordPress Experience
Once you’ve setup WordPress and taken the steps above to protect it, ensuring visitors can leave feedback is the next important step!
Improving WordPress Comments
At the heart of WordPress is the WordPress commenting system, allowing visitors to leave comments and offer support to your new posts. Most themes come with a great comment system already built in, but the free WordPress plugin JetPack can help even further by adding a powerful new way for users to connect to your blog with WordPress.com, Twitter, Google+, or Facebook accounts when leaving comments.
Another free plugin by Automattic that’ll help your personal blog is Akismet, the best anti-spam filter available for a WordPress blog. Akismet works by checking post comments against a rich set of tools, and searching for likely SPAM (unwanted commercial messages) comments. The plugin has a commercial version, as well as a free version for individuals.
Improving WordPress Feedback
Another powerful tool found in the Jetpack plugin, the contact form ties into Akismet to allow (nearly) SPAM free feedback directly from the web. The form can be included as a widget, within your theme, or inside a typical post.
Alternatively, if you’d like to remove comments from WordPress, it’s possible to remove the commenting system from the front end of WordPress altogether. This is particularly important if you’re running WordPress as a Content Management System (CMS) rather than a blogging platform.
Pingbacks and Trackbacks are a remnant of WordPress’s origins as a blogging platform, and often cause cconfusion for new bloggers, especially when deep linking for SEO purposes. A Pingback appears in WordPress as a comment, but it’s an automatted message sent from one post to another, to let you know when another blog has included a link to your story. If you spend a lot of time deep linking from post to post in your blog, you’ll definitely want to stop pinging your own blog posts with the help of a simple plugin.
Improving how the web sees WordPress
Setting up your Permalinks
A Permalink is the fancy name for your website address, and more specifcially the address of your posts and pages within WordPress. By default, the URL to your post will appear as http://thisismyurl.com/?p=34990 where 34990 is the unique identifier of a post but if we want it to appear as something more visually appealing, such as http://thisismyurl.com/installed-wordpress/ we can do that by setting up our Permalinks with the admin at Settings > Permalink.
While the options are fairly self explanatory, you’ll notice as you change your permalink structure the Custom Structure option will change to reflect your current selection. If you’d like to create a unique Permalink structure, you can follow the tips on the Using Permalinks guidelines.
Another Permalink plugins I love to use on my own sites, SEO slugs is a simple WordPress plugin that’ll remove common words such as a, an, the, and or from your WordPress slugs. To be honest I’m not sure that it helps with search engine optimization but it does shorten the length of your permalinks and focus their keyword value.
Setting your Site Title and Tagline
Buried in the General settings panel (Settings > General) for WordPress is an option to set the Site Title and Tagline. These two items are vital to your website’s success because they appear throughout most themes as titles, tags, and search engine optimized focus tags.
Relabel your Uncategorized category
When WordPress ships, the first category it creates is labeled Uncategorized, and it’ll automatically put your new posts into that category unless you specifically choose to place them in another category. One of my first steps when setting up a new WordPress blog is to simply change the name (and Permalink) of this category to something more generic such as News, Blog, or specific to the blog.
More Steps for WordPress
This post was created as an entry level guide to setting up a WordPress website, and more importantly what to do once you’ve installed the basic software but there are plenty more steps a blogger should take, and likely deserve posts of their own. For example:
- add a WordPress SEO plugin such as Yoast;
- add a caching script to ensure your website is safe from sudden traffic spikes;
- add a backup plugin if your security plugin isn’t already doing it for you;
- setup Google Webmaster Tools will help you track your website issues and suggest how to fix them;
- setup Google Analytics will help you see who’s visiting and provide you with website traffic data;
- use JetPack to auto post to Facebook, Twitter, LinkedIn and a variety of other social sites;
Did I miss anything? Let me know in the comments below.