Skip to main content

security risk as they can contain vulnerabilities that can be easily exploited. By keeping your plugins and themes up to date, you can ensure that your website is secure from any potential threats.

WordPress website design and developmentWhat do you do after installing WordPress? Don’t get me wrong, I love WordPress so much that you’ll often find me making child themes with it, but we’ve also been together long enough that I can tell you it’s not perfect.

There are some things that I wish WordPress would do right out of the box, but luckily there are some great plugins out there to help make it better.

After installing WordPress, where do you start?

After you’ve finished installing WordPress, it’s time to get serious and start making it awesome. This tutorial is designed to help people new to WordPress get over the first few hurdles after installing WordPress onto a new hosting company. If you’re not familiar with how to install WordPress, I’d recommend getting started with a simpler tutorial on installing WordPress.

Securing WordPress

Step one, make sure WordPress is secure by taking a few steps to secure WordPress.

Read (and implement) the article on Hardening WordPress. This is an article from the official WordPress repository and will cover most of the steps you’ll need to keep your WordPress website updated, and protected from the majority of basic attacks. Remember, no site is completely secure, but this post will help you protect against most attacks.

Protect your WP-Config file

The most critical file (from a security perspective) on your website is named wp-config.php and is located in the root of your website folder. It’s likely the only file on your website that contains your database credentials (address, username, and password) so it’s vital that this file be as safe, or safer than the rest of your website. We can protect it by doing a couple of things:

  • first, let’s run the Protect WP-Config.php plugin (or implement a similar solution) that’ll stop people from typing to load the file from web browsers;
  • next, on many servers, we can move the wp-config.php file out of our public_html directory and into a more secure location.

Hide your current WordPress version

By default, WordPress includes a special tag in the HTML of your website document which identifies WordPress and it’s version number of web browsers, as well as malicious hackers. Obviously, it’s easier for hackers to attack your website if they know your version number, so instead let’s hide your current WordPress version.

Add better WordPress security

Privacy SettingsThere’s a variety of plugins out there that’ll help boost your WordPress security, personally, I use Better WordPress Security to change your admin account, test your user’s passwords, and monitor your traffic for potential hacking attempts. In addition, you should follow my tips for making WordPress more secure and How to Hack WordPress.

Protect your WordPress content

When you’re improving the security of your website, you should also consider adding protect from people who are trying to steal your content.

My old frame buster plugin is designed to stop other people’s websites from loading your content into website frames and profiting off of them. While far less common in 2014 than before, it was at one point a common practice for less reputable sites to load banner ads and display the content of another website below them.

Another common practice that has gone out of style is that of bandwidth theft or loading images from other domains. In years gone past websites would often load images from other domains to save on website hosting costs. The Hotlink Protection plugin was designed to cut down on the number of external sites loading images directly your website domain name.

Improving the WordPress Experience

Once you’ve set up WordPress and taken the steps above to protect it, ensuring visitors can leave feedback is the next important step!

Improving WordPress Comments

At the heart of WordPress is the WordPress commenting system, allowing visitors to leave comments and offer support to your new posts. Most themes come with a great comment system already built in, but the free WordPress plugin JetPack can help even further by adding a powerful new way for users to connect to your blog with, Twitter, Google+, or Facebook accounts when leaving comments.

Another free plugin by Automattic that’ll help your personal blog is Akismet, the best anti-spam filter available for a WordPress blog. Akismet works by checking post comments against a rich set of tools and searching for likely SPAM (unwanted commercial messages) comments. The plugin has a commercial version, as well as a free version for individuals.

Improving WordPress Feedback

Jetpack feedback formAnother powerful tool found in the Jetpack plugin, the contact form ties into Akismet to allow (nearly) SPAM free feedback directly from the web. The form can be included as a widget, within your theme, or inside a typical post.

Alternatively, if you’d like to remove comments from WordPress, it’s possible to remove the commenting system from the front end of WordPress altogether. This is particularly important if you’re running WordPress as a Content Management System (CMS) rather than a blogging platform.

Pingbacks and Trackbacks are a remnant of WordPress’s origins as a blogging platform, and often cause confusion for new bloggers, especially when deep linking for SEO purposes. Pingback appears in WordPress as a comment, but it’s an automated message sent from one post to another, to let you know when another blog has included a link to your story. If you spend a lot of time deep linking from post to post in your blog, you’ll definitely want to stop pinging your own blog posts with the help of a simple plugin.

Improving How the Web Sees WordPress

Setting up your Permalinks

After installing WordPress, don't forget your permalinks
After installing WordPress, don’t forget your Permalinks! They’re going to help improve your SEO power.

A Permalink is a fancy name for your website address, and more specifically the address of your posts and pages within WordPress. By default, the URL to your post will appear as where 34990 is the unique identifier of a post but if we want it to appear as something more visually appealing, such as we can do that by setting up our Permalinks with the admin at Settings > Permalink.

While the options are fairly self-explanatory, you’ll notice as you change your permalink structure the Custom Structure option will change to reflect your current selection. If you’d like to create a unique Permalink structure, you can follow the tips on the Using Permalinks guidelines.

Another Permalink plugins I love to use on my own sites, SEO slugs is a simple WordPress plugin that’ll remove common words such as a, an, the, and or from your WordPress slugs. To be honest I’m not sure that it helps with search engine optimization but it does shorten the length of your permalinks and focus their keyword value.

Setting your Site Title and Tagline

Setting Your Site NameBuried in the General settings panel (Settings > General) for WordPress is an option to set the Site Title and Tagline. These two items are vital to your website’s success because they appear throughout most themes as titles, tags, and search engine optimized focus tags.

Ensure You’re Connected to Google

Take the time to add your website to Search Console so that you can keep track of how Google is indexing your website, and what improvements you should be making to get links from other websites.

Relabel Your Uncategorized Category

UncategorizedWhen WordPress ships, the first category it creates is labeled Uncategorized, and it’ll automatically put your new posts into that category unless you specifically choose to place them in another category. One of my first steps when setting up a new WordPress blog is to simply change the name (and Permalink) of this category to something more generic such as News, Blog, or specific to the blog.

More Steps for WordPress

This post was created as an entry-level guide to setting up a WordPress website, and more importantly what to do once you’ve installed the basic software but there are plenty more steps a blogger should take, and likely deserve posts of their own. For example:

Did I miss anything? Let me know in the comments below.

How to set up a blog

One of the most common questions I get asked here on the site is a relatively simple one, how do you set up a blog?

First, let’s establish what a blog is and what it isn’t.

A blog is a running editorial, while it has a start date (the day you put it online) there is no end date. It’s not like sending a flyer to a printer, it’s more like a newsletter where you continuously update the content and newer posts (usually) appear at the top.

A blog gives you the ability to allow users to comment on your posts, but it is not a forum which allows general users to start conversations. Generally, a blog is written from the perspective of a group of authors on a specific subject and read/responded to by the general public.

Excellent examples of blog usage would be for couples getting married who want to share their details with family and friends, travelers who are posting updates as they find accessible computers or companies who are sharing information about their events. More formal uses of blogs can be found in daily newspapers, online magazines and even support websites which post commonly asked questions and receive comments from users.

Blogging removes the need for complex software solutions and rarely requires more than a basic knowledge of computer use. Unlike publishing a website, blogs almost always feature a rich content editor similar to Word or other popular desktop publish packages.

To operate a blog of your own, you’ll need to set up some fairly basic web technology.

  • You’ll need a domain name (this is your address on the web)
  • You’ll need a web host (this is where your files are stored on the web)
  • You’ll need to install a blogging package (this is what allows you to run a blog)

Luckily, to accomplish all these tasks there’s a wonderful, simple solution called BlueHost which offers a turnkey blogging solution for new businesses. Their introductory package offers free domain name registration as well as one-year hosting and free installation of WordPress, the world’s most popular blogging package for just $6.95 per month.

When you’re ready, get started with your blog today!

How to run a website with WordPress

WordPress is a blogging package, right? Well if you think that you’re absolutely right but only partially. WordPress, which is most likely the worlds most popular blogging package is also a great piece of software to power small business websites.

In all of these cases as well as many, many others WordPress was used to create and manage complex websites which skyrocketed to the top of Google’s Search Engine Results Pages because they used WordPress as a powerful content management tool, making the website much easier to manage and therefore a better tool for busy marketing staff.

How do you use WordPress to run a website?

Actually, that’s the best part of WordPress. Once you’ve signed up for a great hosting package such as Bluehost’s $6.95 per month solution, you can install WordPress by simply clicking their one-step installation process and voila! Your website is set up with the world’s most powerful blogging package instantly.

So then, how do you use WordPress to run a website? Once you’ve installed WordPress you’ll need to make changes to a few key files, called template files. These template files are what control how your website looks to visitors. Here’s what you need to know:

  • The header.php file is what appears on all pages at the top of your page
  • The footer.php file is what appears on all pages at the bottom of your website
  • functions.php is where you store common PHP code to call if from all pages, most often you can ignore this
  • index.php is the heart and soul of your website, technically you can remove all the other .php files and format just this page to make every page on your website look the same.
  • pages.php is used to format content edited in the Pages tab of the WordPress control panel
  • single.php is used to format content edited in the Posts tab, by separating these two you can format pages (such as About Us or Contact Us) to look different than content pages (such as a press release or CEO blog)
  • categories.php is used to format pages which list posts, archives.php is similar but for tags
  • search.php is used to format the results of a search

Once you’ve changed the look and feel of your website, you can use the built-in WordPress editor to allow different members of your team to post content to the website, add marketing or press releases and even adjust prices!