Things to do after installing WordPress

wordpress secure installation

11 essential tips for a secure and enhanced WordPress site

1. Secure your Wordpress site from malicious attacks

WordPress has become the most popular web CMS. It is used on 1/4 of all websites, and attracts much attention from hackers.

Make sure you have a security plugin installed. Although WordPress is secure, there are several vulnerabilities that are a consequence of not updating WP version, plugins vulnerability, and weak passwords.

iThemes Security is one of the most used WordPress security plugins. It covers the most known ways that a hacker will try to access your website and guides you towards a safe installation. Also, it makes regular backups of your database. Check out the plugin and complete features at plugins directory.

We recommend full site backups also. Consider one of the following free plugins: BackUpWordPress or WordPress Backup to Dropbox.

2. Generate authentication keys

WordPress security keys are use to enhance the encryption of the information in user's cookies. These make it harder to crack your password. If you are running a self-hosted WordPress site/blog, you'll need to add the keys yourself. Get your unique Secret Key and change your wp-config.php file. You'll see something like this:

wp unique keys

Take your generated unique key and replace lines 45 all the way to 52 and save the file.

3. Protect your wp-config file

The wp-config.php file holds all the confidential details of your site. Therefore, it’s of great importance that you protect it. A secure way to do it is to place the following code in your .htaccess file on your server.

<files wp-config.php>

order allow,deny

deny from all


4. Disable HTML in WordPress comments

Your website lives from its readers feedback/comments, and disabling comments is not an option? The fact is that you will find yourself cleaning up some undesired comments containing links to other pages.

A quick way to disallow the use of HTML tags on WordPress comment box completely is by adding to your functions.php file the following line:

adding add_filter( 'pre_comment_content', 'esc_html' );

Bear in mind that this does not get you rid of spam, to that effect you should use a plugin like Akismet, WP-SpamShield Anti-Spam or WordPress Zero Spam among others.

5. Globally disable comments

To globally disable comments you simply use the Disable Comments plugin. You'll be able to disable comments on any post type. Very practical, yet don't use it if you want to disable the comments on individual posts selectively.

6. Change the Permalink Structure

In your WordPress Admin Panel go to Settings > Permalinks and change your permalink, set it to Post name. The Default option is not Search Engine friendly though it is selected since it will work globally on servers that support PHP. 
Make sure your server is setup properly before activating post name URLs 

7. Install a WordPress SEO plugin

WordPress SEO by Yoast is rated one of the best plugins for optimizing your website. Go ahead, install it! Follow the tips given by the plugin developers . Having the plugin installed will not do much for you if you don't do a proper setup and invest some time on optimizing your pages/posts.

8. Improve content delivery speed

Excessive loading times can narrow your traffic, drop your Google search rank and decrease your website’s overall potential. There are multiple factors that contribute to web pages performance, and Caching is one of them. Several cache plugins are available for WordPress, some better than others - so, be careful which you use or you'll end up with unexpected results.

We would recommend you to use Gator Cache, as it is easy to setup and shouldn't give you a headache. 

9. Gain knowledge of your audience

Google Analytics by Yoast is a very comprehensive plugin that lets you quickly add Google Analytics to your WordPress site/blog. Install it and perform the complete configuration. Collecting and analyzing valuable information about your audience is key to your site's success. 

10. Add a contact form 

Contact Form 7 plugin is used to manage multiple contact forms. It is a simple and flexible option to earn some leads.

11. Remove default content

When you install WordPress, you get some dummy content that should be removed. Remove the "Hello World" pages/posts plus the Hello Dolly plugin.

The result will be a secure WordPress installation with a set of essential plugins.

Hélder Mendes

Hélder Mendes

Les flere artikler fra Hélder Mendes.

Head of Frontkoms office in Madeira. Frontend developer and designer.