1. Secure your Wordpress site from malicious attacks
WordPress has become the most popular web CMS. It is used on 1/4 of all websites, and attracts much attention from hackers.
Make sure you have a security plugin installed. Although WordPress is secure, there are several vulnerabilities that are a consequence of not updating WP version, plugins vulnerability, and weak passwords.
iThemes Security is one of the most used WordPress security plugins. It covers the most known ways that a hacker will try to access your website and guides you towards a safe installation. Also, it makes regular backups of your database. Check out the plugin and complete features at wordpress.org plugins directory.
2. Generate authentication keys
WordPress security keys are use to enhance the encryption of the information in user's cookies. These make it harder to crack your password. If you are running a self-hosted WordPress site/blog, you'll need to add the keys yourself. Get your unique Secret Key and change your wp-config.php file. You'll see something like this:
Take your generated unique key and replace lines 45 all the way to 52 and save the file.
3. Protect your wp-config file
The wp-config.php file holds all the confidential details of your site. Therefore, it’s of great importance that you protect it. A secure way to do it is to place the following code in your .htaccess file on your server.
<files wp-config.php> order allow,deny deny from all </files>
4. Disable HTML in WordPress comments
Your website lives from its readers feedback/comments, and disabling comments is not an option? The fact is that you will find yourself cleaning up some undesired comments containing links to other pages.
A quick way to disallow the use of HTML tags on WordPress comment box completely is by adding to your functions.php file the following line:
adding add_filter( 'pre_comment_content', 'esc_html' );
Bear in mind that this does not get you rid of spam, to that effect you should use a plugin like Akismet, WP-SpamShield Anti-Spam or WordPress Zero Spam among others.
5. Globally disable comments
To globally disable comments you simply use the Disable Comments plugin. You'll be able to disable comments on any post type. Very practical, yet don't use it if you want to disable the comments on individual posts selectively.
6. Change the Permalink Structure
In your WordPress Admin Panel go to Settings > Permalinks and change your permalink, set it to Post name. The Default option is not Search Engine friendly though it is selected since it will work globally on servers that support PHP.
Make sure your server is setup properly before activating post name URLs
7. Install a WordPress SEO plugin
WordPress SEO by Yoast is rated one of the best plugins for optimizing your website. Go ahead, install it! Follow the tips given by the plugin developers . Having the plugin installed will not do much for you if you don't do a proper setup and invest some time on optimizing your pages/posts.
8. Improve content delivery speed
Excessive loading times can narrow your traffic, drop your Google search rank and decrease your website’s overall potential. There are multiple factors that contribute to web pages performance, and Caching is one of them. Several cache plugins are available for WordPress, some better than others - so, be careful which you use or you'll end up with unexpected results.
We would recommend you to use Gator Cache, as it is easy to setup and shouldn't give you a headache.
9. Gain knowledge of your audience
Google Analytics by Yoast is a very comprehensive plugin that lets you quickly add Google Analytics to your WordPress site/blog. Install it and perform the complete configuration. Collecting and analyzing valuable information about your audience is key to your site's success.
10. Add a contact form
Contact Form 7 plugin is used to manage multiple contact forms. It is a simple and flexible option to earn some leads.
11. Remove default content
When you install WordPress, you get some dummy content that should be removed. Remove the "Hello World" pages/posts plus the Hello Dolly plugin.
The result will be a secure WordPress installation with a set of essential plugins.