Over the weekend, I received an email from a client who wanted help adding a new WordPress site to her hosting account. I know there are certain things I need to do each time, she wrote, but it seems like I always forget at least one or two of them!
If you’ve installed WordPress as many times as I have, these tips may seem like second nature. However, if it’s been awhile since you created a new WordPress site from scratch, or if you worry about skipping something important (like my client), this list will help jog your memory so your installation process goes smoothly.
1. Change the admin login and choose a good password.
Given the recent flood of attacks on WordPress sites, it’s essential that you take this basic step to protect your blog or website.
Many web hosts offer a 1-click WordPress installation and, depending on the script provided, you can usually change your WordPress login information right away. We provide Nuts and Bolts hosting customers with the Softaculous Apps Installer, which allows them to choose their own username and password and even tells them if the password isn’t strong enough:
If your host’s install script doesn’t allow you to choose your user name, it’s easy to change it once you’ve logged into WordPress for the first time. Simply navigate to Users > Add New in the dashboard, then create a user with a different name. (You’ll also have to use a different email address, but you can always change it later.) Be sure to use the dropdown box to make this new user an administrator.
Once the new user is created, log out and log back in with the new credentials you just created. Go to Users > All Users and delete the admin account, making sure you assign all posts to the new account. Now you can go to Users > Your Profile and change your email address on file, and your login is better protected.
2. Change the prefix for your database tables.
Again, this option should be offered as part of your WordPress installation script. By default, WordPress sets every table in your database to begin with wp_. Makes sense, right? Except would-be hackers know that WordPress uses that prefix, which could make it easier for them to gain access to your database.
If your host’s installation script offers the option, change your database prefix to something safe. Don’t use your own name or the name of your site! I usually recommend that clients use their house number and a pet’s name; no one would ever guess it, yet it’s something easy for the site’s owner to remember.
3. Set your permalinks and time zone.
The default permalinks for WordPress give you ugly URLs that aren’t SEO-friendly. You end up with things like http://domain.com/p=168 instead of something easier for readers and search engines to understand. As soon as you log into your dashboard, visit Settings > Permalinks and choose the setting that works best for you.
Similarly, it’s important to have your site run on the same time zone in which you live. That way your scheduled posts will publish when you want them to, and other system events will happen at the correct time.
4. Delete the demo content.
It’s very tempting to just edit the WordPress sample page or “Hello, World!” post and rename it. However, unless you’re very careful, you could end up with a post title of “My First Post” and a URL that says http://domain.com/hello-world/. This can be confusing for visitors as well as search engines! To be on the safe side, always delete the demo content and create new posts and pages.
5. Create a contact page.
While we’re talking about content, now is a great time to create a contact page so your visitors can get in touch with you. Even if your site is brand new, you’d be surprised how many people might have questions or feedback! It’s a good idea to include a form - I personally use Gravity Forms on all my sites, which I highly recommend, but there are a ton of free contact form plugins with fewer features if you aren’t ready to invest in a premium plugin yet.
6. Install an anti-spam plugin.
Even if you have published any posts yet, you’d be amazed how fast spambots will find your WordPress site. I have a demo site set up for a client right now, and even with search engines blocked, there were several spam comments within a few days. I am a big fan of the free Growmap Anti Spambot Plugin, which adds those “Check the box to prove you aren’t a spammer” areas to your comments section. Bots are able to fill in text fields, but they usually can’t check a box. Further, the plugin adds a fake, invisible field that only bots would see and try to fill out. Since I started using GASP, I only get a few spam comments a week on all my sites combined.
7. Install a security plugin.
No matter how new your WordPress site may be, anything you put on the internet is at risk of being hacked or infected with malware. Security plugins like Wordfence Security (free and my personal favorite!) will protect your site and alert you in the event of anything suspicious. Hackers don’t always look for big, important blogs to destroy; sometimes they target smaller sites because they tend to be easier to break into. Don’t let your hard work be ruined due to a lack of security!
8. Install WP Smush.it.
If you aren’t using WP Smush.it on your WordPress sites, you’re missing a golden opportunity to improve your page load times. WP Smush.it will compress all the images you upload to your media library - the size of the image on the screen won’t change, but the size of the file will be reduced. Once you install the plugin, your images will be “smushed” automatically when you upload them, helping your site load faster for visitors.
9. Set up site stats.
Whether you use Google Analytics, Jetpack, StatCounter, or any combination of stat programs/plugins, you’ll want to set up some way to find out who’s visiting your site. Sure, you might get a little addicted to viewing said stats (not that I would know), but you can also gain lots of valuable information about how people are finding you and what posts or pages they visit.
10. Set up social sharing options.
Who wants to write content if no one reads it?!?! Make it easy for your visitors to share your posts on social media sites like Twitter, Facebook, and Google+ by setting up some kind of social sharing capability. Popular plugins include Digg Digg, Jetpack’s sharing options, and Shareaholic (though I’m personally not a fan of Shareaholic because it can drag down load times). No matter how you choose to implement it, social sharing is key if you want to gain exposure for your WordPress site.
Bonus Tip: Create a Disclosures page.
As I detailed in a previous post, every website needs a Disclosures page. Even if you’re just writing blog posts with an audience of three people, the FTC requires any website (in the US at least) to disclose certain information to visitors. Google AdSense also requires a privacy policy. With recent updates to the FTC guidelines, it’s more important than ever to make sure your site is compliant.
There you have it - ten eleven easy tasks that will get you started with a brand new WordPress site! Have I left anything out? What do you change or set up every time you create a new WordPress website or blog?
Thanks for the Smush it Tip… I started bulk smushing just now!
Great tips. I never changed the database name. Is this something that can be changed after the fact?
Yes, you can do that after your site has already been set up. There’s the direct way, using phpMyAdmin (http://www.wpbeginner.com/wp-tutorials/how-to-change-the-wordpress-database-prefix-to-improve-security/) or there is a plugin called Change DB Prefix that will allow you to do it from your dashboard. Hope that helps!
Thank you