Have you installed WordPress? Installing a WordPress is not at all a concern and One can do it in a minutes. But What’s Next after? Are you Going to leave your WordPress default Settings as it is? Here at ThemePacific We’ll answer all these questions.  You have to change the default settings to get the best of out of WordPress. By changing and Tweaking the WordPress, You can get the best Performance and best protection.

Here’s a list of suggestions, Tips and Tweaks to improve your WordPress Blog Security and Productivity.

Things to Do in WordPress Dashboard

1. Delete the Default WP Admin Account

By default WordPress Creates ‘Admin’ as a username for your Blog. So hacker can easily guess your username and try to get your password. To avoid this, Create user with any other name and give Administrator privileges to that account.

Logout and login using your new Administrator Account. Delete your old Admin Account and before that assign all posts of the account to other users. Now you have the extra WordPress Protection.

2. Change the Permalink Structure

WordPress default permalink structure is like forum style. Also, It is not good for SEO. Since the URL doesn’t have any readable words. So change it to Pretty permalink structure.

Go to Settings ->Permalinks ->Common Settings. There you can select any predefined permalink structure. Also you can use Custom Structure like at ThemePacific. Most of the Blogs use vice versa of our structure like post id and name.


3. Activate Akismet

Akismet comes with WordPress which eliminates comment and Trackback spams without your interaction. To activate that, you need API key from Akismet It is free you can get it from Akismet.com/get.

Go to Akismet Configuration and enter API key to activate it.

4. Upload Your WordPress Theme

To Change the default WordPress theme, Install your WordPress theme for your site. You can get high quality Free Magazine WordPress Themes from ThemePacific. Also you can get free Themes from WordPress itself.

5. Delete Unused WordPress Theme and Plugins

After you have installed your WordPress theme and Plugins, Delete all unused Themes and Plugins. It will improve your WordPress Performance as well as reduce the server load.

Things to Do in WordPress Functions.php

6. Remove WordPress Meta Information from header (wp_head)

By Default WordPress generate some meta information in HTML Head section like WordPress Version, RSD Links and Windows Live Writer link. No one needed that information except hackers. Why should you left that code in Header?

Remove it by adding the following code in the Functions.php

remove_action( 'wp_head', 'wp_generator' ) ;
remove_action( 'wp_head', 'rsd_link' ) ; 
remove_action( 'wp_head', 'wlwmanifest_link' ) ; 

7. Remove Extra Feed links from header (wp_head)

WordPress Generates many feed links in the head section like Main feed, Comment Feed, Single Post feed, category feed and Archive feed. Search engines also uses this links to find new content from your site. So you can remove those extra feeds with out removing main feed.

remove_action( 'wp_head', 'feed_links', 2 ); 
remove_action( 'wp_head', 'feed_links_extra', 3 );

8. Change or Hide the WordPress login errors

If you type a Wrong password or Wrong username when you login to the WordPress dashboard, You will get a detailed errors like Your username is wrong and this password does match match this username. You may think it helps you. But it helps hackers too.

To fix this, create your custom login errors,

function themepacific_login_errors(){
return 'Nice Try!! Go Away!!';
add_filter( 'login_errors', 'themepacific_login_errors' );

Things To Do in WordPress Core files and .HTACCESS

8. Stop Users Accessing your WordPress Folder Structure

Users can access your WordPress folders like Opening the folders in your Computer. It exposes the files in your site directly to users. You should prevent them to access your WordPress Folders. For example : example.com/wp-content/uploads/ will open the Folder of Uploads with all files in your browsers.

To fix this, you have two ways one looks simple but if you haven’t done correctly, your site will be broken. Open the .htacess in the WordPress root and add the following code. Before editing that file, Backup that to avoid any damages to your site.

Options All -Indexes

The second one also easy, you have to create an empty index.php file and put that in wp-content subfolders where ever you want.

9. Disable Post Revision

By turning off the Post revision, you can save your Database memory. Revision is the record of each changes you have made to the blog posts. So if something gone wrong in the Original post, you can revert to the old version of that post. If WordPress creates many revisions, your database size increases. Because each revision is stored like a post in DB.

To Turn off the Revision,  Edit the wp-config.php (Open it from the Root folder) and add the below code.

define( 'WP_POST_REVISIONS', false);

 10. Prevent Google Indexing the WP Core Files and Scripts

Google and other search engines can easily crawl and index your WordPress theme files and scripts. It might reduce your page rank and SEO value. To fix this, Create or Open robots.txt file from root of the WordPress and add the following code

User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/themes/
Disallow: /wp-content/plugins/

That’s it for now. We are planning to add some more tips in this post to make your WordPress Happier. If you know any tweaks like above, share with us in comments. Thanks.