Have you installed WordPress? Installing a WordPress is not at all a concern and One can do it in a minutes. But What’s Next after? Are you Going to leave your WordPress default Settings as it is? Here at ThemePacific We’ll answer all these questions. You have to change the default settings to get the best of out of WordPress. By changing and Tweaking the WordPress, You can get the best Performance and best protection.
Here’s a list of suggestions, Tips and Tweaks to improve your WordPress Blog Security and Productivity.
Things to Do in WordPress Dashboard
1. Delete the Default WP Admin Account
By default WordPress Creates ‘Admin’ as a username for your Blog. So hacker can easily guess your username and try to get your password. To avoid this, Create user with any other name and give Administrator privileges to that account.
Logout and login using your new Administrator Account. Delete your old Admin Account and before that assign all posts of the account to other users. Now you have the extra WordPress Protection.
2. Change the Permalink Structure
WordPress default permalink structure is like forum style. Also, It is not good for SEO. Since the URL doesn’t have any readable words. So change it to Pretty permalink structure.
Go to Settings ->Permalinks ->Common Settings. There you can select any predefined permalink structure. Also you can use Custom Structure like at ThemePacific. Most of the Blogs use vice versa of our structure like post id and name.
/%postname%/%post_id%/
3. Activate Akismet
Akismet comes with WordPress which eliminates comment and Trackback spams without your interaction. To activate that, you need API key from Akismet It is free you can get it from Akismet.com/get.
Go to Akismet Configuration and enter API key to activate it.
4. Upload Your WordPress Theme
To Change the default WordPress theme, Install your WordPress theme for your site. You can get high quality Free Magazine WordPress Themes from ThemePacific. Also you can get free Themes from WordPress itself.
5. Delete Unused WordPress Theme and Plugins
After you have installed your WordPress theme and Plugins, Delete all unused Themes and Plugins. It will improve your WordPress Performance as well as reduce the server load.
Things to Do in WordPress Functions.php
6. Remove WordPress Meta Information from header (wp_head)
By Default WordPress generate some meta information in HTML Head section like WordPress Version, RSD Links and Windows Live Writer link. No one needed that information except hackers. Why should you left that code in Header?
Remove it by adding the following code in the Functions.php
remove_action( 'wp_head', 'wp_generator' ) ;
remove_action( 'wp_head', 'rsd_link' ) ;
remove_action( 'wp_head', 'wlwmanifest_link' ) ;
7. Remove Extra Feed links from header (wp_head)
WordPress Generates many feed links in the head section like Main feed, Comment Feed, Single Post feed, category feed and Archive feed. Search engines also uses this links to find new content from your site. So you can remove those extra feeds with out removing main feed.
remove_action( 'wp_head', 'feed_links', 2 );
remove_action( 'wp_head', 'feed_links_extra', 3 );
8. Change or Hide the WordPress login errors
If you type a Wrong password or Wrong username when you login to the WordPress dashboard, You will get a detailed errors like Your username is wrong and this password does match match this username. You may think it helps you. But it helps hackers too.
To fix this, create your custom login errors,
function themepacific_login_errors(){
return 'Nice Try!! Go Away!!';
}
add_filter( 'login_errors', 'themepacific_login_errors' );
Things To Do in WordPress Core files and .HTACCESS
8. Stop Users Accessing your WordPress Folder Structure
Users can access your WordPress folders like Opening the folders in your Computer. It exposes the files in your site directly to users. You should prevent them to access your WordPress Folders. For example : example.com/wp-content/uploads/ will open the Folder of Uploads with all files in your browsers.
To fix this, you have two ways one looks simple but if you haven’t done correctly, your site will be broken. Open the .htacess in the WordPress root and add the following code. Before editing that file, Backup that to avoid any damages to your site.
Options All -Indexes
The second one also easy, you have to create an empty index.php file and put that in wp-content subfolders where ever you want.
9. Disable Post Revision
By turning off the Post revision, you can save your Database memory. Revision is the record of each changes you have made to the blog posts. So if something gone wrong in the Original post, you can revert to the old version of that post. If WordPress creates many revisions, your database size increases. Because each revision is stored like a post in DB.
To Turn off the Revision, Edit the wp-config.php (Open it from the Root folder) and add the below code.
define( 'WP_POST_REVISIONS', false);
10. Prevent Google Indexing the WP Core Files and Scripts
Google and other search engines can easily crawl and index your WordPress theme files and scripts. It might reduce your page rank and SEO value. To fix this, Create or Open robots.txt file from root of the WordPress and add the following code
User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/themes/
Disallow: /wp-content/plugins/
That’s it for now. We are planning to add some more tips in this post to make your WordPress Happier. If you know any tweaks like above, share with us in comments. Thanks.
Nice article very well written but can you tell me is it essenstial to add various other ping list to the wordpress or keep it as it is.
Hi, thank you for the awesome article. I followed all these steps on my blog.
I usually start with changing permalink structure and making it SEO friendly, Uploading the theme then disabling unused plugins. Disabling some plugins can help your site run faster. I also like editing the footer to remove the “powered by wordpress” stuff.
Every one thinks after installing WordPress, you are done with it. But you should need to make some changes to make it up to date.
Thank you for adding more knowledge to me, especially Prevent Google Indexing the WP Core Files and Scripts