You heard about WordPress and how great it is for building just about any type of website. You picked a great theme to make your site look the way you want and installed a few plugins to make it do the things you need. Finally, you added your content and launched the site. All done, right?
Not so fast.
Give attention to the following essentials before you consider your WordPress site complete. They don’t take much time but are often overlooked.
Did You Do These Things?
- Secure Your Login
- Configure Backups
- Prepare for Updates
- Enable HTTPS/SSL
- Check Your Settings
- Prevent Comment Spam
- Welcome Search Engines
- Moved Your Site? Update Your URLs
- Switched Themes? Resize Your Images
1. Secure Your Login
Automation is being used all day and all night to guess passwords for millions of login forms on the Internet. This is called cracking. Accounts using simple passwords such as dictionary words are cracked first.
Use a different strong password for every online account you have. Google provides some handy tips. Solutions like 1Password and LastPass can help by generating and remembering a complex password for each of your accounts. All you have to do is memorize one master password.
Also install the Loginizer WordPress plugin (or if you’re using Jetpack, enable the Protect module). It is very effective at blocking automated password cracking attempts on your login form. Wordfence does the same thing (and more).
Be sure you have an SSL certificate installed as well to ensure your password cannot be snooped on when logging in.
2. Configure Backups
The importance of making regular backups cannot be overstated. You want to be able to restore a backup if ever the need arises. Here are some plugins that help.
- BackUpWordPress – A free backup plugin with good ratings.
- UpdraftPlus – Another highly rated free plugin with optional paid addons.
- VaultPress – We use this paid service for daily automatic backups.
- BackupBuddy – A very popular paid backup plugin from iThemes.
It never hurts to have two backups. Your web host may have a backup feature in their control panel. If it does not run automatically, mark your calendar to log in and periodically generate and download a backup of your entire website.
Recommended: Best Backup WordPress Plugins According to 21 Pros
3. Prepare for Updates
WordPress, theme and plugin updates include new features and bug fixes. Bug fixes are important and if they are related to security, they are essential. Always run the latest versions. It only takes a few clicks.
WordPress shows available updates on your dashboard and updates itself behind the scenes when security updates are available. Major releases and updates for themes and plugins require action on your part. You can install the WP Updates Notifier plugin to receive emails. Also mark your calendar to log in periodically to check for available updates.
4. Enable HTTPS/SSL
Every website should use an SSL certificate to enable https://. This causes all passwords, user data, payment details, form submissions and so on to be encrypted. It also keeps Google from penalizing your website in their search results and from warning users about your website in the Chrome browser. WordPress now recommends HTTPS for all sites.
More and more hosts are offering free, automatically installed SSL certificates. After installing a certificate, you will also need to setup some URL redirections and replacements. Read HTTPS for WordPress: Auto-enable SSL for Free for more on this topic.
See our Security Guide for more on the topic of securing your website.
5. Check Your Settings
Go to Settings > General and make sure the settings are as you want them. Most default settings are fine but you will want to be sure the Tagline and Timezone are appropriate.
Enable Pretty Permalinks
Your WordPress URL’s will look like one of the two below. The first is greatly preferred because it is more human (and search engine) friendly.
Go to Settings > Permalinks and choose anything but “Plain” (formerly called “Default”). A common choice is “Post name”. Nearly all web hosts support mod_rewrite which is required for “Pretty Permalinks”. Read Using Permalinks for more information.
6. Prevent Comment Spam
If you have comments enabled for any of your posts or pages, you can expect to receive spam submissions. I recommend this one-two punch for knocking spam out of your site.
- Go to Settings > Discussion and configure these options:
- Install the Antispam Bee plugin (use default configuration)
New comments will be checked for signs of being spam and either marked as spam or placed into a moderation queue. You will receive an email when a new comment requires moderation in order for you to confirm that it is not spam. After a user has had one comment approved, they’re considered trusted and will no longer require moderation.
Read How To Prevent Spam in WordPress for more information.
7. Welcome Search Engines
Go to Settings > Reading and look for Search Engine Visibility. Make sure “Discourage search engines from indexing this site” is not checked. It shouldn’t be, but better safe than sorry.
The search engine optimization plugin WordPress SEO by Yoast is worth installing even if you only use the default settings. WP Kube recently asked 40 experts what their favorite plugins are and this one came out on top. That’s saying a lot because there are about 30,000 WordPress plugins available.
8. Moved Your Site? Update Your URLs
Did you move your website from one location to another in order to set it live? Many people build a website on their computer or in a subdirectory like yourname.com/new then move it to yourname.com to go live.
WordPress stores full URL’s for things like links and images in content, menus, custom fields and so on. Check to see that they are not still pointing to your temporary site. If so, run the Velvet Blues Update URLs plugin (make a backup first). Currently this plugin does not update widgets so check those manually.
9. Switched Themes? Resize Your Images
Many themes use images sized specifically for their design. When an image is uploaded, WordPress generates a copy of it that is specially cropped and resized for the active theme. Images uploaded before switching to your current theme may not have the best sizes generated.
You can re-upload specific images or install the Regenerate Thumbnails plugin. After doing so, go to Tools > Regen. Thumbnails to resize all images in one shot.
That’s All Folks
Or is it?
Please post a comment with your thoughts on what every WordPress site owner should do before considering their work done.