Contents
Initial WordPress Configuration: Recommended Settings After Installation
Setting up WordPress correctly from the very beginning is crucial for performance, security, SEO, and long-term maintenance. This extensive guide will walk you through each critical area in the Settings menu and beyond, offering best practices and reliable references to help you configure your site like a pro.
1. General Settings
- Site Title Tagline: Use a concise title and a tagline that accurately reflects your brand. Avoid generic phrases like “Just another WordPress site.”
- WordPress Address (URL) Site Address (URL): Ensure both URLs are set to either https:// or http:// consistently. For SSL, see official docs.
- Email Address: Use a business email or one from your domain (e.g.,
admin@yourdomain.com) to improve deliverability and branding. - Membership New User Default Role:
- Uncheck “Anyone can register” unless you run a membership site.
- Set default role to Subscriber to limit access.
- Timezone, Date Time Format: Match your target audience’s locale. Consider ISO date format (
YYYY-MM-DD) for clarity.
2. Writing Settings
- Default Post Category: Change from “Uncategorized” to a more meaningful default to maintain taxonomy hygiene.
- Default Post Format: Keep it simple (Standard) unless your theme leverages formats (e.g., Video, Gallery).
- Remote Publishing: Disable XML-RPC if not in use. It’s a common vector for attacks (XML-RPC Security).
3. Reading Settings
- Your homepage displays:
- Your latest posts for blogs.
- A static page for business or portfolio sites (create separate “Home” and “Blog” pages).
- Blog pages show at most: 10–12 posts to balance performance and user engagement.
- Syndication feeds show the most recent: 10 items. Set “For each post in a feed, include” to Summary to prevent content scraping and encourage site visits.
- Search Engine Visibility: Uncheck “Discourage search engines from indexing this site” once you’re ready to go live.
4. Discussion Settings
- Default article settings: Disable automatic pingbacks and trackbacks to reduce SPAM.
- Other comment settings:
- Comment author must fill out name and email.
- Users must be registered and logged in to comment (optional for community sites).
- Close comments on articles older than X days to limit new spam.
- Comment Moderation Blacklist:
- Hold for moderation if comment contains more than 2 links.
- Add common spamwords and IPs to the blacklist.
- Before a comment appears: Enable “Comment must be manually approved” on high-traffic sites otherwise, allow if author has at least one approved comment.
5. Media Settings
- Image sizes: Customize the thumbnail, medium, and large sizes according to your theme’s design requirements. For example:
Size Width Height Crop Thumbnail 150 150 Yes Medium 300 300 No Large 1024 1024 No - Organize my uploads into month- and year-based folders: Leave enabled unless you have a custom file-management workflow.
6. Permalinks
- Common Settings: Select Post name for SEO-friendly URLs. Avoid default and date-based structures unless you run a news site.
- Optional: Use custom structure
/blog/%postname%/if you have both a blog and static pages with overlapping slugs. - Redirection .htaccess: Ensure WordPress can write to your
.htaccessor update it manually:# BEGIN WordPress ltIfModule mod_rewrite.cgt RewriteEngine On RewriteBase / RewriteRule ^index.php - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] lt/IfModulegt # END WordPress
7. Privacy Settings
Create and assign a Privacy Policy page based on WordPress privacy guidance. Include:
- What data you collect (comments, forms, analytics).
- How you store and protect data.
- Third-party integrations (plugins, CDNs).
- User rights (GDPR, CCPA).
8. User Accounts Capabilities
- Administrator Accounts: Limit to 1–2 users. Grant Editor role to content staff.
- Strong Passwords: Enforce via plugin or Password Policy Manager.
- Two-Factor Authentication (2FA): Use reliable plugins like Google Authenticator or Two Factor.
9. Essential Plugins Themes
- Security: Wordfence, Sucuri, or iThemes Security.
- Backup: UpdraftPlus, BlogVault, or VaultPress.
- Performance Caching: WP Super Cache, W3 Total Cache, or WP Rocket.
- SEO: Yoast SEO or Rank Math.
- Analytics: Google Site Kit or MonsterInsights.
- Image Optimization: Smush or ShortPixel.
10. Security Hardening
- Change default login URL with a plugin like WPS Hide Login.
- Disable file editing via
define(DISALLOW_FILE_EDIT, true)inwp-config.php. - Limit login attempts or use a firewall (Cloudflare, Sucuri WAF).
- Keep WordPress core, themes, and plugins up to date.
11. Performance Caching
- Enable GZIP compression on your server or via caching plugin.
- Leverage browser caching and minify assets (CSS/JS).
- Use a CDN (Cloudflare, StackPath) for global distribution.
- Optimize your database periodically with WP-Optimize or similar.
12. Backup Strategy
- Schedule automatic backups at least once daily for content-heavy sites.
- Store backups off-site: Amazon S3, Google Drive, Dropbox.
- Test restores periodically to ensure data integrity.
13. SEO Analytics Integration
- XML sitemap: Generated by SEO plugin or WordPress core (5.5 ).
- Robots.txt: Ensure it allows indexing of critical assets and disallows sensitive directories.
- Google Analytics: Connect via Site Kit or hardcode tracking snippet in
header.php. - Search Console Bing Webmaster: Verify ownership and submit sitemaps.
14. Final Checklist
- All core, theme, and plugin updates applied.
- Permalinks structure optimized.
- Security measures in place (2FA, firewall, IP blocking).
- Performance tuning complete (caching, CDN, minification).
- Backup schedule active and tested.
- Privacy policy and cookie notice published.
- SEO analytics fully integrated.
Conclusion
By following these recommendations immediately after installation, youll ensure your WordPress site is secure, fast, SEO-friendly, and maintainable. Regularly revisit these settings as your site grows and new WordPress versions or best practices emerge. Happy publishing!
|
|
Acepto donaciones de BAT's mediante el navegador Brave 🙂 |