September 22, 2019

I’ve Installed WordPress, Now What?

7 Essential Things to Do After Installing WordPress

You’ve finally made it to the WordPress Dashboard. Now you’re probably wondering – what happens next? In this tutorial, We’ll talk about seven important things you need to do after installing WordPress, to optimize the performance and also improve the security of your website & blog.

1. Prevent People from Browsing Your Folders

Hackers are always on the lookout for vulnerabilities in websites and directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access.

To disable directory browsing all you need to do is add the following line to your  .htaccess file located in the root directory of your website.

Options -Indexes

2. Disable Login Hints in WordPress Login Page

By default, WordPress shows error messages when someone types a non-existent username or an incorrect password on the login page. These error messages can be used as a hint to guess a username, user email address, or password. fortunately, we can disable the login warnings by adding this snippet to the functions.php file found in your WordPress themes folder.

function no_wordpress_errors(){
  return 'GET OFF MY YARD !! RIGHT NOW !!';
}
add_filter( 'login_errors', 'no_wordpress_errors' );

3. Remove unnecessary meta tags from WordPress header

By default, WordPress leaves its footprint on your Website. But sometimes this might be a security risk for your Website, especially the WP Generator header tag which gives away the current version of your WordPress site which is not something that you want to reveal.

<meta name="generator" content="WordPress 4.6" />

Luckily removing these elements is very easy. All you need to do is open your theme’s functions.php file and add this snippet.

  remove_action( 'wp_head', 'wp_generator' ) ; 
  remove_action( 'wp_head', 'wlwmanifest_link' ) ;
  remove_action( 'wp_head', 'rsd_link' ) ;

4. Change the Permalink Structure

We highly recommend not to use the default Permalink structure of WordPress since it is bad for SEO. Go to Settings inside your WordPress dashboard and change your WordPress Permalink structure to something like:

 /%post_id%/%postname%

5. Disallow Indexing of WordPress scripts

Optimize search engines’ crawl resources by telling them not to waste time on various PHP files or pages of your WordPress installation you don’t want to be indexed. This helps ensure that search engines focus on crawling the pages that you care about the most. Open the robots.txt located in the root directory of your website and add these lines to block the bots from indexing the backend stuff of WordPress.

User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /feed/
Disallow: */feed/

6. Delete Unused Themes & WordPress plugins

Security is the main reason you should remove old themes and plugins. From a security standpoint, a malicious individual might discover an exploit that leverages those unused themes and plugins, Thus deactivate and delete the stuff that you no longer need.

7. Disallowing File Editing in the WordPress Dashboard

With an urge to secure the WordPress website, I always seek the possible ways to find a vulnerability and remove it. Not to mention one missing semicolon can take down your WordPress site, add this line to your wp-config.php file:

define( 'DISALLOW_FILE_EDIT', true );

This list is a work in progress. Help us make it better by sharing your experience. We will be happy to review and add any suggestions you may have!

Naffys Mir

I'm Naffys Mir, Programming Geek and Founder of CodersStuff.com. Coders Stuff is a Blog Packed with Loads of High-quality Programming Tutorials and a Ton of Engaging Advice and Insight into Front and Back End Technologies.

View all posts

5 comments

Your email address will not be published. Required fields are marked *