If you are a brand new WordPress beginner and don’t have any experience working with other websites you probably don’t know how the web works. If you are among them, don’t worry! within the next two to three minutes, you will understand some of the core basics of the web.
The moment you install WordPress there are some least basic things you need to know to avoid future problems. Here is the detailed explanation to keep your WordPress issue free right from the beginning.
The most important thing is how did you install WordPress. I mean, did you install it manually or through the hosting panel. There are some steps you could have followed to avoid some of the below steps. No worries, I have explained in detail each and every step below.
- Discourage your Website from Search Engines
- Put your Site to Maintenance Mode
- Disable Auto Updates
- Basic WordPress Settings
- Install the Basic Must Have Plugins
- Secure wp-login.php and xmlrpc.php
Discourage your Website from Search Engines
When you first login to WordPress, Go to Settings> Reading. In the new page opened, Tick Mark the option where it says “Discourage search engines from indexing this site” and save settings.
What this does is, the WordPress CRM will not generate Sitemaps itself and will not allow any WordPress SEO Plugins to create themselves. This means you don’t want to index your site in any Search Engines.
You might think what if you don’t make this setting? I will explain the problem here. WordPress generates a Sitemap as soon as something is published. The sitemap is like a data sheet for search engines to understand what is being published on the site and also an invitation to index your site. In the beginning, you don’t want to index your site because nothing will be ready for publishing. The dummy pages/ posts you publish in your test environment will be indexed by search engines. Once your site is indexed in search engines with dummy content, it will be a headache to remove/ de-index your dummy content from google which needs much time to resolve, and search engines will themselves get confused as to what to index and what to not.
In the same image above, you can see a statement just below “Discourage search engines from indexing this site” which says ” It is up to search engines to honor this request” which clearly says this is not guaranteed. This is very important to know that just by the above setting, you are not discouraging your site from search engines. So in order to tell the search engine bots NOT to visit your site, you MUST follow the below step.
You just need to add 2 lines to your robots.txt file. That’s it and it’s very simple to do that. But you need to open your hoisting account either through File Manager or through FTP. Some hosting providers don’t provide File Managers. In that case, you can access your WordPress file through FTP. If you have absolutely NO idea on how to access your hosting files, I suggest you go through this simple article on How to access WordPress Directory files
When you are in Home Directory which is nothing but the public_html folder, create a text file with the name “robots.txt”. Once the file is created, add these two lines to the file, Save and Close it.
User-agent: *
Disallow: /User-agent: *
Disallow: /To confirm that you have added it properly, in a new tab, open your website with path to robots.txt like below
http://yourwebsite.com/robots.txthttp://yourwebsite.com/robots.txtPut your Site to Maintenance Mode
When you are building your site, you add a lot of dummy content yourself or through themes. You don’t want your viewers to see them. In this case, you need to put your WordPress to maintenance mode. You can do this just by copying the below snippet to your functions.php or through a plugin. We recommend the Plugin method instead of directly adding the code to functions.php. Technically you should be using a child theme in order to do so. If you add any codes to your parent Theme Functions, they get erased if the theme gets updated. If you use the Code Snippets Plugin, you can disable any codes you added with just one click. The Code Snippets Plugin doesn’t slow down your website. Below is the code you need to add as a Snippet.
function wpclmx_maintenance_mode() {
if (!current_user_can('edit_themes') || !is_user_logged_in()) {
wp_die('<h1>Hello Folks</h1><br/>Website is under Building Stage.');
}
}
add_action('get_header', 'wpclmx_maintenance_mode');function wpclmx_maintenance_mode() {
if (!current_user_can('edit_themes') || !is_user_logged_in()) {
wp_die('<h1>Hello Folks</h1><br/>Website is under Building Stage.');
}
}
add_action('get_header', 'wpclmx_maintenance_mode');In the above code, you can change the text, add brakes, and multiple paragraphs. We recommend keeping it simple.
The other way of putting your site in maintenance mode is through plugins. Here you can make the page look more attractive by adding images, contact forms, etc. (In the above code you can also add your email address where people can contact you). When you are working on a Brand New Domain, people don’t even bother to visit your site. Only those who look for your site are those who are looking for backdoors in your WordPress, so-called hackers.
Disable Auto Updates
If you have installed WordPress from your hosting control panel, you could have already selected an option where it says to disable auto-update WordPress. if you haven’t then you need to follow the below procedure.
Go to File Manager on your hosting control panel. You can read this article on How to access WordPress Directory files if you don’t have any idea. Once you are in the home directory, i.e public_html folder, go to the file wp-config.php. Open the file and add the below code before the line where it says /* That’s all, stop editing! Happy publishing. */.
define( 'WP_AUTO_UPDATE_CORE', false );define( 'WP_AUTO_UPDATE_CORE', false );The reason why you need to disable auto-updates is that you don’t want the recent updates to break your site. If the site is broken with some functionality not working, creates a negative impact for your viewers. Also if the site is broken and google crawled your site, is the worst thing that might happen to you if google indexes a broken site. Your SEO ranking will be degraded.
Just remember one thing “Every day is not a Sunday”. Before updating anything, have a backup of your site and database. If you want to know the easy way to backup your site, you can read our article on Backing up WordPress Website the easy way.
Basic WordPress Settings
These are must-do settings for your WordPress. Below we have explained each step.
Finalize Permalink Structure
Depending on what kind of URL structure you like, set it at the beginning itself. We recommend setting the URL structure to “Post Name” for most websites and blogs to keep up with the SEO scores. If you are running a news website, you may face issues with setting a different URL every time for every post you publish because news websites publish many articles every day. If that is the case set the Permalink Structure to “Numeric” or “Date/Month” Wise as per your liking.
Comment Settings
Whether you need people to comment on your posts or not, you need to set this up. Always remember that if comments are open to the public, i.e., if anyone can comment without their information, you will fill your comment inbox with spam. Differentiating the Right comment against Spam will be a difficult task and of course, it’s a waste of time. In order to tackle this situation, we suggest you either completely disable WordPress comments or use comment plugins to reduce spam. We recommended using a Plugin called as wpDiscuz which works the best.
Set Time Zone and Format
Set the Time Zone along with the Date and Time format according to your preference. The same will apply to every post and page you edit. So you know exactly the time at which you made the last changes.
Set Media Image Sizes
You can set your own image sizes for your WordPress website or you can also keep them as default. Some themes add their own extra image sizes. Always remember that if there are more image sizes, WordPress will scale the image that you uploaded to the same number of images (multiple copies). As an example, if you uploaded an image of 100KB, if there are a total of 5 different sizes, then the original image will be copied 5 more times with a total size of about 150KB extra. There is not much of a problem. Just that it will consume more space. Even if you set each size to zero, WP will however process uploaded images to multiple sizes. Any image above 768px will always be scaled. There is one more way to completely disable WordPress image scaling using a code snippet which we won’t recommend. We always suggest keeping WP images sizes to their default.
Remember, WordPress scales images for a better user experience by speeding up your site. Assume if you are on the Category page, you don’t want WP to load full sizes of images because only a thumbnail is what you need. You only need a clean and sharp image for individual posts. If WordPress starts to load full sizes for Archive/Category pages, you will slow down your site which also increases your Hosting CPU usage.
Tip: Never add words like the ad, promotion, adv, advblock1, advertisement, etc in the title of the images on your website. What would happen? You might think. Read This.
Install the Basic Must Have Plugins
In order to keep clear observation on your site, prevent it from attackers, you can use our recommended must-have plugins for WordPress. Instead of filling up everything in the same article, We have a detailed article on Must-Have Plugins for WordPress.
And this is it. After completing the above steps, you will keep your WordPress Secure. If you have any questions, feedback let us know in the comment section below.
Secure wp-login.php and xmlrpc.php
It is very important to completely stop brute-Force attempts on your WordPress site. There are multiple ways you can do this. You can take benefit of your firewall, or through any plugin disable public access to ‘WordPress Login Page’ and completely disable ‘xmlrpc.php’.
We have a separate article on Protecting the wp-login.php against Brute Force.