Whether you’ve never used WordPress before or you’ve been using it for years, here are some tips to help you. If you only have the patience right now to focus on a few of them, focus on the Security section.
1. Use a strong password.
For password generation and management I use 1Password. I like that it syncs across my devices and with Dropbox. I also like that it’s made by AgileBits, a privately held Canadian company located in downtown Toronto (support local business). Another good password tool is Lastpass, which does the same thing.
Bonus: Change the default login name too. “admin” is common and if somehow your password is hacked, the default “admin” user name will be the first that hackers try.
2. Keep it all updated.
That’s WordPress, plugins and themes. That includes the plugins & themes you have installed but don’t use. Don’t ignore the prompts to update!
3. Back up your site!
There are many plugins that you can do this with. Some are free, some aren’t. Here are a few examples. I have experience with some of them.
VaultPress: A subscription based service which offers automated real-time cloud backup solution starting at $5 / month. VaultPress.
Backupbuddy: BackupBuddy allows you to easily schedule daily, weekly, or monthly backups and store them in Dropbox, Amazon S3 and other cloud services. The price starts at $80/year for use on 2 sites with 1 year of support forum access and 1 year of plugin updates. If you have multiple sites, that’s just $40 per site. BackupBuddy by iThemes.
WordPress BackupToDropbox is ideal for Dropbox users looking to backup their entire WordPress site. It’s best for those with sites less than 2GB in total. I use it on one of my sites. WordPress Backup to Dropbox
BackUpWordPress: This one has a free version and premium. The premium version stores backups in the cloud, which is what you want. BackUpWordPress
BackWPup: What’s “Back WP up”, not “Back W Pup”. It also saves to cloud services and email. There’s a free version and a Pro version that starts at $75. BackWPup free / BackWPup Pro
You can do your own research into backup plugins to find one that meets your needs.
4. Make your email address hard to spam.
Please don’t put your email address on your website. It will be easy for spammers to take it and use it. Instead, use a contact form. Spamming isn’t a security issue but it is an annoyance.
Site loading speed
You want your site to load quickly and efficiently.
5. Install a Caching Plugin
This will make your site load more quickly. Caching allows you speed up your site and prevent downtime if you get a lot of traffic at once. WP Super Cache (which I use) and WP Total Cache are the two standard ones. I’ve used them both and have no preference.
6. Reduce the size of your images before you upload them
By reducing the size of your images you reduce their file size, which makes your page load faster and more efficiently and also takes up less space on your web server. Also, clicking on an image in a post will display the image in its original size (unless you change it to open to another URL). If the original size is huge, it will display that way.
There are multiple ways to do this. On Mac you can do it straight from the Preview application. I don’t remember if you can do this on Windows but MS Paint allows you to resize and crop. Click your image to open it, select “Tools” and “Adjust Size”. I always duplicate the image and keep the original size on my computer just in case I need it but that’s up to you.
7. Evaluate your installed & activated plugins
This one affects both the site speed and security.
Every so often, go through all of your installed plugins. Deactivate and delete ones that you don’t use. Maybe you’ve tried a bunch and deactivated those you didn’t need but didn’t delete them. If you want, you can keep a list of those deleted plugins somewhere in case you want to try them again, but deleting deactivated plugins cuts the risk of being hacked.
Confession: I’m a plugin hoarder and am guilty of deactivating without deleting – and my site’s been slower as a result.
Design & User experience
8. Delete the default “Hello, world!” post and sample page
Leaving it in makes you look like a newbie. Replace it with your own content.
9. Change the default tagline
The default is “Just another WordPress site”. Your site isn’t just another WordPress site. It’s your site. You can always change the tagline later.
In your URL, the text following your domain name should not be an ID number (e.g. “?page_id=123”). -Sometimes called “Clean URLs”, Semantic URLs or SEO-friendly URLs. This makes your site look better and is better for serach engine optimization.
To do this, click on Settings and Permalinks and select “Post name”.
11. Advanced: Change your default 404 page
The purpose of a good 404 page is to make sure visitors landing on it continue browsing your site, and find the content they came for.
I hand-coded the 404 pages on this site in the theme editor, but there are tools you could use to make it look better. I’ll get into details about 404 pages and how to customize them in a subsequent post.