So you managed to install WordPress and get your site running - does that mean you're ready to go public right away?
Ehh, not quite...
Before you start writing tons of awesome blog posts, finding ways to get visitors to those posts, and just generally launching a WordPress site out to the world, there are some basic steps you should take and settings you should configure to set your site up for success.
I'm talking about things like permalinks, backups, and other configurations that are a lot better to do at the beginning than later on.
These are the 11 things you should absolutely do after installing WordPress...
1. Make sure your login information is secure
In a survey from Wordfence of hacked WordPress website owners, almost 20% of the known hack causes came from either brute force attacks or password theft, both of which involve an insecure password.
Don't let that be you…
Weak passwords are a problem everywhere. But the stakes are especially dire for WordPress because if a hacker gets access to your admin account, they can make changes to your entire site.
Here's the easiest way to create a strong password on WordPress:
Just use the default random password that WordPress generates for you and keep it in a safe place (LastPass is a good option).
Yeah - it's hard to remember. But it's also hard for hackers to guess, which is a good thing!
So if you haven't already changed your WordPress password, go to Users → Your Profile and use the password generator:
2. Add some extra security to your login page, just in case
Beyond choosing a difficult-to-guess password, you can further beef up the security on your login page by using a plugin that adds some extra difficulty to brute force attacks.
One of the most popular for this use is Limit Login Attempts.
This free plugin lets you set a limit on incorrect password attempts. After the limit has been reached, the plugin will lock the account for a certain number of minutes that you can specify (you've probably seen this feature on sites around the Internet).
3. Build an update strategy and set up email notifications
While brute force attacks and password theft were the second most common attack vector in Wordfence's survey, plugin, theme, and core vulnerabilities accounted for ~70% of all the known entry points for hacked WordPress sites.
And do you know what's most likely to lead to one of those vulnerabilities?
Not updating your WordPress software, plugins, or themes!
In fact, according to Sucuri's Hacked Website Report from Q3/2016, 61% of hacked WordPress sites were running out-of-date software at the time when they were attacked.
Don't be one of those 61% of sites.
Make sure you stay on top of your updates. You can do this by looking for the icon in your WordPress dashboard:
Or, if you're the forgetful type, you can also use the free WP Updates Notifier plugin to get email notifications whenever any of the software on your site has a new update available.
If you won't be checking your WordPress dashboard every day, email notifications are a great way to keep you in the loop and make sure you stay updated.
4. Set your WordPress permalinks
Your WordPress site's permalinks essentially dictate how all the URLs on your site are structured.
For example, WPLift's permalink setting is the reason this post is located at URL instead of something like URL example
Permalinks are important because they have an effect on both:
- How humans experience your website
- How search engine robots experience your website (and rank it in the search results)
Basically, a good permalink structure allows you to communicate context about your page to both those humans and robots, which is a good thing.
Read this post for more information on WordPress permalinks and how to set them.
5. Test how quickly your website loads
How quickly your WordPress site loads is massively important to everything from user experience to search engine rankings.
Faster is always better and, as time goes on, people's standards for what a "fast website" is keep getting even higher. eCommerce shoppers used to be fine with 2 second page load times, but now they're increasingly looking for sites to load even faster!
To see how quickly your site loads, you can use the free Pingdom Tools page speed test.
Just plug in your site's URL and it will do the rest:
Based on the data, you'll most likely want to take some steps to speed up WordPress. Speaking of...
6. Use a caching plugin to make it load faster
While all the steps in that speed up WordPress guide I linked will make your site faster, there's one solution that deserves singling out because:
- It's incredibly easy to implement
- It will usually cut your site's page load times by ~50%
It's called a caching plugin. If you want to learn more, here's a post about caching plugins.
But for the simplest option, I recommend Cache Enabler. Just install and activate it and you're good to go!
You can even go back and test your site again with Pingdom Tools to see how big the improvement is.
7. Pick an SEO plugin and configure basic SEO settings
SEO, short for search engine optimization, is a strategy to help your site rank higher in search engines like Google (which gets you more traffic).
By default, WordPress isn't very SEO-optimized. But with the help of a free plugin, you can change that.
For most people, I recommend the Yoast SEO plugin because:
- It includes a setup wizard to help you get up and running
- It will help you optimize individual pieces of content
- It will tell you if there are any problems with your site (like accidentally turning on the Discourage search engines from indexing this site setting)
8. Check important features like forms and social media
There's nothing worse than driving traffic to your site only for important features of your site to not be working properly.
But as annoying as it is, it's probably happened to most webmasters at some point or another.
To stop that from being you, it's important to manually test important functionality on your site - like a form or a social share button.
Here's the best way to do that:
- Open up an Incognito or Safe Browsing tab in your browser (this ensures you experience your site like an anonymous visitor will)
- Manually fill out forms or click on important buttons to make sure they work exactly as intended
I know it's a bit tedious - but it's a lot better than finding out your contact form hasn't been working properly for the last month (yes - this actually happened to me once).
9. Install a backup plugin
No matter how careful you are when running your site, there's one incontrovertible truth about having a website:
And sometimes that "stuff" means your current site no longer works. When that happens, you want to always have a recent backup on hand so that, rather than being a disaster, it just takes a couple minutes to restore the working copy of your site.
Seriously - don't be that person who loses important data because they didn't want to take 5 minutes to set up automatic backups.
There are two ways to take care of backups on your site:
- Choose a managed WordPress host that does them for you
- Install a plugin like UpdraftPlus and configure it to automatically take backups every day. You can even make the plugin automatically upload those backups to Google Drive or Dropbox for safekeeping.
10. Install Google Analytics and set up Google Search Console
Whether or not you're trying to make money from your site, it's still helpful (and interesting) to see how much traffic your site receives, where that traffic comes from, and what it does on your site.
Google Analytics gives you access to all that information (and lots more!).
Best of all, it's 100% free!
To get started, follow this guide for how to add Google Analytics to WordPress.
Then, once you have Google Analytics installed, take things a step further and set up Google Search Console for your site, as well.
As long as you have Google Analytics on your site, it only takes a couple of minutes to get Search Console up and running and it will help you control and analyze how your site is ranking in Google Search.
11. See how your website looks on different devices
If you're like most webmasters, you've probably done a good job testing how your website looks on your computer.
But, thanks to the rise of smartphones and tablets, that's no longer enough. Now, more than 50% of Google searches happen on mobile devices, which means you're probably going to get a good chunk of traffic from mobile users.
That means you need to ensure your website looks great for everyone.
Don't worry, though. You don't need a smartphone to see what your website looks like on different devices.
Instead, you can use a free tool like Responsive Design Checker or your browser's Developer Tools:
Enjoy Your New Site!
That's it for now! Now that you've performed these steps, you should be ready to successfully launch your WordPress site to the world.
Did I miss anything you think people should do after installing WordPress? Share it in the comments so that we can all get smarter!