Any post install tips after installing WordPress 3.0.1?

by

01 Database Security

01.01 change your database prefix during install or after install this is security by obscurity but helps with automated scripts that could run over all databases to inject bad code in your content like scripts, iframes or display: bits

01.02 install a database backup plugin to automate the backup e.g. http://wordpress.org/extend/plugins/wp-db-backup/

Read More: http://codex.wordpress.org/WordPress_Backups

02 Operating System Security

02.01 change all your files to 644 and directories to 755.

02.02 only access your backend via secure means e.g. never use ftp.

02.03 move the wp-config.php one level up so that it does not sit in your webroot directory. E.g. with MediaTemple: move it one level up to the HTML directory. Chmod this file to 400 for starters.

02.04 install an intrusion detection system. At least something like wordpress file monitor to check for potential changes (use hash option): http://wordpress.org/extend/plugins/wordpress-file-monitor/

Read More: http://codex.wordpress.org/WordPress_Backups
Read More: http://codex.wordpress.org/Hardening_WordPress

02.05 If possible use svn to install the initial site and upgrade it, may also be handy in case of zero day breaches you need to act upon

03 WordPress Security

03.01 Install login lockdown (http://wordpress.org/extend/plugins/login-lockdown/) or related plugins that minimize the amount of allowed retries on logging in.

03.02 Choose a strong password, use a password tool for storing it.

03.03 Preferably perform all administration via https
Read More: http://codex.wordpress.org/Administration_Over_SSL

03.04 Never use Admin as username, change it directory from the start to something else, you can change it via the database: 

update tableprefix_users set user_login='newuser' where user_login='admin';,

03.05 Hide the version WordPress is using or possibly hide the fact that your using WordPress at all, see e.g.: Steps to Take to Hide the Fact a Site is Using WordPress?

03.06 Remove notifications about new updates, see: Best Collection of Code for your functions.php file

04 Anti Spam

04.01 enter your Akismet key for starters. You can get your key after signing up with wordpress.org.

04.02 install a Captcha tool

See also: Why do I get comment spam even with Akismet and Captcha?

05 Usability and URL Hacking

05.01 Set a Permalink for your blogs. Create one that will not cause performance issues. See: Performance of my permalink structure?. Remember that you will have to live with it for a long time.

05.02 adjust your titles to have a meaningful names. See: Best Collection of Code for your functions.php file for an example, change to your own likings.

05.03 Give your blog a meaningful title and subtitle

06 Functional Installation

06.01 Add Users to your weblog, use strong passwords

06.02 Add a contact form, see: Contact Form on WordPress Sites?

06.03 install tinymce advanced: http://wordpress.org/extend/plugins/tinymce-advanced/
this gives you needed table editing, etc…

06.04 configure the blog in blogging tools or write documentation how to do this e.g. in windows live writer

06.05 Modify the login logo and link, see: Best Collection of Code for your functions.php file

06.06 Remove pings to your own blog: Best Collection of Code for your functions.php file

06.07 Display content only for specific users, see: Best Collection of Code for your functions.php file

06.08 delete the hello post and comment

06.09 delete the hello dolly plugin, see: Initialization Script for “Standard” Aspects of a WordPress Website?

06.10 write an about page

06.11 add your FTP details for upgrading: How can I stop WordPress from prompting me to enter FTP information when doing updates? (possibly further secure this)

07 SEO and Metrics

07.01 Add Analytic Tools like Google Analytics, Wp Stats, Statcounter to your theme. There are also plugins available to auto include the scripts for these.

07.02 WP Stats gives you shortlinks. Handy to include the short link code in your post to have users twitter them etc…

07.03 Register your blog on Technorati

07.04 install a twitter plugin to sync your posts with your twitter account

07.05 Remove not needed words in titles automatically, see: Best Collection of Code for your functions.php file

07.06 install any of the hundreds of SEO plugins

08 Performance

08.01 install one cache plugin (or more). see e.g.: What are the best practices for using a caching plugin on a shared host? there are a lot of options, you might also think of widget caching or in specific cases needing to write your own cache.

08.02 install wp smush it to automatically shrink your images: http://wordpress.org/extend/plugins/wp-smushit/

08.03 disable revision or limit them: Best Collection of Code for your functions.php file (this is performance and scaling in the broadest sense)

08.04 for a while check the amount of queries and performance, see: Best Collection of Code for your functions.php file

08.05 If you do not need XMLRPC, remove it, see: Best Collection of Code for your functions.php file

09 Design

09.01 Install a theme. Depending on your needs make a decision on what you seek in a theme, think of useability by disabled, SEO and maintainability by non technical people OR create your own theme. It’s not that hard.

10 Useless

10.01 Remove the filter to translate WoRdPrEsS back to WordPress, see: Best Collection of Code for your functions.php file

Leave a Comment