Any post install tips after installing WordPress 3.0.1?

Any post install tips after installing WordPress 3.0.1? which would be useful for any wordpress installation , where we will use wordpress as a CMS for a website. and blog page will not as a home page.

Related posts

Leave a Reply

1 comment

  1. 01 Database Security

    01.01 change your database prefix during install or after install this is security by obscurity but helps with automated scripts that could run over all databases to inject bad code in your content like scripts, iframes or display: bits

    01.02 install a database backup plugin to automate the backup e.g. http://wordpress.org/extend/plugins/wp-db-backup/

    Read More: http://codex.wordpress.org/WordPress_Backups

    02 Operating System Security

    02.01 change all your files to 644 and directories to 755.

    02.02 only access your backend via secure means e.g. never use ftp.

    02.03 move the wp-config.php one level up so that it does not sit in your webroot directory. E.g. with MediaTemple: move it one level up to the HTML directory. Chmod this file to 400 for starters.

    02.04 install an intrusion detection system. At least something like wordpress file monitor to check for potential changes (use hash option): http://wordpress.org/extend/plugins/wordpress-file-monitor/

    Read More: http://codex.wordpress.org/WordPress_Backups
    Read More: http://codex.wordpress.org/Hardening_WordPress

    02.05 If possible use svn to install the initial site and upgrade it, may also be handy in case of zero day breaches you need to act upon

    03 WordPress Security

    03.01 Install login lockdown (http://wordpress.org/extend/plugins/login-lockdown/) or related plugins that minimize the amount of allowed retries on logging in.

    03.02 Choose a strong password, use a password tool for storing it.

    03.03 Preferably perform all administration via https
    Read More: http://codex.wordpress.org/Administration_Over_SSL

    03.04 Never use Admin as username, change it directory from the start to something else, you can change it via the database:

    update tableprefix_users set user_login='newuser' where user_login='admin';,
    

    03.05 Hide the version WordPress is using or possibly hide the fact that your using WordPress at all, see e.g.: Steps to Take to Hide the Fact a Site is Using WordPress?

    03.06 Remove notifications about new updates, see: Best Collection of Code for your functions.php file

    04 Anti Spam

    04.01 enter your Akismet key for starters. You can get your key after signing up with wordpress.org.

    04.02 install a Captcha tool

    See also: Why do I get comment spam even with Akismet and Captcha?

    05 Usability and URL Hacking

    05.01 Set a Permalink for your blogs. Create one that will not cause performance issues. See: Performance of my permalink structure?. Remember that you will have to live with it for a long time.

    05.02 adjust your titles to have a meaningful names. See: Best Collection of Code for your functions.php file for an example, change to your own likings.

    05.03 Give your blog a meaningful title and subtitle

    06 Functional Installation

    06.01 Add Users to your weblog, use strong passwords

    06.02 Add a contact form, see: Contact Form on WordPress Sites?

    06.03 install tinymce advanced: http://wordpress.org/extend/plugins/tinymce-advanced/
    this gives you needed table editing, etc…

    06.04 configure the blog in blogging tools or write documentation how to do this e.g. in windows live writer

    06.05 Modify the login logo and link, see: Best Collection of Code for your functions.php file

    06.06 Remove pings to your own blog: Best Collection of Code for your functions.php file

    06.07 Display content only for specific users, see: Best Collection of Code for your functions.php file

    06.08 delete the hello post and comment

    06.09 delete the hello dolly plugin, see: Initialization Script for “Standard” Aspects of a WordPress Website?

    06.10 write an about page

    06.11 add your FTP details for upgrading: How can I stop WordPress from prompting me to enter FTP information when doing updates? (possibly further secure this)

    07 SEO and Metrics

    07.01 Add Analytic Tools like Google Analytics, Wp Stats, Statcounter to your theme. There are also plugins available to auto include the scripts for these.

    07.02 WP Stats gives you shortlinks. Handy to include the short link code in your post to have users twitter them etc…

    07.03 Register your blog on Technorati

    07.04 install a twitter plugin to sync your posts with your twitter account

    07.05 Remove not needed words in titles automatically, see: Best Collection of Code for your functions.php file

    07.06 install any of the hundreds of SEO plugins

    08 Performance

    08.01 install one cache plugin (or more). see e.g.: What are the best practices for using a caching plugin on a shared host? there are a lot of options, you might also think of widget caching or in specific cases needing to write your own cache.

    08.02 install wp smush it to automatically shrink your images: http://wordpress.org/extend/plugins/wp-smushit/

    08.03 disable revision or limit them: Best Collection of Code for your functions.php file (this is performance and scaling in the broadest sense)

    08.04 for a while check the amount of queries and performance, see: Best Collection of Code for your functions.php file

    08.05 If you do not need XMLRPC, remove it, see: Best Collection of Code for your functions.php file

    09 Design

    09.01 Install a theme. Depending on your needs make a decision on what you seek in a theme, think of useability by disabled, SEO and maintainability by non technical people OR create your own theme. It’s not that hard.

    10 Useless

    10.01 Remove the filter to translate WoRdPrEsS back to WordPress, see: Best Collection of Code for your functions.php file