Any post install tips after installing WordPress 3.0.1? which would be useful for any wordpress installation , where we will use wordpress as a CMS for a website. and blog page will not as a home page.
Any post install tips after installing WordPress 3.0.1?
01 Database Security
01.01 change your database prefix during install or after install this is security by obscurity but helps with automated scripts that could run over all databases to inject bad code in your content like scripts, iframes or display: bits
01.02 install a database backup plugin to automate the backup e.g. http://wordpress.org/extend/plugins/wp-db-backup/
Read More: http://codex.wordpress.org/WordPress_Backups
02 Operating System Security
02.01 change all your files to 644 and directories to 755.
02.02 only access your backend via secure means e.g. never use ftp.
02.03 move the wp-config.php one level up so that it does not sit in your webroot directory. E.g. with MediaTemple: move it one level up to the HTML directory. Chmod this file to 400 for starters.
02.04 install an intrusion detection system. At least something like wordpress file monitor to check for potential changes (use hash option): http://wordpress.org/extend/plugins/wordpress-file-monitor/
Read More: http://codex.wordpress.org/WordPress_Backups
Read More: http://codex.wordpress.org/Hardening_WordPress
02.05 If possible use svn to install the initial site and upgrade it, may also be handy in case of zero day breaches you need to act upon
03 WordPress Security
03.01 Install login lockdown (http://wordpress.org/extend/plugins/login-lockdown/) or related plugins that minimize the amount of allowed retries on logging in.
03.02 Choose a strong password, use a password tool for storing it.
03.03 Preferably perform all administration via https
Read More: http://codex.wordpress.org/Administration_Over_SSL
03.04 Never use Admin as username, change it directory from the start to something else, you can change it via the database:
03.05 Hide the version WordPress is using or possibly hide the fact that your using WordPress at all, see e.g.: Steps to Take to Hide the Fact a Site is Using WordPress?
03.06 Remove notifications about new updates, see: Best Collection of Code for your functions.php file
04 Anti Spam
04.01 enter your Akismet key for starters. You can get your key after signing up with wordpress.org.
04.02 install a Captcha tool
See also: Why do I get comment spam even with Akismet and Captcha?
05 Usability and URL Hacking
05.01 Set a Permalink for your blogs. Create one that will not cause performance issues. See: Performance of my permalink structure?. Remember that you will have to live with it for a long time.
05.02 adjust your titles to have a meaningful names. See: Best Collection of Code for your functions.php file for an example, change to your own likings.
05.03 Give your blog a meaningful title and subtitle
06 Functional Installation
06.01 Add Users to your weblog, use strong passwords
06.02 Add a contact form, see: Contact Form on WordPress Sites?
06.03 install tinymce advanced: http://wordpress.org/extend/plugins/tinymce-advanced/
this gives you needed table editing, etc…
06.04 configure the blog in blogging tools or write documentation how to do this e.g. in windows live writer
06.05 Modify the login logo and link, see: Best Collection of Code for your functions.php file
06.06 Remove pings to your own blog: Best Collection of Code for your functions.php file
06.07 Display content only for specific users, see: Best Collection of Code for your functions.php file
06.08 delete the hello post and comment
06.09 delete the hello dolly plugin, see: Initialization Script for “Standard” Aspects of a WordPress Website?
06.10 write an about page
06.11 add your FTP details for upgrading: How can I stop WordPress from prompting me to enter FTP information when doing updates? (possibly further secure this)
07 SEO and Metrics
07.01 Add Analytic Tools like Google Analytics, Wp Stats, Statcounter to your theme. There are also plugins available to auto include the scripts for these.
07.02 WP Stats gives you shortlinks. Handy to include the short link code in your post to have users twitter them etc…
07.03 Register your blog on Technorati
07.04 install a twitter plugin to sync your posts with your twitter account
07.05 Remove not needed words in titles automatically, see: Best Collection of Code for your functions.php file
07.06 install any of the hundreds of SEO plugins
08 Performance
08.01 install one cache plugin (or more). see e.g.: What are the best practices for using a caching plugin on a shared host? there are a lot of options, you might also think of widget caching or in specific cases needing to write your own cache.
08.02 install wp smush it to automatically shrink your images: http://wordpress.org/extend/plugins/wp-smushit/
08.03 disable revision or limit them: Best Collection of Code for your functions.php file (this is performance and scaling in the broadest sense)
08.04 for a while check the amount of queries and performance, see: Best Collection of Code for your functions.php file
08.05 If you do not need XMLRPC, remove it, see: Best Collection of Code for your functions.php file
09 Design
09.01 Install a theme. Depending on your needs make a decision on what you seek in a theme, think of useability by disabled, SEO and maintainability by non technical people OR create your own theme. It’s not that hard.
10 Useless
10.01 Remove the filter to translate WoRdPrEsS back to WordPress, see: Best Collection of Code for your functions.php file