Thousands of developers follow the WordPress optimization guide to set up a WordPress site. Although it takes only a few minutes to register your online presence, there are several important things that you must execute after installing the platform. As WordPress is a highly-customizable platform, it allows you to configure your site as per your preference.
Therefore, listed in this WordPress optimization guide are some imperative things that you must do after installing WordPress.
1. Change the Path of Media Upload Folder
All the files and images you upload to your site are stored in the wp-content/uploads folder. As the files and images are imperative elements of your site, you should make its recovery flexible by moving the files from the main folder to a sub-domain. This also improves the loading speed of your pages. Hence, to move your media upload folder, you need to edit the wp-config.php file and insert the following code.
2. Eliminate Ineffectual Meta Tags from Header
Your site’s HTML source code contains several meta tags in its header that are not essentially required. For example, the meta tag stating the version of your WordPress software is of no use. Moreover, it assists hackers by letting them know about the version, which in turn allows them to target the older versions.
Hence, if you want to remove the unnecessary meta-data from your site, open your functions.php file located in the themes folder and add the following snippet.
3. Secure Your Folders from the Visitors
With the increasing risk of unethical hacking, it is recommendable to prevent your visitors from accessing the folders present on your site. In the default version of WordPress, people can browse your folders through the explorer view offered by advanced browsers. In order to disable this option, you have to add the following code into the .htaccess file located in the installation directory of your WordPress site.
4. Prohibit the Use of HTML in Comments
The default configuration of WordPress allows every visitor to add HTML tags in their comments. As many people use this option as a strategy to promote their website or blog irrelevantly, it is recommendable to disable the option of adding HTML tags in comments.
To disallow your visitors from using HTML tags in comments, you should open the functions.php file and insert the following snippet.
5. Disable Post Revisions
Post revisions is regarded as a useful feature of WordPress. It allows you to track the changes made in your published posts and revert the changes if required. However, post revisions take a remarkable space on your site. Hence, if you publish the posts after proofreading it, you can disable the post revision to save some useful space. For doing so, you need to insert the following line in the wp-config.php file.
Apart from it, you can also set a limit of revisions by adding this code in the same file as discussed above.
6. Modify Auto-Save Intervals of Posts
Like all the advanced online editing platforms, WordPress saves your drafts automatically every minutes. This allows you to recover the changes made in case of any browser crashes or errors. However, if you want to extend the interval of the auto-save option to two minutes, you can do this by adding the following code in the wp-config.php file of your directory.
7. Hide Unnecessary RSS Feeds
The default version of your WordPress software is configured to generate multiple RSS feeds, such as article feed, category feed and blog feed automatically. On various occasions, you may not like to publicize all your RSS feeds for certain reasons. Hence, if you want to offer the main RSS feed and hide all the other feeds, this can be done by adding the following snippet to the functions.php file.
8. Redirect the Feeds to a Single RSS Feed
In addition to the case discussed above, you may like to maintain just one RSS feed and redirect all the other ones to it. As your RSS feed still exists after inserting the code for hiding them, you can have only one FeedBurner RSS feed. This can be done by inserting the following snippet in the .htaccess file of your site.
It should be noted that you must replace the URL mentioned in the above-code with your feed URL.
9. Disable Hints for Login
Being an advanced platform, WordPress provides you with a detailed error message when you create any error while entering your login credentials. For example, if you enter an username that does not exist, it would display that your username is incorrect. Unfortunately, this provides assistance to the hackers who want to break into your site. Hence, you should disable the hints by using the following code.
10. Turn on 2-Factor Authentication
In order to secure high level of safety on your site, you must enable the 2-factor authentication on your WordPress site. By turning on this functionality, if anyone breaks into your site by entering your login credentials, he would still require the OTP for accessing your dashboard. As the two-step authentication is not present in the feature list of WordPress, you need to activate the Authy plugin to enable this functionality.
11. Edit the Structure of Permalink
Tremendous numbers of developers recommend changing the permalink structure of your WordPress site. However, it is not an efficient move, as it affects your sites SEO negatively. Hence, if you want to change the permalink without compromising your site’s ranking, insert the following snippet in the Permalinks tab, located in the Options menu.
12. Add Touch Icons and Favicons
The modern visitors are very fond of favicons and Apple touch icons. Although its presence is not found in the default version of WordPress, you can add the file to satisfy your visitors. Hence, for adding the favicons, you should create a 144×144 apple-touch.png and a 16×16 favicon.ico file and add these files to the home directory. Once done, you should add the following line of code in the .htaccess file.
13. Prevent Indexing of Scripts
Every website owner wants search engines to crawl the webpages of their site, but not the backend stuff. Bearing this in mind, if you do not want the search engines to index your PHP files, you can disallow the crawlers from doing so. For this, you will have to access the robots.txt file through the home directory of your WordPress installation and add the following code.
14. Change the admin to subscriber
Being the admin of your site, you might not like to let other guess your username. In fact, WordPress sites with username left untouched as “admin” are more likely to be hacked than a custom admin username. Therefore, to improve the security, you should create a new user through your default profile and grant the administrator privileges to the user. Now, you have to logout from your existing profile and login using the newly created account. You need to change the name from Administrator to any custom name or Subscriber for higher security.
15. Avoid Search Engines from Indexing XML Sitemaps
After the latest SEO update from Google, you would probably create a XML sitemap for allowing search engines to crawl your site. However, you may not like this sitemap to be listed in the search engine results page. Hence, in order to prevent the XML sitemap indexing, you must add the following snippet in the .htaccess file of your site.
16. Prohibit WordPress Search
As a matter of fact, the Google Custom Search functionality is much better than the default offering from WordPress. This is because the WordPress search functionality presents less relevant results than the Google search. In addition to this, assigning Google Search reduces the burden from the WordPress server. Therefore, it is recommendable to prohibit WordPress search functionality and opt for Google Custom Search.
17. Protect wp-admin Directory Using a Strong Password
If you want to enhance the level of protection of your wp-admin directory, you can add a password protection layer to the specific directory. However, after creating the additional layer of security, you would need to remember two pairs of credentials; i.e. your WordPress admin password and the additional password that safeguards wp-admin directory.
18. Use 404 Errors
Many developers believe that the 404 errors are a kind of “missing opportunity” for WordPress sites. The Google Analytics tool can be used to log the 404 errors along with the information relating to the referring site. If you want to make use of the 404 error, you need to add the following code in the 404.php file of your website.
19. Remove Unnecessary Themes and Plugins
The default version of your WordPress software comes with tremendous numbers of preloaded themes and plugins. These elements take a considerable amount of space on your WordPress server. It is advisable that you should remove the themes and plugins that are not generally used by your site. This can be done by deactivating and deleting the respective theme or plugin through the admin panel.
20. Prevent WordPress Guessing URL Option
A habit of WordPress which is highly disliked by many website owners is guessing the URL. Though the feature has been offered to help the owners, it usually misleads them to wrong address. Therefore, if you want to stop this feature and present a 404 Not Found Error instead, you can do this by inserting the following code in the functions.php file.
21. Set Validation for Static Content headers
There are many static files on your site that you would like to get cached after a specific period of time. For example, if you want to set expiry headers for images, you can relate to the HTML5 Boilerplate. In addition, you can also provide the details for expiry and make sure that it improves the performance. For doing so, it is recommendable to use the W3 Total Cache plugin because it manages and controls the cache.
22. Enhance the Security of Your Site
Although you have set a high level of security by implementing the above mentioned steps, you can take a step further to enhance the protection by monitoring files on your site. For this, you can install an efficient file-monitoring plugin such as WordFence. Apart from this, you can also set a specific login attempts limits.
23. Disallow editing of Files
WordPress allows you to edit the PHP files, that are linked to your themes or plugins, by logging into the dashboard. If you want to disable this functionality from your site, you can add a snippet to the wp-config.php file through your WordPress admin dashboard.
24. Eliminate Additional Query Parameters
Many times, your visitors may insert additional query parameters along with the address of your site. For example, if your site address is www.seo123.com, they might type in www.seo123.com/?utm=fu. You can redirect the visitors to your site without compromising your site’s SEO by adding the following snippet to the .htaccess file.
25. Hide the Admin Bar
An annoying offering of WordPress is the presence of admin bar on all the pages which can be viewed by users. As this occupies a considerable space on top of every page, you can remove this bar from your site. For this, you will need to add the following line of code to the functions.php file.
26. Tackle the Ad Blockers
Many modern visitors to your site do not like the presence of advertisements on your pages. Hence, they use ad-blocking software that blocks the ads from your site. In order to tackle this, you can offer alternate content by creating a creative video or posts. For example, you can embed a video inclusive of advertisement on your site.
27. Brand Your Articles in RSS Feeds
You may like to insert a brand logo in each of your posts publicized through the RSS feed. As these feeds are publicized via your WordPress server, you can brand your articles conveniently. For this, you only need to add the following code to the functions.php file of your WordPress site.
28. Activate Effective Plugins
The availability of millions of plugins is a unique offering from WordPress. Whether you want to enhance the appearance or improve the performance of your site, you can find plugins for all purposes. Therefore, you should analyze your needs and find the effectual plugins for your site. Some recommendable plugins you should activate after installation are Akismet, WordPress SEO by Yoast and Contact Form DB.
29. Extend Your Login Period
If you don’t like typing in your login credentials every time before accessing your WordPress site, you can extend the login period. Though WordPress offers you with a default Remember Me option that keeps you logged in for two weeks, you can extend the period even more. For doing so, you should edit your functions.php file using an advanced editor and insert the following code.
30. Modify Your Timezone
Setting a timezone in your website allows you to create an impact on your visitors. This functionality presents the accurate date and time at the desired area of your website. It also provides assistance in handling the scheduled posts efficiently. Therefore, to set your timezone, you must navigate to the Settings menu and select the General option. Here, you will find the Timezone field at the lower section of the page. You should set your timezone and verify the local date and time before saving the settings.
