close

Kaspersky Endpoint Security 8 Scan

Have you ever wondered what should you do after installing WordPress? Before you hit the publish button for the first time, consider tweaking the following settings to improve performance and to harden the security your WordPress website.

I have sectioned the article based on where the settings have to be tweaked.

  • Tweaking settings in WordPress Admin Dashboard
  • Tweaking settings in WordPress.com (you read it right!)
  • Tweaking .htaccess file
  • Tweaking your themes’s functions.php file
  • Tweaking robots.txt file

Tweaking settings in WordPress Admin Dashboard

1.Change Your Site Title, Tag Line and Time Zone

Titles are the first thing that a person sees about your site in Google search results. –

Site titles and taglines are used to describe your website and are visible in search engine results when people search for your website. Site title generally describes your business name and tagline describes about your business in few words.

You can change site title and tagline by navigating to Admin Dashboard → Settings → General.

In most themes, the site title and the tagline together becomes the content of the title tag. Generally, it is advisable to keep the content of the title tag short and preferably less than 70 characters as part of the search engine optimization.

Here is a guide to for your WordPress site and few to enrich your site title and taglines with keywords for search engine ranking.

Setting proper timezone is essential if you prefer to schedule your WordPress posts for auto-publishing. This setting ensures that the post is published at the expected time.

You can change the timezone settings in the same screen (Admin Dashboard → Settings → General). Timezone settings are specified in UTC format and you can use an online converter to .

2.Change Your Permalink Structure

WordPress Permalink settings helps you modify the structure of your URL’s. The default WordPress permalink structure is This structure gives no clue about the page either to your visitors or to search engines.

Consider an URL for example, This URL states that the page is about things that you should do after installing WordPress, even before visiting the page. Both your visitors and search engines will engage more if WordPress permalinks are descriptive rather than clueless numbers. So it is advisable to have pretty URL’s like the one shown above. You can change the WordPress permalinks to a lot prettier structure by heading to Settings → Permalinks. Yoast’s guide to will help you find a permalink structure suitable for your website or blog. 3.Move out the Media Folder Amit Agarwal from Labnol.org suggests to move the default WordPress media folder (wp-content/uploads/) to a sub-domain to improve performance. In order to achieve this, you need to create a sub-domain (ex. files.your-domain.com). Once you create a sub-domain, create a folder to store your media files in your sub-domain and note the relative path to this folder. For example, create a folder named 'Uploads' in your sub-domain.This way it becomes easier to back up. Also, your URL looks a lot cleaner with this structure. If you had done it right, your URL will look like files.your-domain.com/uploads/ and your relative path will look something like public_html/your-domain/your-folder-name. removed the option to change the media upload path and URL. But you can use the plugin to enable these settings. Once you install and activate the plugin, the following two fields will be visible under Admin Dashboard → Settings → Media Store uploads in this folder – /home/your-sub-domain/your-folder (Note: no trailing slash) Full URL path to files – files.mariadanieldeepak.com/uploads (Note: no trailing slash) 4.Enable JetPack authentication JetPack authentication off-loads the user authentication from your server and allows users to login your self-hosted WordPress via WordPress.com. Download and activate the plugin. Once you activate the plugin, JetPack asks you to connect to WordPress.com. Click on 'Connect JetPack' toconnect JetPack to your WordPress.com account. If you don’t have a WordPress.com account, you will be provided an option to create an account. You can then connect JetPack with WordPress.com There are two steps involved to enable JetPack authentication. Once connected, head to Dashboard → JetPack and enable Single Sign On under the Performance & Security tab. After enabling Single Sign On, go to Settings under JetPack tab in the dashboard to configure Single Sign On. Click on the Configure link and check the 'Match by Email' check-box. Click on 'Save Changes' to apply the changes. Hoo Hooh.. Congratulations, you have successfully enabled JetPack authentication for your WordPress website. When you head over to your login page (you should see a 'Login with WordPress.com' button in your WordPress login form. 5.Install Yoast SEO plugin plugin can greatly help your WordPress website with search engine optimization. Here is a YouTube video that walks you through the Yoast SEO plugin settingsand you can customize it based on your needs. 6.Generate SiteMap Sitemaps help search engines to index your website better. You can use plugin to create sitemaps. In order to create XML sitemaps using Yoast SEO plugin, navigate to Admin Dashboard → SEO → XML Sitemaps If you don’t prefer to use Yoast SEO plugin you can still generate sitemaps using . 7.Schedule Backup Backup is very crucial for your WordPress website. Whether you wish to move to a different hosting provider or your website is hacked, restoring your website is impossible without a proper backup. from Automattic does a wonderful job when it comes to backing up your WordPress website or blog. But this is plugin is not free and it is worth every penny. 8.Use A Cache Plugin WordPress to use a caching plugins like or to improve the performance of your WordPress website. 9.Delete Unused Themes And Plugins As part of the , ensure to remove unused themes and plugins once in every 3-6 months. Remember, you should never delete thedefault theme that comes with the version of your WordPress. Tweaking WordPress Config File 10.Disable File Editing Inside WordPress Disabling file editing inside WordPress saves you from worrying when an unauthorized person gains access to your WordPress website. By default, WordPress allows you to edit your theme and plugin PHP files. You can disable this by including the following line in your wp-config.php file. /** Disable file editing inside WordPress */ define('DISALLOW_FILE_EDIT', true); You can find the wp-config.php file in the directory where you installed WordPress. All changes to wp-config.php file must be done above the following comment /* That's all, stop editing! Happy blogging. */ Your Theme’s functions.php File 11.Turn off WordPress Login Hints WordPress by default shows login hints when incorrect credentials are entered. This information is a security threat and we can stop WordPress from showing them. Open your theme’s functions.phpfile and enter thefollowing lines. /** Disable WordPress Login Hints **/ function no_wordpress_errors(){ return 'GET OFF MY LAWN !! RIGHT NOW !!'; } add_filter( 'login_errors', 'no_wordpress_errors' ); Credit 12.Remove WordPress Meta Information Meta tags provide information about your web pages to search engines. However, there are few unnecessary meta information that WordPress provides by default, that might expose information that are unnecessary and vulnerable in the hands of a potential hacker. So, it is necessary to remove these meta tags from your website. Add the following code to your theme’s functions.php file to remove the unnecessary meta tags. remove_action( 'wp_head', 'feed_links_extra', 3 ); // Display the links to the extra feeds such as category feeds remove_action( 'wp_head', 'feed_links', 2 ); // Display the links to the general feeds: Post and Comment Feed remove_action( 'wp_head', 'rsd_link' ); // Display the link to the Really Simple Discovery service endpoint,EditURI link remove_action( 'wp_head', 'wlwmanifest_link' ); // Display the link to the Windows Live Writer manifest file. remove_action( 'wp_head', 'index_rel_link' ); // index link remove_action( 'wp_head', 'parent_post_rel_link', 10, 0 ); // prev link remove_action( 'wp_head', 'start_post_rel_link', 10, 0 ); // start link remove_action( 'wp_head', 'adjacent_posts_rel_link', 10, 0 ); // Display relational links for the posts adjacent to the current post. remove_action( 'wp_head', 'wp_generator' ); // Display the XHTML generator that is generated on the wp_head hook, WP version Credit – WordPress.com 13.Turn on two-step authentication using JetPack Two-Step authentication enables an additional layer of security for your WordPress website. You can enable two-step authentication by visiting WordPress.com. Login with your credentials and go to your profile by clicking on your avatar in the top right corner. From your profile page, click on Security menu to enable two-stepauthentication. This is a simple process and you can easily enable two-step authentication. Hooray! A big sigh of relief. Now your WordPress website is double secure. Also, disable the default WordPress login form permanently and restrict users to login only via Single Sign On using WordPress.com. This adds another layer of security. But this would require all of your existing WordPress users to create an account on WordPress.com To permanently disable WordPress default login form, add the following line of code in your theme’s functions.php file. /** Login via WordPress.com **/ add_filter( 'jetpack_sso_bypass_login_forward_wpcom', '__return_true' ); Credit HTAccess File 14.Disallow Directory Listing It is definitely a bad idea and a security threat to list files and folders when people browse your website. Depending on your web hosting, directory listing might be turned on/off by default. In order to turn off directory listing, add the following line to your .htaccess file inyour web host’s root folder. Options -Indexes Also, make sure to include a blank file in your themes (/wp-content/themes/) and plugins(/wp-content/plugins/) folder. Robots.txt File 15.Prevent Indexing Of Core WordPress Directories Use a robots.txt file to disallow web pages that are not intended to be indexed by web robots. You can use a text editor like Notepad and create robots.txt file. It is a best practice to disallow the following directories to be indexed by web robots. User-agent: * Allow: /wp-admin/admin-ajax.php Disallow: /wp-admin Disallow: /wp-content/plugins Disallow: /wp-content/themes Disallow: /wp-includes Disallow: /readme.html After you create the robots.txt file, place it in your root directory of your domain. Please do leave your WordPress optimization tip as a comment below and I would love to hear from you. Credits font & are used in images. Author: Maria Daniel Deepak My name is Daniel and I'm passionate about data and analytics. I blog aboutvarious BI tools like Power BI, Alteryx and Tableau. Read more

endpoint security dlp     endpoint security companies

TAGS

CATEGORIES