• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Varun Kruthiventi

Thoughts, actions, code ...

  • Home
  • About
  • Python
  • Microservices
  • Publications
  • Recommended Books

11 things to do after setting up a WordPress site

November 14, 2021 by Varun Kruthiventi Leave a Comment

Congratulations on setting up your WordPress site. What next? There are a few important things to take care of right after installing WordPress.

1. Disable XML-RPC

WordPress provides an XML-RPC (Remote Procedure Call) API, which can be used to integrate with external systems for publishing bulk content remotely.

If you are using a mobile or desktop blogging application, they would talk to your WP site using XML-RPC. The API interaction is carried out using basic auth credentials (username/password). This is not a great mode of authentication in terms of security and is prone to brute-force attacks and vulnerabilities.

Disable XML-RPC is a simple plugin that can disable RPC endpoints.

Disable XML-RPC

2. Setup Jetpack

Jetpack is an exceptional official plugin, which has a whole bunch of useful tools under one roof. Any new WordPress site/blog can leverage tools like CDN, Image optimization, backups, related posts, email subscriptions. This is a must-have plugin for your site.

Jetpack – WP Security, Backup, Speed, & Growth

3. Setup 2 Factor Authentication

2 Factor Authentication (2FA) has become a standard practice for login security. To ensure your WP site is secure from unauthorized access, you can add an additional layer of security to WP log in using apps like Google Authenticator, Microsoft Authenticator, Authy.

WP 2FA – Two-factor authentication for WordPress

WP 2FA is a simple plugin that helps in enabling up 2FA on your WordPress login page.

4. Restrict Login attempts

WordPress sites undergo a lot of brute-force attacks, especially on the Login page. The bots will keep making multiple requests and trying to break the login. This affects the performance of the site. This can be mitigated using a plugin like Limit Login Attempts Reloaded.

Limit Login Attempts Reloaded

This plugin restricts the IP addresses from which the site has received unsuccessful login attempts more than the limit you have specified. An ideal option could be 3 attempts.

5. Hide your login page

WordPress admin panel can be accessible at /wp-admin or /wp-login.php URLs. Since WP is a popular CMS system (it’s true 🙂 WordPress powers 39.6% of the internet), the default login URL could be easily targeted by bots and malicious traffic.

The best way to mitigate this would be to hide the login URL to something which is not so easy to guess. This could be done using plugins like WPS Hide Login.

WPS Hide Login

6. Secure your WordPress Installation

Sucuri and Wordfence are two excellent plugins for WordPress security. Sucuri provides 1 click option to harden all the loose ends of your WP site. Wordfence has an excellent firewall that actively blocks malicious traffic and DDOS attacks.

Sucuri Security – Auditing, Malware Scanner and Security Hardening
Wordfence Security – Firewall & Malware Scan

7. Remove unused plugins, themes

Any WordPress installation comes with a set of default themes and plugins. Always, it’s wise to remove any unused themes or plugins. This helps in reducing the chance of any vulnerabilities.

8. Change permalink structure

Permalink is a crucial part of how SEO optimization for your WP site/blog. By default, the permalink would be using a dynamic permalink with post/page ID in the URL. I’m sure this URL would not be liked by any of the search engine bots 🙂

http://example.com/?p=N

No need to worry, this can be changed to something meaningful. It is always good to have your post or page title as part of the URL.

In the Settings → Permalinks Screen, you can choose one of the more common permalink structures or enter your own in the “Custom structure” field.

Post name could be the best option for permalink structure. You could also build a custom structure with a combination of tags like postname, year, month, etc.

9. Change timezone

In the Settings → General Screen, you can update the Timezone where you are operating the site/blog from.

10. Update WordPress, Themes, and Plugins

WordPress, being the most used CMS, is prone to vulnerabilities. It is always suggested to keep your site updated regularly.

Most often hosting providers would not provide the latest version of WP for a while. Right after the installation of the new WP site, please check if there are any new updates available for default themes, plugins, or WordPress itself.

11. Update user profile

Finally, before jumping in to start writing posts on your WordPress site/blog, you should be updating your user profile. Jump into Users→ Profile section on admin dashboard and update details like “Display name publicly as“, “Profile Picture“, “Biographical Info“.

Now that you have done all these changes, you are good to fly 🚀
Happy blogging 🙂

Related

Filed Under: Blog, WordPress Tagged With: Plugins, Security, WordPress, WordPress Setup

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Footer

Recent Posts

  • 11 things to do after setting up a WordPress site
  • Rewind: South Trip 2019
  • python-alpine and Postgres issues
  • Fixing Xcode path
  • Setting up Ambassador API gateway on Kubernetes

Tags

Ambassador APIs AutoML Computer Vision Conference Paper Development Tools Docker Holidays iOS Kaggle Kubernetes LSTM Mac Microservices ML Neural Network Plugins Python R Security Temples Time Series Travel WordPress WordPress Setup Xcode

Archives

  • November 2021
  • October 2021
  • May 2021
  • September 2019
  • January 2019
  • May 2018

Copyright © 2022 · Varun Kruthiventi