I don’t think there is a need to give a big lecture or introduction about WordPress. Over the past few years, WordPress has moved faster than any other content management software (CMS). Thousands of web sites are coming under the banner of WordPress every day. But you know what? Almost all of these thousands of web sites are at risk of not doing something urgent. And today’s post is about these urgent tasks.
Remember, if you have WordPress already installed on your site, you should do these 10 things! Otherwise, your site may be in danger or fall into any trouble, or maybe the site will be heavy, which you will not notice, but slow speed visitors will understand.
When he came, he went to work without lecturing.
1. Delete Delete Delete
Just installed, and now delete? Bad head or not? No brother, the head is fine. You should delete some items after installing WordPress. That is what I will say.
A. First, you have to delete the default admin name. This means that the user name that is given when installing WordPress, in general, is admin. And that’s what almost everyone leaves out. That’s a mistake. Because when a hacker tries to hack, he will first try with the admin username. Because almost everyone uses it. So if your admin username is admin, delete it now. What to do? I say the easy way. First login with admin username. Then go to Users> Add New and create a new admin account, whose username will be anything other than admin. Then log in with that account, and again go to Users> All Users and delete the previous ঐ admin account. Became the diameter.
B. Now go to your hosting control panel and delete both license.txt and readme.html files from Filemanager. Because these two files contain all the information about your current version of WordPress. As a result, hackers or attackers can see and understand where the security problem of the site may be.
C. Delete unused themes and plugins. However, do not delete Akismet in any way. Talking about it later. Also, delete unused themes and plugins.
2. Change Permalink Structure
Permalink Structure is the style of links to everything including the text/page of a site. Let me give you an example of some links.
http://example.com/mobileo/6484
http://example.com/2020/11/01/example-post-name/
http://example.com/?p=100
http://example.com/example-post-name/
You see, there is one link type after another. This way you have to decide what will be the Permalink Structure of your site. However, if the name is usually English, then it is better to use the name of the post in the URL. But be careful if it is Bengali. In many cases, Bangla Link does not work properly if it is shared in many places including Facebook. The most popular of the Permalink Structure is: http://example.com/%postname%/%post_id%/
To do this you need to go to Settings> Permalinks.
3. Launch the Akismet plugin
This is why I said earlier not to delete Akismet. It is built-in in WordPress. If it is activated, any spam comments and trackback spam on your site will be deleted instantly. You don’t have to worry about that. To activate it, go to Plugins> Installed Plugins and click on the Active button. You have to do a free registration from their site. Activate your Akismet with an API code, and rest assured.
4. Upload the theme
You should upload a theme after installing WordPress. And it should be fixed in advance. And always use paid themes to use themes. Free themes usually have a lot of problems, more use, and fewer updates. But paid themes keep updating all the time, and repair work continue with various issues. After all, these are a little less sold, so you may not see a site like yours yourself, but there are a lot of sites with the same design for free.
The following tasks need to be done in functions.php.
5. Remove WordPress Meta Information from Header (wp_head)
By default, WordPress contains some meta-information. Such as the WordPress version, RSD link, and Writer link of Windows Live. These are of no use to anyone except hackers. So why keep this code? To remove, copy, and paste the following code into functions.php.
remove_action( 'wp_head', 'wp_generator' ) ;
remove_action( 'wp_head', 'rsd_link' ) ;
remove_action( 'wp_head', 'wlwmanifest_link' ) ;
6. Remove excess feed links from header (wp_head)
WordPress alone creates a variety of additional feeds, including main feeds, comment feeds, single post feeds, category feeds, and archive feeds. Search engines never count those extra feeds outside of these feeds. So they should be removed. Copy and paste the following code into functions.php to remove any additional feeds, leaving useful feeds with the main feed.
remove_action( 'wp_head', 'feed_links', 2 );
remove_action( 'wp_head', 'feed_links_extra', 3 );
7. Hide or remove WordPress login errors
Usually when logging in to WordPress, if someone gives the wrong username, WordPress shows an error, ERROR: Invalid username. You may think that this is very good, but it is not. It will help hackers more than it will help your users. Because if they try this way, they may get a username, then they can attack the password. So refrain from showing login errors using the code below.
function themepacific_login_errors(){
return 'Nice Try!! Go Away!!';
}
add_filter( 'login_errors', 'themepacific_login_errors' );
WordPress core files and .HTACCESS
8. Prevent users from accessing your WordPress folder structure
Normally users can access your WordPress folders just like a computer folder, so they can easily get access to all your files. For example, if you go to the example.com/wp-content/uploads/ folder, you can see all the pictures, videos, audios, other files you have uploaded. You should stop it. There are two ways to do this.
A. Create a blank index.php file in the folder that has no file named index.php, including the wp-contents folder.
B. This method is easy to see but actually a little complicated. Moreover, a little mistake can cause the site to crash. So before doing this, you need to back up the .htaccess file from the home directory. When backing up, open the .htaccess file and add the following code to it.
Options All -Indexes
9. Turn off post revision
WordPress copies older versions of each post, making your database much larger. This is a problem with your site. So to avoid copying this old version, copy the following code to the wp-config.php file.
define( 'WP_POST_REVISIONS', false);
10. Exclude WP Core Files and Scripts from Google Indexing
All other search engines including Google can easily crawl and index all script files including your theme. This can make your site’s SEO worse or reduce your page rank. So you should protect the site from these files being indexed. Open the .robots.txt file from the WordPress home directory and copy the code below.
User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/themes/
Disallow: /wp-content/plugins/