Important Tips for New WordPress users

Creating and running a website is quite common these days. Website management has developed into a neat profession. And when we talk of website hosting platforms the first name that comes in our mind is the WordPress. So if you have installed the WordPress there are certain things that are to be kept in mind suggestions on what minor changes that can be made in your WordPress help you avoid any problems that you may face in the future. We are writing here Important Tips for New WordPress users. The tips suggested below are meant only for wordpress.org sites. We are discussing here on the Blogs hosted on WordPress. It is also assumed that you are using Apache to run WordPress.Important Tips for New WordPress users

 

 

Modify default media uploads Folder Location

When you install the WordPress and upload any image on it they are by default stored in the wp-content/uploads folder. Instead of storing the uploads in the uploads folder, modify that allows you store the uploads in a sub-domain. This has few advantages –

  1. The image URLs get shorter.
  2. Daily WordPress backups get more manageable.
  3. Image serving from another domain allows for parallel download, and it improves page loading time.

WordPress 3.5 doesn’t have any such option of changing the default media upload folder, but there is a plugin that allows you to change settings. You are suggested to unselect the option – Organize my uploads into month-and-year-based folders.

Clear Away unimportant metadata from Website

The HTML source code of your WordPress site has a pair of metadata that are completely unnecessary. Anyone can have a look at the version of WordPress you are using at your source header.

Such an information is of great use to hackers that are planning to target your website. If they come to know that you are using an older and less secure version of the WordPress then it will make things easier for them. To remove such information from your WordPress header, add the following code snippet to the functions.php file which is present in the WordPress themes folder.

remove_action( ‘wp_head’, ‘wp_generator’ ) ;
remove_action( ‘wp_head’, ‘wlwmanifest_link’ ) ;
remove_action( ‘wp_head’, ‘rsd_link’ ) ;

Block Access to the WordPress Folder Structure

The explorer view in the web browsers allows anyone to have a look at your website’s WordPress files and folders. To stop this from happening you can add the following line to the .htaccess file that is present in your WordPress installation directory.

Options All -Indexes

Do make sure that there is a blank index.php in the wp-content/themes and wp-content/plugins folder of your WordPress directory.

Disable HTML for comments

The WordPress comment box is nothing but an HTML editor. The commentators can make use of HTML tags as to change or tweak their comments. Mischievous people can insert hyperlinks in their comments to unnecessarily occupy space in the comment section through spam. You can deactivate HTML in the comments which consequently makes use of hyperlinks impossible. To disable the HTML add the following code snippet to your functions.php file.

add_filter( ‘pre_comment_content’, ‘wp_specialchars’ );

You can also disable HTML codes from through CSS. css codes are given below. Add it where style.css ends.

.form-allowed-tags { display: none; }

Disable or Limit Post Revisions

WordPress has a special feature that allows you track changes in your website and also change back to any previous version of your blog. But these sites and post revisions considerably increase the size of the WordPress wp posts table because each revision means another row added to the table.

To disable these revisions if you do not need them, just open up the wp-config.php file in the WordPress directory and add the following line

define( ‘WP_POST_REVISIONS’, false);

A more wise option would be not to disable the feature completely but to limit the revisions of these posts. To do this you can add the following line to the wp-config file.

define( ‘WP_POST_REVISIONS’, 3);

Change the post Auto-Save Interval

The WordPress has a feature that saves drafts of the post as you continue to edit them, so that in case your browser crashes your edited work is saved. These drafts are saved on a per minute basis. You can change this time interval to 2 or 3 minutes by adding the following line of code to your wp-config.php file

define( ‘AUTOSAVE_INTERVAL’, 120 );

Hide secondary WordPress Feeds

WordPress has the capability to syndicate many RSS feeds at a time. These include blog feed, article feeds, comment feeds, category feeds and archive feeds etc. These can be easily detected as they are present in the HTML header of your blog page using the meta tag.

If you would like to publicize these main feeds add the following lines of code to your functions.php file-

remove_action( ‘wp_head’, ‘feed_links’, 2 );
remove_action( ‘wp_head’, ‘feed_links_extra’, 3 );

Direct all feeds to the master RSS feed

You can have all your feeds delivered through one RSS feed via the Feedburner and then disable all other feeds. Add the following line of code to the .htaccess file. Also, make sure to replace the feed URL with yours.

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator) [NC]
RewriteRule ^feed/?.*$ http://feeds.sitename.com/sitename [L,NC,R=301]

Permalinks in your WordPress dashboard:

Change the WordPress Permalink structure. The recommended structure is (for SEO and site performance)

/%post_id%/%postname%

Stop the WordPress scripts from being indexed

It’s good for your blogs to be crawled and indexed by Google and other search engines, but you may not want other PHP scripts (used by WordPress or other plugins) or themes being indexed. To stop that open the robots.txt file in your WordPress home directory and the following lines of code:

User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /feed/
Disallow: */feed/

Change the username “Admin”

It’s quite easy for anyone to guess that the administrator has the username “admin”. So it’s wise to create a new user and grant it administrator access. Now log in with this new user and change the “admin” user from the administrator to subscriber. This is a small but a useful step that pertains to security of your site.

Hide the XML sitemaps from search engines

XML sitemaps assist the search engines to index your site well, but it also displays the sitemap in the search results. In order to prevent that from happening add the following the line of code to the .htaccess.

Header set X-Robots-Tag “noindex”

Disable the WordPress search

There are two reasons to disable the WordPress search and use Google custom search:

(a) WordPress search results are far less relevant compared to the Google custom results.
(b) Disabling the WordPress search reduces the load on WordPress server/database as the queries are now channelled through Google.

Add a password to the wp-admin directory

It’s never enough when we talk of adding another wall of security to your website. Thus it is highly recommended that you add a password to your wp admin directory as well. Then you have two passwords to remember; the WordPress password and your directory password.

Track the 404 errors in Google Analytics

404 errors should kept logged, and you can use the Google Analytics to log details of the website that refers to the 404 page of your website. Just add this code to the Google Analytics tracking code after the _gaq.push function.

_gaq.push([‘_trackEvent’, ‘404’, document.location.pathname + document.location.search, document.referrer, 0, true]);
<? }

Prevent WordPress from guessing URLs

WordPress has an annoying habit of guessing URLs and thus making mistakes. If some one were to enter a wrong URL that does not exist WordPress will lead them to another page whose URL has words common to the entered URL. In order to stop WordPress from guessing URLs and displaying 404 errors put the following code in the functions.php file

add_filter(‘redirect_canonical’, ‘stop_guessing’);
function stop_guessing($url) {
if (is_404()) {
return false;
}
return $url;
}

Put expiry headers for static content

Images, CSS, Javascript, .txt etc are static files that are hosted on your WordPress website. These don’t alter very often, and you could put expiry headers on them which cache these files on the user’s browser. Thus this improves site loading speed as on further visits the cache versions of these files will be loaded.

Just refer to the .htaccess file of HTML5 boilerplate template for having details on putting up expiry headers

ExpiresActive On
ExpiresByType image/gif “access plus 30 days”
ExpiresByType image/jpeg “access plus 30 days”
ExpiresByType image/png “access plus 30 days”
ExpiresByType text/css “access plus 1 week”
ExpiresByType text/javascript “access plus 1 week”

Improve your WordPress security

Certain measures on your side as adding secret keys to the wp..config.php file, installing a file monitoring plugin or using Limit Login to prevent attacks can go a long way to secure your site.

Remove extra query parameters from URLs

If someone wants to access your site through the web they will have to enter the URL in the address. Suppose that the URL of your site is xyz.com. If some one were to add certain URL parameters as xyz.com/?utm=ga,xyz.com/?ref=feedly, it won’t stop them from accessing your website.

This is very harmful because it brings down your link equity (SEO). Add the following code to the .htaccess file and it will disable any other unnecessary query parameters from the entered requests.

RewriteEngine On
RewriteCond %{QUERY_STRING} !=””
RewriteCond %{QUERY_STRING} !^p=.*
RewriteCond %{QUERY_STRING} !^s=.*
RewriteCond %{REQUEST_URI} !^/wp-admin.*
RewriteRule ^(.*)$ /$1? [R=301,L]

           

Leave a Reply

Your email address will not be published. Required fields are marked *