What Should You Do After You Install WordPress?

Here is my favorite list of things to do right after the installation of WordPress to tighten the security and to improve the performance of your WordPress website or blog.

Have you ever wondered what should you do after installing WordPress? Before you hit the publish button for the first time, consider tweaking the following settings to improve performance and to harden the security your WordPress website.

I have sectioned the article based on where the settings have to be tweaked.

  • Tweaking settings in WordPress Admin Dashboard
  • Tweaking settings in (you read it right!)
  • Tweaking .htaccess file
  • Tweaking your themes’s functions.php file
  • Tweaking robots.txt file

Tweaking settings in WordPress Admin Dashboard

1.Change Your Site Title, Tag Line and Time Zone

Titles are the first thing that a person sees about your site in Google search results.

Patrick Sexton

Site titles and taglines are used to describe your website and are visible in search engine results when people search for your website. Site title generally describes your business name and tagline describes about your business in few words.

You can change site title and tagline by navigating to Admin Dashboard → SettingsGeneral.

Change Site title, tagline and timezone in the WordPress dashboard

In most themes, the site title and the tagline together becomes the content of the title tag. Generally, it is advisable to keep the content of the title tag short and preferably less than 70 characters as part of the search engine optimization.

Here is a guide to write better site title and tagline for your WordPress site and few tips to enrich your site title and taglines with keywords for search engine ranking.

Setting proper timezone is essential if you prefer to schedule your WordPress posts for auto-publishing. This setting ensures that the post is published at the expected time.

You can change the timezone settings in the same screen (Admin Dashboard → SettingsGeneral). Timezone settings are specified in UTC format and you can use an online converter to identify your timezone in UTC format.

2.Change Your Permalink Structure

WordPress Permalink settings helps you modify the structure of your URL’s. The default WordPress permalink structure is This structure gives no clue about the page either to your visitors or to search engines.

Consider an URL for example, This URL states that the page is about things that you should do after installing WordPress, even before visiting the page. Both your visitors and search engines will engage more if WordPress permalinks are descriptive rather than clueless numbers.

So it is advisable to have pretty URL’s like the one shown above. You can change the WordPress permalinks to a lot prettier structure by heading to Settings → Permalinks.

Change WordPress permalink structure from WordPress Admin dashboard

Yoast’s guide to WordPress Permalinks will help you find a permalink structure suitable for your website or blog.

3.Move out the Media Folder

Amit Agarwal from suggests to move the default WordPress media folder (wp-content/uploads/) to a sub-domain to improve performance.

In order to achieve this, you need to create a sub-domain (ex. Once you create a sub-domain, create a folder to store your media files in your sub-domain and note the relative path to this folder.

For example, create a folder named 'Uploads' in your sub-domain. This way it becomes easier to back up. Also, your URL looks a lot cleaner with this structure.

If you had done it right, your URL will look like and your relative path will look something like public_html/your-domain/your-folder-name.

WordPress 3.5 removed the option to change the media upload path and URL. But you can use the Upload Url and Path Enabler plugin to enable these settings. Once you install and activate the plugin, the following two fields will be visible under Admin Dashboard → Settings → Media

Add Upload URL and Path Enabler plugin

Upload URL and Path Enabler plugin settings menu

  • Store uploads in this folder – /home/your-sub-domain/your-folder (Note: no trailing slash)
  • Full URL path to files – (Note: no trailing slash)

4.Enable JetPack authentication

JetPack authentication off-loads the user authentication from your server and allows users to login your self-hosted WordPress via

Download and activate the JetPack plugin. Once you activate the plugin, JetPack asks you to connect to Click on 'Connect JetPack' to connect JetPack to your account.

Install JetPack by plugin

If you don’t have a account, you will be provided an option to create an account. You can then connect JetPack with

There are two steps involved to enable JetPack authentication.

  • Once connected, head to Dashboard → JetPack and enable Single Sign On under the Performance & Security tab.
  • After enabling Single Sign On, go to Settings under JetPack tab in the dashboard to configure Single Sign On. Click on the Configure link and check the 'Match by Email' check-box. Click on 'Save Changes' to apply the changes.

Activate Single sign on from JetPack settings menu

Single sign on configuration page

Hoo Hooh.. Congratulations, you have successfully enabled JetPack authentication for your WordPress website.

When you head over to your login page (, you should see a 'Login with' button in your WordPress login form.

5.Install Yoast SEO plugin

Yoast SEO plugin can greatly help your WordPress website with search engine optimization.

Here is a YouTube video that walks you through the Yoast SEO plugin settings and you can customize it based on your needs.

6.Generate SiteMap

Sitemaps help search engines to index your website better. You can use Yoast SEO plugin to create sitemaps.

In order to create XML sitemaps using Yoast SEO plugin, navigate to Admin Dashboard → SEO → XML Sitemaps

If you don’t prefer to use Yoast SEO plugin you can still generate sitemaps using Google sitemap plugin.

7.Schedule Backup

Backup is very crucial for your WordPress website. Whether you wish to move to a different hosting provider or your website is hacked, restoring your website is impossible without a proper backup.

ValutPress from Automattic does a wonderful job when it comes to backing up your WordPress website or blog. But this is plugin is not free and it is worth every penny.

8.Use A Cache Plugin

WordPress recommends to use a caching plugins like W3 Total Cache or WP Super Cache to improve the performance of your WordPress website.

9.Delete Unused Themes And Plugins

As part of the WordPress housekeeping, ensure to remove unused themes and plugins once in every 3-6 months. Remember, you should never delete the default theme that comes with the version of your WordPress.

Tweaking WordPress Config File

10.Disable File Editing Inside WordPress

Disabling file editing inside WordPress saves you from worrying when an unauthorized person gains access to your WordPress website.

By default, WordPress allows you to edit your theme and plugin PHP files. You can disable this by including the following line in your wp-config.php file.

/** Disable file editing inside WordPress */
define('DISALLOW_FILE_EDIT', true);

You can find the wp-config.php file in the directory where you installed WordPress. All changes to wp-config.php file must be done above the following comment

/* That's all, stop editing! Happy blogging. */

Your Theme’s functions.php File

11.Turn off WordPress Login Hints

WordPress by default shows login hints when incorrect credentials are entered. This information is a security threat and we can stop WordPress from showing them.

Open your theme’s functions.phpfile and enter the following lines.

/** Disable WordPress Login Hints **/
function no_wordpress_errors(){
	return 'GET OFF MY LAWN !! RIGHT NOW !!';
add_filter( 'login_errors', 'no_wordpress_errors' );

12.Remove WordPress Meta Information

Meta tags provide information about your web pages to search engines.

However, there are few unnecessary meta information that WordPress provides by default, that might expose information that are unnecessary and vulnerable in the hands of a potential hacker. So, it is necessary to remove these meta tags from your website.

Add the following code to your theme’s functions.php file to remove the unnecessary meta tags.

remove_action( 'wp_head', 'feed_links_extra', 3 ); // Display the links to the extra feeds such as category feeds
remove_action( 'wp_head', 'feed_links', 2 ); // Display the links to the general feeds: Post and Comment Feed
remove_action( 'wp_head', 'rsd_link' ); // Display the link to the Really Simple Discovery service endpoint, EditURI link
remove_action( 'wp_head', 'wlwmanifest_link' ); // Display the link to the Windows Live Writer manifest file.
remove_action( 'wp_head', 'index_rel_link' ); // index link
remove_action( 'wp_head', 'parent_post_rel_link', 10, 0 ); // prev link
remove_action( 'wp_head', 'start_post_rel_link', 10, 0 ); // start link
remove_action( 'wp_head', 'adjacent_posts_rel_link', 10, 0 ); // Display relational links for the posts adjacent to the current post.
remove_action( 'wp_head', 'wp_generator' ); // Display the XHTML generator that is generated on the wp_head hook, WP version

13.Turn on two-step authentication using JetPack

Two-Step authentication enables an additional layer of security for your WordPress website. You can enable two-step authentication by visiting Login with your credentials and go to your profile by clicking on your avatar in the top right corner.

From your profile page, click on Security menu to enable two-step authentication. This is a simple process and you can easily enable two-step authentication.

Hooray! A big sigh of relief. Now your WordPress website is double secure.

Also, disable the default WordPress login form permanently and restrict users to login only via Single Sign On using This adds another layer of security. But this would require all of your existing WordPress users to create an account on

To permanently disable WordPress default login form, add the following line of code in your theme’s functions.php file.

/** Login via **/
add_filter( 'jetpack_sso_bypass_login_forward_wpcom', '__return_true' );

HTAccess File

14.Disallow Directory Listing

It is definitely a bad idea and a security threat to list files and folders when people browse your website. Depending on your web hosting, directory listing might be turned on/off by default.

In order to turn off directory listing, add the following line to your .htaccess file in your web host’s root folder.

Options -Indexes

Also, make sure to include a blank index.php file in your themes (/wp-content/themes/) and plugins(/wp-content/plugins/) folder.

Robots.txt File

15.Prevent Indexing Of Core WordPress Directories

Use a robots.txt file to disallow web pages that are not intended to be indexed by web robots. You can use a text editor like Notepad and create robots.txt file.

It is a best practice to disallow the following directories to be indexed by web robots.

User-agent: *
Allow: /wp-admin/admin-ajax.php
Disallow: /wp-admin
Disallow: /wp-content/plugins
Disallow: /wp-content/themes
Disallow: /wp-includes
Disallow: /readme.html

After you create the robots.txt file, place it in your root directory of your domain.

Please do leave your WordPress optimization tip as a comment below and I would love to hear from you.


Photographs font & grunge canvas are used in images.

By Maria Daniel Deepak

I'm a Web and WordPress developer by day and a dog trainer by night. I'm trying to lead a habit-based life and exploring the minimalist lifestyle.

2 replies on “What Should You Do After You Install WordPress?”

Leave a Reply

Your email address will not be published. Required fields are marked *