This almost 70 step check list will help you to install WordPress the right way.  If your site is already installed, no problem, just click to the Secure section and keep going.  This list is being updated.  If you think something should be added/deleted from the list, leave a comment below the list and/or vote on someone else’s comment.

Quick links to jump to a section – >

23InstallInstall Anti Spam PluginAnti spam plugins will keep spammers at bay. WP Bruiser, Anti spam, and Akismet are three good options.EasyRecommended
22InstallInstall Contact Form with honeypot/recaptchaA contact form is pretty much necessary to interact with potential customers/clients. Do a search to get potential plugins. Some popular forms are Gravity Forms, Ninja Forms, and Contact Form 7.EasyRecommended
21InstallInstall Backup PluginYou'll want to have some way to backup your site. Web Hosts generally do a backup, but you'll probably want one of your own. We recommend Updraftplus it is extremely reliable, easy to use, and has alot of reasonably priced extensions.EasyRecommended
20InstallInstall SEO PluginYou'll want to install a Search Engine Optimization,(SEO) plugin that will help you to be found on search engines. Two of the leading plugins are Yoast Seo and All In One SeoEasyRecommended
19InstallSet Privacy PageWith the new GDPR rules and Privacy requirements, you should set your privacy page- Go to your Dashboard > Settings > PrivacyEasyNecessary
18InstallUpload FaviconA favicon is the small 16 pixels x 16 pixels icon that you see in your browser tab when you load a website. Various themes allow you to upload a favicon for your site to give it a more professional appearance.ModerateRecommended
17InstallInstall WP ThemeYou'll want to add a theme to your WP site in order to give it the looks/functionality that you want. There are multiple themes available to you via Go to Appearance > Themes to see all of the free themes. There are also multiple themes available on Themeforest, and through individual theme shops online. Some themes even include premium plugins to enhance your site even more. Installing a WordPress theme is easy, choosing one is difficult! The following list should be kept in mind:
  • Free theme or premium theme?
  • Is the theme supported and updated regularly?
  • Does it use a page builder, or the default WordPress Editor?
16InstallMailing List SetupIf you want to market to your potential customers via email, you can setup your own mailing list hosted in your own site, or via an external service. If you want it hosted on your own site, then you'll want to use plugins such as: Mailpoet 3 or The Newsletter Plugin If you're looking for external services with more features then you'll want to look at: ModerateRecommended
15InstallWebsite MonitoringThere's nothing worse than going to your website and seeing it is down. You'll want to add uptime monitoring to know if your site is down for a large amount of time. You can sign up for Uptime Robot or Pingdom. These services will monitor your WP site and notify you if it is down. EasyRecommended
14InstallGoogle Account SetupIf you don't have a Google Account, you will need one to add Google Analytics, Webmaster Tools, and other items later. You can sign up for one HereEasyRecommended
13InstallSetup CloudflareCloudflare is a great free service that provides CDN and SSL for your site. You will see great speed improvements once you setup your site on this service.ModerateRecommended
12InstallChoose Comments Settings or Disable CommentsIf you want to have comments on your site, choose Settings > Discussion and check the appropriate boxes. If you want to disable all plugins install the Disable Comments Plugin EasyRecommended
11InstallDiscourage Search EnginesIn the dashboard under Settings > Reading check the "Discourage search engines from indexing this site" This keeps Google and other search engines from displaying your site in search results while you are working on it. Make sure to uncheck this box when your site is ready to launch.EasyRecommended
10InstallSet the number of PostsIn the dashboard under Settings > Reading update the number of blog posts to set how many blog posts are shown on the blog page. The default is 10, but can be changed to any number.EasyRecommended
9InstallSet HomepageIf you don't want your blog posts to be the first thing visitors see go to the dashboard under Settings > Reading and update the static page and blog page settings. Set the static page to whatever homepage that you have set up.EasyRecommended
8InstallSet PermalinksIn the dashboard under Settings > Permalinks update the Permalink format - in most cases, it should be the "Post Name" format. This is the best setting for SEO (Search Engine Optimization) purposes.EasyNecessary
7InstallDelete Sample ContentIn the Dashboard under Posts, delete the "Hello World" Blog post. Under Pages, delete the "Sample Page" content. Under Comments delete the "Sample Comment".EasyNecessary
6InstallUpdate Timezone/Date/Week StartIn the dashboard under Settings>General , update the Date format, Timezone, and Day of the Week. The timezone is especially handy to set, because any administrative emails that are sent to you will reflect the time that is set on this page.EasyRecommended
5InstallUpdate Site Name and TaglineIn the dashboard under Settings>General, update the site title and tagline. The site title will be what is listed in search engines for your site and will also show in the browser tab. Your site tagline may or may not be visible on your site based on the theme that you're using.EasyNecessary
4InstallLogin as AdministratorFor a default WordPress setup, the login is found at You'll need to login using your username (or email address), and the password that you chose in the 1 click install step. Depending on your webhost, you may have received an email requesting that you reset your password, after which you'll be able to login. EasyNecessary
3InstallEmail Account SetupSome webhosts include email hosting as part of their hosting package. For other hosts, you will need to use a separate service such as G-Suite Or FastMail in order to get email for your website using your URL .ModerateRecommended
2Install1 Click WP Install

You can use a 1 click install depending on how your web host is set up. Go to your particular web host’s support site and follow the instructions on how to set up WordPress.  If you have a managed WordPress host such as  WP engine. or Pantheon  Install is done very easily for you.  Other shared hosts such as Bluehost  and Siteground may require you to take a few additional steps.  Please check your host's documentation.

1InstallDomain and HostingThere are some really great WordPress web hosting providers outthere, but the 2 we recommend are Siteground and WP engine. has recommended hosts as well.

Quick links to jump to a section – >

41SecureGet Let's Encrypt SSL cert if you didn't configure CloudflareIf you didn't configure Cloudflare in the install step, you'll want to install a free Let's Encrypt certificate through your webhost. This will allow a secure connection between your website and the visitors computer. Search engines and browsers are now requiring that websites have SSL or they will flag the site as insecure. ModerateNecessary
40SecureImplement 2 Factor SecurityIf you or a small team of people will be logging into a site, you should consider using two factor authentication, which not only uses a username and password, but also requires an additional device, such as your cell phone to log you into the account. AdvancedOptional
39SecureCheck Comment SettingsThe Settings Discussion Screen allows you to set the options concerning comments (also called discussion). You can find this on the Settings—> Discussion menu item. It is here the administrator decides if comments are allowed and what constitutes Comment Spam.ModerateOptional
38SecureAdd File Monitoring ScanOne of the quickest ways to determine if you are being hacked is to have a file monitor to determine if a hacker has changed any of your WP core or Plugin files. Plugins such as Wordfence or All in One Security will monitor this for you along with other security benefits, but if you're looking to do this in a lighter weight package, you can use a plugin such as WordPress File Monitor EasyOptional
37SecureUpdate Htaccess SettingsA htaccess file is used by a web server to set permission and security. Your WordPress installation contains one of these files and can be used to increase security on your website. Install the Wordfence plugin for a fast way to check thesecurity of your htaccess file. Find out more about htaccess files.AdvancedRecommended
36SecureChange WordPress Database PrefixBy default WP creates database tables that begin with wp_ … which possible hackers know and can write SQL scripts for. By changing the database prefix you can make it harder for hackers to create scripts to compromise your database information. Some webhosts do this by default. AdvancedRecommended
35SecureStop SQL Injection AttacksOne of the best ways to mitigate this style of attack is to install Wordfence or All in One Security AdvancedRecommended
34SecureMove wp-config.php wp-config.php is a very important file that can easily compromise your site if it falls into a hackers hands. Moving it up one level in your servers directory keeps it out of your public folder just in case your server is compromised.
33SecureUpdate Unique KeysYou can update the WordPress salts that are in your wp-config file in order to harden security. Once you replace them anyone who is currently logged into your site will be logged out. They will be able to login again with no problems. AdvancedRecommended
32SecureTurn off code editing from the admin dashboardUsing FTP, find your website's wp-config.php file. Add the following line before the /**That's All….**/ line define( 'DISALLOW_FILE_EDIT', true ); This will keep a hacker that gets admin permissions from directly editing your code.
31SecureSet appropriate user levels for all users (editor or below unless necessary) WordPress has 5 user levels- each level has the ability to do different things on your website. Make sure you give the appropriate user level to each user. To get more explanation, read the following: ModerateRecommended
30SecureInstall Strong Passwords PluginIf your webhost doesn't provide this already, you'll want to install a plugin that forces your website users to use stronger passwords which increase security. No more "Password123" - There are multiple plugins that helps you accomplish this.
29SecureForce SSL PluginOnce you enable SSL, you'll want to have all of your url's be loaded over to https://. The Really Simple SSL plugin works well for this task.advancedNecessary
28SecureChange default WordPress login page is the usual WordPress login page. In order to make it a little harder for hackers you can change the login page location to something else such as using the WPS Hide plugin moderateNecessary
27SecureChange Admin Account NameThe "admin" username that comes by default with WordPress is well known by hackers. From that point all they need to do is guess your password. To increase security, you should remove the admin user account. To add a new user to replace the admin account follow: - Then log into that new account you just created and delete the old "admin" user.ModerateNecessary
26SecureDownload a text editorYou'll need a text editor to change values in certain files that you access using FTP.ModerateNecessary
25SecureGet an FTP Program and FTP SetupIn order to secure your site, you'll need access to the files on your site. An FTP program will keep you from having to login to your web host every time you need to make a change. Filezilla and Cyberduck are two great FTP programsModerateNecessary
24SecureGet Let's Encrypt SSL cert if you didn't configure CloudflareIf you didn't configure Cloudflare in the install step, you'll want to install a free Let's Encrypt certificate through your webhost. This will allow a secure connection between your website and the visitors computer. Search engines and browsers are now requiring that websites have SSL or they will flag the site as insecure. ModerateNecessary

Quick links to jump to a section – >

51ConfigureSetup 301 Redirects if upgrading from old siteIf your site was pre-existing, and you are changing the url of certain pages, you'll want to use 301 redirects to let search engines know that the content has moved For instance, if your old url was, and we want to make it, you'll need to use a 301 redirect to inform search engines of the move.
50ConfigureInstall Maintenance Page PluginThere may be times when your site has to be down due to updates, etc.. Installing a maintenance page plugin will allow site visitors to know that it is scheduled maintenance and will encourage them to come back at a later time.
49ConfigurePrivacy Policy, Terms and Conditions, CopyrightWith the new European and eventually US rules, you'll need to add these pages to your site. You may need to have a lawyer draft them if your site has specific needs. WordPress gives a privacy policy setting at - Settings -> Privacy in the WordPress dashboard. Use the following url to help generate a Privacy Policy. getterms.ioYou can also modify the WordPress default Privacy Policy under Dashboard > Settings > Privacy .ModerateNecessary
48ConfigureAdd HTML Sitemap This is very important to allow google to crawl and index relevant pages on your site - you can create one through plugins or you can use and online scanner and place the html code in your public html directory. EasyRecommended
47ConfigureAdd Contact PageAlmost all sites will need to have a contact page of some sort. There's a plethora of contact forms that serve different needs. Additionally, depending on your theme you may have a form builder included. You can find a list of free contact forms here.EasyNecessary
46ConfigureConfigure Related ContentOnce your visitors have finished reading one piece of content, it always a good idea to show them related content.

You can do this automatically by installing and configuring the Jetpack plugin by Automattic.

Jetpack has the added benefit of generating the information off server so that your hosting account won't have to bear the database load of indexing and serving up the related posts.
45ConfigureImprove 404 Errors404 errors happen when a page is requested that does not exist. WordPress can handle these errors fine but you can make your 404 pages much better by installing the 404 page plugin. EasyRecommended
44ConfigureConfiguring the WordPress ThemeDepending on your theme, you'll want to customize certain things such as Page titles, Post meta, etc… You'll want to refer to your theme makers homepage to find out all of the options that are available to you.EasyNecessary
43ConfigureGutenberg or classic editorHeading into WordPress 5.0 and beyond the "Gutenberg" editor will be used in WordPress. If you don't want to use that editor, then install the Classic Editor plugin in order to disable Gutenberg. EasyNecessary
42ConfigurePlan Site Taxonomy A site taxonomy is a grouping mechanism for content. There are two default ways to group content in WordPress:
  • Categories which group posts together. Categories can be placed in hierarchies. Think of categories as your site’s table of contents. Your categories should help identify what your site is about.
  • -Tags are keywords related to your posts. Tags have no hierarchy. Tags are your site’s index words. Your tags allow micro-categorization of your site’s content.

You can manage your tags and categories from within WordPress Administration. Most sites will work fine with these taxonomy types.

However you are not limited to just two types of taxonomy in WordPress. You create custom post types and custom taxonomies to organize your content as you wish e.g., create a job taxonomy for a jobs website or a movie taxonomy for a movie review website.

Find out more about taxonomies and custom post types.

Quick links to jump to a section – >

55ConnectConfigure Adsense and Other AdvertisingPlacing ads for products or services on your site is one way to monetize your site's traffic. You will want to install an ad plugin based on which ad service you're using. Certain themes also have ad functionality built in. Advanced Ads and Ad Widget are two great plugins. ModerateRecommended
54ConnectConnect your site to Adsense or AmazonThere are some blogs that generate enough traffic to receive revenue. You can connect your site to Adsense or Amazon in order to generate profit.ModerateRecommended
53ConnectSocial Media Integration via SNAP, Jetpack, or other pluginIf you have social media accounts that you want to send content to automatically from your blog, then use a plugin such as jetpack or Social Network Auto Poster (SNAP) to send blog posts automatically to your social media accounts. ModerateRecommended
52ConnectConfigure Google Analytics pluginThere are multiple google analytics plugins that you can install and configure ModerateHighly Recommended

Quick links to jump to a section – >

68OptimizeAdd Content and PublicizeMake sure that you uncheck "Discourage search engines from indexing this site" that you checked in the configuration section Log into your webmaster tools account that you setup with Google and perform a "Fetch as Google" You should also make sure that your sitemap is listed in your webmaster tools account so that google is aware of new pages/posts on your site. EasyNecessary
67OptimizeRun a Final Security ScanUse a plugin such as Wordfence to run a final security check on your site. This will help you plug up any holes.EasyOptional
66OptimizeRun Site Accessibility TestTest your site to make sure it is accessible using the Web Accessibility Evaluation tool.
65OptimizeTest the mobile view of your websiteView your website in different mobile tablets and phones additionally run the google mobile friendly check. EasyRecommended
64OptimizeTest Your Website Using Different BrowsersLoad up different browsers such as firefox, opera, chrome and safari and check the views to ensure it works.EasyRecommended
63OptimizeTest Your WordPress ConfigurationNow that your website is almost complete, you should test the WordPress configuration to see if there are any issues: - Make a few test posts and make sure that your website passes the suggested tests on the website. -Validate your HTML/XHTML to make sure it is correct. -Validate your CSS to make sure it is correct.EasyRecommended
62OptimizeBroken Link CheckerDo a check to make sure all of your links are valid. You can do this by installing the broken link checker plugin or use an online version. EasyRecommended
61OptimizeIncrease the Performance of WordPressUsing a caching plugin such as W3 total cache, Fastest Cache, and others will speed up your site. Be sure to do your research on which one is appropriate for your needs. Not every webhost allows every caching solution, so be sure to check that as well.ModerateRecommended
60OptimizeCleanupYou may now have multiple unused themes and plugins in your WordPress website. You should now deactivate and delete any unused themes and plugins from your website. Unused themes and plugins which are not updated can be a security risk. Hello Dolly and Akismet,(if you haven't signed up for their blog service), are two plugins which can usually be deleted. If you installed a different theme, you can delete a couple of the default WP themes such as Twenty-Sixteen, etc.EasyRecommended
59OptimizeAdd Image Compression PluginOne of the items that will easily slow down your site is extremely large image sizes. You'll want to either optimize your images before uploading them or install a plugin such as WP Smush to compress the image sizes. EasyRecommended
58OptimizeFind unused media files and deleteIf you have uploaded any images, and files that are not being used at all on your site. You can use the Media Cleaner plugin to alert you to those files, quarantine them, and eventually delete them from your site. This will help you to keep your WP install clean and clutter free. EasyRecommended
57OptimizeIntegrate Payment or Ecommerce ProviderIf you are going to allow purchases on your site, you'll need to configure for the top two, (and easiest to integrate) payment processors - Paypal and Stripe. If you are using Woocommerce or Easy digital downloads to power your e-commerce, those extensions are available. If you're not powering a full blown shop, you can use form builder plugins with e-commerce add-ons for PayPal and Stripe in order to process payments. ModerateRecommended

Quick links to jump to a section – >

We want to hear from you!

Are we missing something? have a suggestion? – anything outdated? Place your suggestion below and we may add your item to our list – You can also vote on your favorite comments/additions.  These Comments are moderated, so keep it positive! Plugin suggestions are allowed, but if we deem it spammy or “sales-y” it won’t be approved.
If we add your suggestion, we’ll post your name as the person who originally submitted it!  Please include section (Install, Secure, Configure, Connect, or Optimize) and details of what step(s) you want included or deleted. All submissions become property of the list.  Don’t forget to vote for suggestions that you like!

Share This