This almost 70 step check list will help you to install WordPress the right way. If your site is already installed, no problem, just click to the Secure section and keep going. This list is being updated. If you think something should be added/deleted from the list, leave a comment below the list and/or vote on someone else’s comment.
|1||Install||Domain and Hosting||There are some really great WordPress web hosting providers outthere, but the 2 we recommend are Siteground and WP engine. WordPress.org has recommended hosts as well. https://wordpress.org/hosting/||Varies||Necessary|
|2||Install||1 Click WP Install|
You can use a 1 click install depending on how your web host is set up. Go to your particular web host’s support site and follow the instructions on how to set up WordPress. If you have a managed WordPress host such as WP engine. or Pantheon Install is done very easily for you. Other shared hosts such as Bluehost and Siteground may require you to take a few additional steps. Please check your host's documentation.
|3||Install||Email Account Setup||Some webhosts include email hosting as part of their hosting package. For other hosts, you will need to use a separate service such as G-Suite Or FastMail in order to get email for your website using your URL .||Moderate||Recommended|
|4||Install||Login as Administrator||For a default WordPress setup, the login is found at http://yoursite.com/wp-admin You'll need to login using your username (or email address), and the password that you chose in the 1 click install step. Depending on your webhost, you may have received an email requesting that you reset your password, after which you'll be able to login.||Easy||Necessary|
|5||Install||Update Site Name and Tagline||In the dashboard under Settings>General, update the site title and tagline. The site title will be what is listed in search engines for your site and will also show in the browser tab. Your site tagline may or may not be visible on your site based on the theme that you're using.||Easy||Necessary|
|6||Install||Update Timezone/Date/Week Start||In the dashboard under Settings>General , update the Date format, Timezone, and Day of the Week. The timezone is especially handy to set, because any administrative emails that are sent to you will reflect the time that is set on this page.||Easy||Recommended|
|7||Install||Delete Sample Content||In the Dashboard under Posts, delete the "Hello World" Blog post. Under Pages, delete the "Sample Page" content. Under Comments delete the "Sample Comment".||Easy||Necessary|
|8||Install||Set Permalinks||In the dashboard under Settings > Permalinks update the Permalink format - in most cases, it should be the "Post Name" format. This is the best setting for SEO (Search Engine Optimization) purposes.||Easy||Necessary|
|9||Install||Set Homepage||If you don't want your blog posts to be the first thing visitors see go to the dashboard under Settings > Reading and update the static page and blog page settings. Set the static page to whatever homepage that you have set up.||Easy||Recommended|
|10||Install||Set the number of Posts||In the dashboard under Settings > Reading update the number of blog posts to set how many blog posts are shown on the blog page. The default is 10, but can be changed to any number.||Easy||Recommended|
|11||Install||Discourage Search Engines||In the dashboard under Settings > Reading check the "Discourage search engines from indexing this site" This keeps Google and other search engines from displaying your site in search results while you are working on it. Make sure to uncheck this box when your site is ready to launch.||Easy||Recommended|
|12||Install||Choose Comments Settings or Disable Comments||If you want to have comments on your site, choose Settings > Discussion and check the appropriate boxes. If you want to disable all plugins install the Disable Comments Plugin||Easy||Recommended|
|13||Install||Setup Cloudflare||Cloudflare is a great free service that provides CDN and SSL for your site. You will see great speed improvements once you setup your site on this service.||Moderate||Recommended|
|14||Install||Google Account Setup||If you don't have a Google Account, you will need one to add Google Analytics, Webmaster Tools, and other items later. You can sign up for one Here||Easy||Recommended|
|15||Install||Website Monitoring||There's nothing worse than going to your website and seeing it is down. You'll want to add uptime monitoring to know if your site is down for a large amount of time. You can sign up for Uptime Robot or Pingdom. These services will monitor your WP site and notify you if it is down.||Easy||Recommended|
|16||Install||Mailing List Setup||If you want to market to your potential customers via email, you can setup your own mailing list hosted in your own site, or via an external service. If you want it hosted on your own site, then you'll want to use plugins such as: Mailpoet 3 or The Newsletter Plugin If you're looking for external services with more features then you'll want to look at:||Moderate||Recommended|
|17||Install||Install WP Theme||You'll want to add a theme to your WP site in order to give it the looks/functionality that you want. There are multiple themes available to you via WordPress.org. Go to Appearance > Themes to see all of the free WordPress.org themes. There are also multiple themes available on Themeforest, and through individual theme shops online. Some themes even include premium plugins to enhance your site even more.
Installing a WordPress theme is easy, choosing one is difficult!
The following list should be kept in mind:
|18||Install||Upload Favicon||A favicon is the small 16 pixels x 16 pixels icon that you see in your browser tab when you load a website. Various themes allow you to upload a favicon for your site to give it a more professional appearance.||Moderate||Recommended|
|19||Install||Set Privacy Page||With the new GDPR rules and Privacy requirements, you should set your privacy page- Go to your Dashboard > Settings > Privacy||Easy||Necessary|
|20||Install||Install SEO Plugin||You'll want to install a Search Engine Optimization,(SEO) plugin that will help you to be found on search engines. Two of the leading plugins are Yoast Seo and All In One Seo||Easy||Recommended|
|21||Install||Install Backup Plugin||You'll want to have some way to backup your site. Web Hosts generally do a backup, but you'll probably want one of your own. We recommend Updraftplus it is extremely reliable, easy to use, and has alot of reasonably priced extensions.||Easy||Recommended|
|22||Install||Install Contact Form with honeypot/recaptcha||A contact form is pretty much necessary to interact with potential customers/clients. Do a wordpress.org search to get potential plugins. Some popular forms are Gravity Forms, Ninja Forms, and Contact Form 7.||Easy||Recommended|
|23||Install||Install Anti Spam Plugin||Anti spam plugins will keep spammers at bay. WP Bruiser, Anti spam, and Akismet are three good options.||Easy||Recommended|
|24||Secure||Get Let's Encrypt SSL cert if you didn't configure Cloudflare||If you didn't configure Cloudflare in the install step, you'll want to install a free Let's Encrypt certificate through your webhost. This will allow a secure connection between your website and the visitors computer. Search engines and browsers are now requiring that websites have SSL or they will flag the site as insecure.||Moderate||Necessary|
|25||Secure||Get an FTP Program and FTP Setup||In order to secure your site, you'll need access to the files on your site. An FTP program will keep you from having to login to your web host every time you need to make a change. Filezilla and Cyberduck are two great FTP programs||Moderate||Necessary|
|26||Secure||Download a text editor||You'll need a text editor to change values in certain files that you access using FTP.||Moderate||Necessary|
|27||Secure||Change Admin Account Name||The "admin" username that comes by default with WordPress is well known by hackers. From that point all they need to do is guess your password. To increase security, you should remove the admin user account. To add a new user to replace the admin account follow: https://wp-tutoring.com/adding-new-user-to-wordpress/ - Then log into that new account you just created and delete the old "admin" user.||Moderate||Necessary|
|28||Secure||Change default WordPress login page||http://yoursite.com/wp-admin is the usual WordPress login page. In order to make it a little harder for hackers you can change the login page location to something else such as https://yoursite.com/customlogin using the WPS Hide plugin||moderate||Necessary|
|29||Secure||Force SSL Plugin||Once you enable SSL, you'll want to have all of your url's be loaded over to https://. The Really Simple SSL plugin works well for this task.||advanced||Necessary|
|30||Secure||Install Strong Passwords Plugin||If your webhost doesn't provide this already, you'll want to install a plugin that forces your website users to use stronger passwords which increase security. No more "Password123" - There are multiple plugins that helps you accomplish this. https://wordpress.org/plugins/search/strong+passwords/||Easy||Necessary|
|31||Secure||Set appropriate user levels for all users (editor or below unless necessary)||WordPress has 5 user levels- each level has the ability to do different things on your website. Make sure you give the appropriate user level to each user. To get more explanation, read the following: https://wp-tutoring.com/wordpress-user-roles/||Moderate||Recommended|
|32||Secure||Turn off code editing from the admin dashboard||Using FTP, find your website's wp-config.php file. Add the following line before the /**That's All….**/ line define( 'DISALLOW_FILE_EDIT', true ); This will keep a hacker that gets admin permissions from directly editing your code. https://codex.wordpress.org/Editing_wp-config.php||Advanced||Recommended|
|33||Secure||Update Unique Keys||You can update the WordPress salts that are in your wp-config file in order to harden security. Once you replace them anyone who is currently logged into your site will be logged out. They will be able to login again with no problems. https://codex.wordpress.org/Editing_wp-config.php||Advanced||Recommended|
|34||Secure||Move wp-config.php||wp-config.php is a very important file that can easily compromise your site if it falls into a hackers hands. Moving it up one level in your servers directory keeps it out of your public folder just in case your server is compromised. https://codex.wordpress.org/Editing_wp-config.php||Advanced||Recommended|
|35||Secure||Stop SQL Injection Attacks||One of the best ways to mitigate this style of attack is to install Wordfence or All in One Security||Advanced||Recommended|
|36||Secure||Change WordPress Database Prefix||By default WP creates database tables that begin with wp_ … which possible hackers know and can write SQL scripts for. By changing the database prefix you can make it harder for hackers to create scripts to compromise your database information. Some webhosts do this by default.||Advanced||Recommended|
|37||Secure||Update Htaccess Settings||A htaccess file is used by a web server to set permission and security. Your WordPress installation contains one of these files and can be used to increase security on your website. Install the Wordfence plugin for a fast way to check thesecurity of your htaccess file. Find out more about htaccess files.||Advanced||Recommended|
|38||Secure||Add File Monitoring Scan||One of the quickest ways to determine if you are being hacked is to have a file monitor to determine if a hacker has changed any of your WP core or Plugin files. Plugins such as Wordfence or All in One Security will monitor this for you along with other security benefits, but if you're looking to do this in a lighter weight package, you can use a plugin such as WordPress File Monitor||Easy||Optional|
|39||Secure||Check Comment Settings||The Settings Discussion Screen allows you to set the options concerning comments (also called discussion). You can find this on the Settings—> Discussion menu item. It is here the administrator decides if comments are allowed and what constitutes Comment Spam.||Moderate||Optional|
|40||Secure||Implement 2 Factor Security||If you or a small team of people will be logging into a site, you should consider using two factor authentication, which not only uses a username and password, but also requires an additional device, such as your cell phone to log you into the account.||Advanced||Optional|
|41||Secure||Get Let's Encrypt SSL cert if you didn't configure Cloudflare||If you didn't configure Cloudflare in the install step, you'll want to install a free Let's Encrypt certificate through your webhost. This will allow a secure connection between your website and the visitors computer. Search engines and browsers are now requiring that websites have SSL or they will flag the site as insecure.||Moderate||Necessary|
|42||Configure||Plan Site Taxonomy||A site taxonomy is a grouping mechanism for content. There are two default ways to group content in WordPress:
You can manage your tags and categories from within WordPress Administration. Most sites will work fine with these taxonomy types.
However you are not limited to just two types of taxonomy in WordPress. You create custom post types and custom taxonomies to organize your content as you wish e.g., create a job taxonomy for a jobs website or a movie taxonomy for a movie review website.
Find out more about taxonomies and custom post types.
|43||Configure||Gutenberg or classic editor||Heading into WordPress 5.0 and beyond the "Gutenberg" editor will be used in WordPress. If you don't want to use that editor, then install the Classic Editor plugin in order to disable Gutenberg.||Easy||Necessary|
|44||Configure||Configuring the WordPress Theme||Depending on your theme, you'll want to customize certain things such as Page titles, Post meta, etc… You'll want to refer to your theme makers homepage to find out all of the options that are available to you.||Easy||Necessary|
|45||Configure||Improve 404 Errors||404 errors happen when a page is requested that does not exist. WordPress can handle these errors fine but you can make your 404 pages much better by installing the 404 page plugin.||Easy||Recommended|
|46||Configure||Configure Related Content||Once your visitors have finished reading one piece of content, it always a good idea to show them related content.|
You can do this automatically by installing and configuring the Jetpack plugin by Automattic.
Jetpack has the added benefit of generating the information off server so that your hosting account won't have to bear the database load of indexing and serving up the related posts.
|47||Configure||Add Contact Page||Almost all sites will need to have a contact page of some sort. There's a plethora of contact forms that serve different needs. Additionally, depending on your theme you may have a form builder included. You can find a list of free contact forms here.||Easy||Necessary|
|48||Configure||Add HTML Sitemap||This is very important to allow google to crawl and index relevant pages on your site - you can create one through plugins or you can use and online scanner and place the html code in your public html directory.||Easy||Recommended|
|50||Configure||Install Maintenance Page Plugin||There may be times when your site has
to be down due to updates, etc..
Installing a maintenance page plugin
will allow site visitors to know that it is
scheduled maintenance and will
encourage them to come back at a later
|51||Configure||Setup 301 Redirects if upgrading from old site||If your site was pre-existing, and you are
changing the url of certain pages, you'll
want to use 301 redirects to let search
engines know that the content has moved
For instance, if your old url was
mysite.com/about-us, and we want to
make it mysite.com/about, you'll need to
use a 301 redirect to inform search
engines of the move.
|52||Connect||Configure Google Analytics plugin||There are multiple google analytics plugins that you can install and configure||Moderate||Highly Recommended|
|53||Connect||Social Media Integration via SNAP, Jetpack, or other plugin||If you have social media accounts that you want to send content to automatically from your blog, then use a plugin such as jetpack or Social Network Auto Poster (SNAP) to send blog posts automatically to your social media accounts.||Moderate||Recommended|
|54||Connect||Connect your site to Adsense or Amazon||There are some blogs that generate enough traffic to receive revenue. You can connect your site to Adsense or Amazon in order to generate profit.||Moderate||Recommended|
|55||Connect||Configure Adsense and Other Advertising||Placing ads for products or services on your site is one way to monetize your site's traffic. You will want to install an ad plugin based on which ad service you're using. Certain themes also have ad functionality built in. Advanced Ads and Ad Widget are two great plugins.||Moderate||Recommended|
|57||Optimize||Integrate Payment or Ecommerce Provider||If you are going to allow purchases on your site, you'll need to configure for the top two, (and easiest to integrate) payment processors - Paypal and Stripe. If you are using Woocommerce or Easy digital downloads to power your e-commerce, those extensions are available. If you're not powering a full blown shop, you can use form builder plugins with e-commerce add-ons for PayPal and Stripe in order to process payments.||Moderate||Recommended|
|58||Optimize||Find unused media files and delete||If you have uploaded any images, and files that are not being used at all on your site. You can use the Media Cleaner plugin to alert you to those files, quarantine them, and eventually delete them from your site. This will help you to keep your WP install clean and clutter free.||Easy||Recommended|
|59||Optimize||Add Image Compression Plugin||One of the items that will easily slow down your site is extremely large image sizes. You'll want to either optimize your images before uploading them or install a plugin such as WP Smush to compress the image sizes.||Easy||Recommended|
|60||Optimize||Cleanup||You may now have multiple unused themes and plugins in your WordPress website. You should now deactivate and delete any unused themes and plugins from your website. Unused themes and plugins which are not updated can be a security risk. Hello Dolly and Akismet,(if you haven't signed up for their blog service), are two plugins which can usually be deleted. If you installed a different theme, you can delete a couple of the default WP themes such as Twenty-Sixteen, etc.||Easy||Recommended|
|61||Optimize||Increase the Performance of WordPress||Using a caching plugin such as W3 total cache, Fastest Cache, and others will speed up your site. Be sure to do your research on which one is appropriate for your needs. Not every webhost allows every caching solution, so be sure to check that as well.||Moderate||Recommended|
|62||Optimize||Broken Link Checker||Do a check to make sure all of your links are valid. You can do this by installing the broken link checker plugin or use an online version.||Easy||Recommended|
|63||Optimize||Test Your WordPress Configuration||Now that your website is almost complete, you should test the WordPress configuration to see if there are any issues: - Make a few test posts and make sure that your website passes the suggested tests on the WordPress.org website. -Validate your HTML/XHTML to make sure it is correct. -Validate your CSS to make sure it is correct.||Easy||Recommended|
|64||Optimize||Test Your Website Using Different Browsers||Load up different browsers such as firefox, opera, chrome and safari and check the views to ensure it works.||Easy||Recommended|
|65||Optimize||Test the mobile view of your website||View your website in different mobile tablets and phones additionally run the google mobile friendly check.||Easy||Recommended|
|66||Optimize||Run Site Accessibility Test||Test your site to make sure it is accessible using the Web Accessibility Evaluation tool.
|67||Optimize||Run a Final Security Scan||Use a plugin such as Wordfence to run a final security check on your site. This will help you plug up any holes.||Easy||Optional|
|68||Optimize||Add Content and Publicize||Make sure that you uncheck "Discourage search engines from indexing this site" that you checked in the configuration section Log into your webmaster tools account that you setup with Google and perform a "Fetch as Google" You should also make sure that your sitemap is listed in your webmaster tools account so that google is aware of new pages/posts on your site.||Easy||Necessary|
We want to hear from you!
Are we missing something? have a suggestion? – anything outdated? Place your suggestion below and we may add your item to our list – You can also vote on your favorite comments/additions. These Comments are moderated, so keep it positive! Plugin suggestions are allowed, but if we deem it spammy or “sales-y” it won’t be approved.
If we add your suggestion, we’ll post your name as the person who originally submitted it! Please include section (Install, Secure, Configure, Connect, or Optimize) and details of what step(s) you want included or deleted. All submissions become property of the list. Don’t forget to vote for suggestions that you like!