Essential checks before going online

First of all, make all the checks explained here.

Google Analytics

To add Google Analytics to your WordPress site, just add the google analytics code inside footer.php, above </body>.

If your site has a search function, make sure that you enable site search in Google Analytics.

If your site is an e-shop, make sure that you enable the ecommerce tracking feature in Google Analytics.

Install the Limit Attemps plugin

Protect your site from spam and unwanted visitors.

Install the Email Adress Encoder

Protect plain email addresses and mailto links from email-harvesting robots by encoding them into decimal and hexadecimal entities.

Install the Sucuri Security plugin

Make sure you use it in order to prevent possible attacts and protect your site.

Use the Yoast WordPress SEO Plugin

Definitely a must. Check here for what it can do for you.

Robots.txt

Search Engines read a yourserver.com/robots.txt file to get information on what they should and shouldn’t be looking for, and where.

Specifying where search engines should look for content in high-quality directories or files you can increase the ranking of your site, and is recommended by Google and all the search engines.

An example WordPress robots.txt file:

User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /trackback/
Disallow: /feed/
Disallow: /comments/

Hide unnecessary items from the WordPress backend

Create a user with ‘editor’ role. This will be used by your client. Make sure that you use adminimize plugin, so that you let the client see only the necessary items in the WorPress backend.

Next, log in as the editor, go to the various sections (eg. post, page, etc.) and customize the screen options that you want the user to see.

Lastly, you can deactive through adminimize the screen options.

Remove meta content generator

WordPress adds this line to your html files

<meta name="generator" content="WordPress 2.7" />

If you display the “Generated by WordPress version #” in your source code then it’s easier for someone to find your site (like a hacker) who is searching for WP sites of that particular version to exploit.

To remove it put

remove_action('wp_head', 'wp_generator');

into your theme’s function.php.

Change the default wordpress email address

Add the following code into your theme’s function.php

add_filter( 'wp_mail_from', 'my_mail_from' );
 function my_mail_from( $email )
 {
 return 'info@mydomain.com';
 }
add_filter( 'wp_mail_from_name', 'my_mail_from_name' );
 function my_mail_from_name( $name )
 {
 return 'My desired username';
 }

Remove WordPress update notice

function remove_wp_update_notice() {
    if ( !current_user_can('manage_options') ) {
      remove_action( 'admin_notices', 'update_nag', 3);
      }
}
add_action('admin_init', 'remove_wp_update_notice');

Change the 404 error page

Create your own 404 error page. For an easy solution, just redirect to home. To do so, delete all content from 404.php and add

<?php wp_redirect(get_option('home')); ?>

Disable comments if you don’t need them

Add this in your functions.php:
// disable comments
function __disable_feature($data) { return false; }
add_filter('comments_number', '__disable_feature');
add_filter('comments_open', '__disable_feature');

Disable trackbacks to avoid spam

In your WordPress dashboard, go to Settings / Discussion and detick Allow link notifications from other blogs (pingbacks and trackbacks). This won’t allow trackbacks in the new posts, but all of your older posts still have the problem and people can spam your blog there. To disable trackback in older posts, log in to your cpanel and go to phpMyadmin . Open the database of your blog and then run this query on the SQL tab :

UPDATE wp_posts SET ping_status="closed";

Keep backups

Use the BackUpWordPress plugin in order to keep scheduled backups of your website (database and files). Better safe than sorry!

Remove the ability to browse directories

For example enter www.yourblog.com/wp-content/uploads/ into your browser. If you’ve not yet removed this access then you’ll see a list of all your upload folder contents. This isn’t good as hackers can locate plugins that have security issues and target them in their next attack.

Add the following text to your .htaccess file (usually located in your blog or site’s root directory):

Options -Indexes

Decrease the Maximum File Upload Size in WordPress media library

Some users tend to upload extremely big images to the media library. To prevent them from doing so, you can change these two php.ini settings:

upload_max_filesize = 64M
post_max_size = 64M

Check for errors

After uploading your site, check public_html and your site’s theme folder for possible error logs.

Optimize your site

You can read all about site speed optimization here.

Get notified if your site goes down

You can use Uptime Robot. It’s free!

Learning Resources

Post A Comment

Anti-Spam Quiz: