First of all, make all the checks explained here.
Google Analytics
To add Google Analytics to your WordPress site, just add the google analytics code inside footer.php, above </body>.
If your site has a search function, make sure that you enable site search in Google Analytics.
If your site is an e-shop, make sure that you enable the ecommerce tracking feature in Google Analytics.
Install the Limit Attemps plugin
Protect your site from spam and unwanted visitors.
Install the Email Adress Encoder
Protect plain email addresses and mailto links from email-harvesting robots by encoding them into decimal and hexadecimal entities.
Install the Sucuri Security plugin
Make sure you use it in order to prevent possible attacts and protect your site.
Use the Yoast WordPress SEO Plugin
Definitely a must. Check here for what it can do for you.
Robots.txt
Search Engines read a yourserver.com/robots.txt file to get information on what they should and shouldn’t be looking for, and where.
Specifying where search engines should look for content in high-quality directories or files you can increase the ranking of your site, and is recommended by Google and all the search engines.
An example WordPress robots.txt file:
User-agent: * Disallow: /wp-admin/ Disallow: /wp-includes/ Disallow: /wp-content/plugins/ Disallow: /wp-content/cache/ Disallow: /trackback/ Disallow: /feed/ Disallow: /comments/
Hide unnecessary items from the WordPress backend
Create a user with ‘editor’ role. This will be used by your client. Make sure that you use adminimize plugin, so that you let the client see only the necessary items in the WorPress backend.
Next, log in as the editor, go to the various sections (eg. post, page, etc.) and customize the screen options that you want the user to see.
Lastly, you can deactive through adminimize the screen options.
Remove meta content generator
WordPress adds this line to your html files
<meta name="generator" content="WordPress 2.7" />
If you display the “Generated by WordPress version #” in your source code then it’s easier for someone to find your site (like a hacker) who is searching for WP sites of that particular version to exploit.
To remove it put
remove_action('wp_head', 'wp_generator');
into your theme’s function.php.
Change the default wordpress email address
Add the following code into your theme’s function.php
add_filter( 'wp_mail_from', 'my_mail_from' );
function my_mail_from( $email )
{
return 'info@mydomain.com';
}
add_filter( 'wp_mail_from_name', 'my_mail_from_name' );
function my_mail_from_name( $name )
{
return 'My desired username';
}
Remove WordPress update notice
function remove_wp_update_notice() {
if ( !current_user_can('manage_options') ) {
remove_action( 'admin_notices', 'update_nag', 3);
}
}
add_action('admin_init', 'remove_wp_update_notice');
Change the 404 error page
Create your own 404 error page. For an easy solution, just redirect to home. To do so, delete all content from 404.php and add
<?php wp_redirect(get_option('home')); ?>
Disable comments if you don’t need them
// disable comments
function __disable_feature($data) { return false; }
add_filter('comments_number', '__disable_feature');
add_filter('comments_open', '__disable_feature');
Disable trackbacks to avoid spam
In your WordPress dashboard, go to Settings / Discussion and detick Allow link notifications from other blogs (pingbacks and trackbacks). This won’t allow trackbacks in the new posts, but all of your older posts still have the problem and people can spam your blog there. To disable trackback in older posts, log in to your cpanel and go to phpMyadmin . Open the database of your blog and then run this query on the SQL tab :
UPDATE wp_posts SET ping_status="closed";
Keep backups
Remove the ability to browse directories
For example enter www.yourblog.com/wp-content/uploads/ into your browser. If you’ve not yet removed this access then you’ll see a list of all your upload folder contents. This isn’t good as hackers can locate plugins that have security issues and target them in their next attack.
Add the following text to your .htaccess file (usually located in your blog or site’s root directory):
Options -Indexes
Decrease the Maximum File Upload Size in WordPress media library
Some users tend to upload extremely big images to the media library. To prevent them from doing so, you can change these two php.ini settings:
upload_max_filesize = 64M post_max_size = 64M
Check for errors
Before uploading your site, turn WP_DEBUG on, navigate to all your pages and see if any PHP errors appear. If yes, solve them.
After uploading your site, check public_html and your site’s theme folder for possible error logs.
Optimize your site
You can read all about site speed optimization here.
Get notified if your site goes down
You can use Uptime Robot. It’s free!