The idea is to help you setup your blog (not started one yet? Read our guide on how to start a blog) so it performs the best it can in search engines, when you’re using it and when your readers visit.
They’re ideas and suggestions rather than orders. You don’t have to do any of these things, but I’ve found they help me when I’m setting up a WordPress site for myself or a client.
NB Some of these ideas won’t work on WordPress.com blogs.
Okay, go grab a coffee if you’re feeling parched, if not, let’s get going…
How to setup WordPress like a problogger
- Complete basic information about your blog
- Install a theme that suits the purpose of your blog
- Change the permalink structure
- Delete the default content
- Install a backup plugin
- Install an SEO plugin
- Install a caching plugin
- Delete the admin user
- Activate the Akismet plugin
- Install Google Analytics
- Create a contact form
- Install essential plugins
- Install a security plugin
- Create ‘legal’ pages
- Block or allow search engines
Your blog’s got a name, right? Probably a tagline too?
Fill those in right away…
Navigate to Settings > General
At the top of the page, you’ll see an area for the Site Title and Tagline. These may already be populated using the information you entered during setup. If they are and you’re happy with them, move on to the next section. If they’re empty or you want to change them, go ahead and do that.
Most WordPress themes display the title and tagline on your site, usually in the top left corner (as you look at the screen). The Site Title nearly always contains a link pointing to your homepage.
The third area, WordPress Address (URL) is the address of your site.
Google treats www.yourdomain.com and yourdomain.com as different sites, so be sure to choose the one you like, and use that one whenever you mention your site (email signatures, outreach emails, links from other sites pointing to your pages).
The choice between using www and non-www is down to personal preference. Neither gives advantage over the other when it comes to ranking high in search engines. Loren Baker explains more in his article on Search Engine Journal: Canonicalization & SEO : Should I use WWW or not?
WordPress comes packaged with three default themes. Upon installation, the latest theme, Twenty Seventeen activates.
For some people, one of the default themes is good enough.
For many more, the first thing they do is look around for a more suitable alternative – one that suits their style, taste, and goals.
If you’re blogging for business, a premium theme could be a better option than a free one.
They usually contain more features, offer 24/7 support and they’re designed by professional designers and coded by professional coders.
This gives you a great looking blog for a fraction of the cost of hiring a professional web designer.
There is a chance of coming across a site that looks exactly like yours, but that could happen with a free theme too.
Due to the size of the web, the chances of this happening are small. And perhaps a risk worth taking for a great looking site.
If you go down the premium route, expect to pay $40 – $150 to get started (you may also need to buy a framework, like the one I mostly use: Genesis).
Recommended premium WordPress theme shops
The permalink is the web address assigned to every post and page you publish (the URL).
The default WordPress permalink doesn’t prevent the indexing or ranking of pages. It’s just a bit, well, ugly and uninformative.
This is what it looks like: http://yourdomain.com/?p=123
The structure of the URL gives away no information about the content of the page. You can’t tell if it’s about baking or scuba diving.
It’s not a complete disaster.
In the search results, Google shows the title tag and either the meta description or some content from the page. So people will have an idea what your page is about.
Changing the permalink structure is simple and provides a much-improved user experience.
If not correctly managed, changing the permalink structure on an established site can result in a massive loss of traffic. To prevent this, all URLs should be configured to redirect users to the new URLs.
This is usually done using 301 or 302 redirects.
Please research the topic before changing the permalink structure on an established site.
If your site is brand new, you can go ahead and change the permalink structure without worrying about losing traffic.
How to change WordPress permalinks:
- Log in as an Administrator
- From the menu on the left-hand side of the screen, click on Settings then Permalinks
- Tick the radio button next to your preferred format (as you click through the various options, the information in the Custom Structure text box changes)
- When you’re happy, click on Save Changes
The example above uses the postname (post title) for the permalink. The example below uses the category/postname format for the permalink.
Have you ever seen the ‘Hello world!’ post on a brand new WordPress site?
Just in case you haven’t, this is what it looks like:
It’s the default post and should be moved to the trash straight away.
So to the default comment:
And finally, get rid of the default sample page:
Imagine losing your site after you’ve spent the whole weekend adding great content, uploading images and making it look amazing.
You’d be devastated, right?
Imagine losing a week’s, a month’s or even a whole year’s worth of work because you failed to create a backup.
Boy, that would tough. It would be hard to start again if that happened.
Luckily, there are services and plugins to help you avoid this terrible situation.
I’ve used the free plugins to create backups but, in my experience, if you’re not very technical, they are a nightmare to use if something when something goes wrong with your site.
Last time I used one of the free backup plugins they typically had two options for managing the database backup file: 1) emailing it to a nominated address or 2) storing it on the server.
Which is fine. At least you know where it is.
But how do you get it back into WordPress?
You can’t FTP it.
You have to go in through cPanel, phpMyAdmin and then upload it. You’ll find instructions here.
It looks easy ‘on paper’, but when you see the phpMyAdmin screen, the process becomes more daunting.
A push-button solution is better. One that guides you through the setup, backup and restore process in easy-to-understand steps.
That’s what you get with VaultPress. A backup plugin I’ve used for a couple of years now.
The basic plan costs an easily affordable $5 per month.
It’s ideal for anyone who doesn’t want to get involved with the technical stuff and wants to sleep easily at night knowing their blog is in good hands.
Before installing a backup plugin, check with your hosting company as they may provide a backup as part of the service.
Alternative backup plugins and services
WordPress has no built-in SEO settings, so you must install a dedicated plugin.
At least two do an excellent job.
The first is All-In-One SEO, which dominated the space for a very long time.
Then there’s WordPress SEO, which is currently more popular than any similar plugin.
Which should you choose?
WordPress SEO, in my opinion, is the best plugin of the two.
It has more features and gives you more control over settings on a site-wide and page-by-page basis, but it is quite hard to setup if you don’t understand the terminology.
All In One SEO is better suited to people who have little or no knowledge of SEO and want to use a plugin ‘out of the box’.
What do other people think?
Both plugins currently run on over one million WordPress sites.
In terms of 5-star ratings, WordPress SEO is the clear winner.
A post on the Elegant Themes blog takes an in-depth look at both plugins.
So, which should you choose?
Answer – The one you prefer using.
If you’re new to SEO, start with All In One SEO Pack (you can always move over to WordPress SEO later, and import the settings from All In One). If you know your way around custom title tags, noindexing and noodping, choose WordPress SEO as you’ll prefer the tighter control.
WordPress is renowned for being slow. For this reason many WordPress users install a caching plugin.
It’s hard to explain without using technical terms and jargon…
WordPress uses a language called PHP to build pages. It stores all the data such as images, content, links etc in a database.
Whenever somebody requests a page from your site, WordPress builds it. Every time.
Sometimes, this takes a few seconds and depends upon a number of factors such as the configuration of the server, its location in relation to the site visitor and the number of requests WordPress makes to the database at that time.
It all happens very quickly, but sometimes it’s not quick enough for the average internet user. And if your pages don’t load in super-quick time, you may lose a potential customer.
A caching plugin bypasses the calls to the database and creates HTML versions of your pages, stores them on the server and displays them to the visitor when requested. This cuts down the load time and improves the user experience.
Just like the SEO plugins mentioned earlier, there’s a couple of really popular caching plugins which have been around for years. If you don’t know how these things work, it’s best sticking with the tried and tested over the new and unexplored.
The two most popular caching plugins are:
WP Super Cache
W3 Total Cache
Both plugins do an excellent job but the settings and terminology could confuse you if you’re not totally into server settings and suchlike. If this is you (and I include myself here), the default settings should be good enough.
The default WordPress username is admin. Most hackers know this.
They also know the average user doesn’t understand the need to switch to an alternative.
Using software and sometimes multiple computers, hackers find your login page and try to gain access to your site using the admin username and a variety of dictionary words for the password.
To better protect your site, delete the admin user and assign all posts accredited to admin (if you have any) to a different user.
Then, delete the admin user.
Here’s how you do it:
Step 1 – Create a new user account
In the left-side menu navigate to Users and click on Add New.
You will see a screen like this:
Now follow these 4 steps:
- Think of a username and enter it into the username field. The username cannot be changed.
- Enter the email address for the user. WordPress uses the email address to send password reminders and contact the user (one email address per user).
- Enter a new password.
- Change Subscriber to Administrator so the new account has full control.
Next, delete the admin user and switch posts to the new account
Now you have created the new account, log out of WordPress and log back in using the new details.
Navigate to the Users screen via the left side menu.
If you only have two users the list looks something like this:
To find the delete button, hover your mouse under the username. As you do this, a couple of links show up.
Click on the Delete link to remove the admin account.
The option to switch all posts appears on the next screen.
As we want to re-assign the posts, click the radio button next to that option and use the pull-down menu to choose the account to which you want to assign the posts.
Now hit the Confirm Deletion button and the account is gone, with all posts assigned to the new user.
A Lifehacker post from 2011 makes the argument for using common phrases as passwords instead of “complete gibberish”, as they take longer to crack.
The point of the article is that a phrase like “this is fun” (including spaces) is more difficult to guess than ‘dictionary word’ or a password made up of a group of letters and numbers, and it’s easier to remember.
It sounds crazy, but according to http://howsecureismypassword.net/, which tests the strength of a password, it’s true.
To find out how secure your password is, type it into the site and watch the data change.
In the WordPress scenario, the hacker typically knows the username (admin), the URL of the login page (if WordPress is installed in the root directory), so all that’s left is the password.
Here are the results of a few passwords I tested.
- t1m3tabl3 – 7 hours
- wimfsiltc*** – 178 years
- iutla164*!” – 1,000 years
- i!love!winter – 7,000 years
- i love winter (spaces included) – 24,000 years
As you can see, simple phrases take a heck of time to guess using a desktop PC and software.
We’re never going to need a password for 24,000 years. At the other end of the scale, using a password that takes just seven hours to crack is very risky.
If you’re struggling to think of a password, try using a password generator tool like this one.
(NB You only need Akismet if you use posts on your site, which you will if you’re blogging. If you only use pages, you needn’t worry about this plugin, as the comment system is inactive.)
It doesn’t stop every spam comment, but it stops most of them.
In default mode, WordPress comments stay open forever. You can choose to switch them off or close them after a set amount of days after publication.
Navigate to Settings > Discussion to make changes.
To disable comments, untick the box next to ‘Allow people to post comments on new articles’.
To close comments after a set number of days, tick the box ‘Automatically close comments on articles older than’ and change the number of days accordingly.
To put this into perspective, I recently closed comments on a client’s site which received 1500 spam comments a day (when I got to it, there were 28,000!). He never changed the default settings so his site was open to spam comments on every single post, some of which were a few years old.
Activate Akismet from inside WordPress and follow the on-screen instructions.
To get it working you need an API key.
Clicking the blue button takes you to the Akismet site, where you must register for the API key.
If you already have a WordPress.com account, click the link and log in with those credentials. If you don’t already have a WordPress.com account, create one and log in.
Eventually you reach the Select a Plan page. Make your choice.
The next screen asks for your payment details. Akismet is free for personal use (move the payment slider) on unlimited non-commercial sites.
Now you have the API key, head back to your site and copy and paste it into the API key field.
In case you’re wondering where all the comments come from, I’ll tell you…spammers and software.
They’re typically looking for backlinks. So they send out endless comments knowing a percentage of them will be approved and published on the target sites.
Google Analytics is the industry standard for tracking website visitors. Of course it shows you how many people visit your site, but it gives you a whole load of other information too.
Here are a few examples:
- How long people stay on your site
- How many pages they visit
- Which pages they land on
- Which pages they leave by
- The keywords people use to find your site (this data is usually very limited because Google doesn’t share it if the person searching is logged into their Google account at time of the search)
- The devices people use including desktops/laptops/mobile devices
- Their geographic location
- If you use AdSense on your site, you can link Analytics to AdSense to see which pages generate revenue
- If you use PPC you can link Analytics to AdWords to track how visitors clicking your ads engage with your site
- Track conversions
- The number of people active on your site in real-time
There are two stages to adding Google Analytics to your site. First, if you don’t already have one, you must create a Google account.
If you already have a Google account, click on Sign in.
If you don’t have a Google account, click on Create an account.
Whichever of the two links you click on, you see this page:
Enter your Google login information or click on Create an account. If you are creating an account, complete the online form, which currently looks like this:
Once you have created your account, or if you already have one, log into Google.
You will see a page like the one below, to create your Google Analytics account, click on Sign up.
On the next screen you enter information about your site and your location. Complete each section of the form, and untick any of the sharing boxes you disagree with, then click on Get Tracking ID to get your code.
You will see a screen asking to you agree to the terms of service. If you are not in the United States, change the country option to match your own, then click on I Accept.
Now, copy the tracking code (highlighted red on this screenshot) by clicking in the box on your browser. Use Ctrl + C or whichever shortcut you prefer, to copy and paste (Ctrl + V) it into your website.
Once you have the tracking code you must place it in your site. Google recommends placing the code in the header section, which sounds scarier than it is.
Some themes have special areas for Analytics and other scripts.
Check yours, if you don’t see one, try using a dedicated plugin like Insert Headers and Footers, which you can download here – or through your site.
When you have the plugin installed and activated, navigate to the options page: Settings > Insert Headers and Footers and place the tracking code in the area under Scripts in Header.
If it’s correctly set up, it will look like this:
Hit save and you’re done.
It can take up to 24 hours for Google to start showing data, so don’t worry if you don’t see anything straight away.
If you want to use a plugin to handle this, check out Google Analytics for WordPress.
You need a contact form so people can get in touch with you.
There are a few options to choose from.
My favourite is Contact Form 7 because it’s simple and easy to use.
The default form is good enough to get started. And it’s fairly easy to create your own forms by adding extra fields.
To create a contact page:
- Create a new page
- Copy the shortcode created by Contact Form 7
- Paste it into your new page
- Write a few words encouraging people to contact you and when they should expect to hear from you
- Hit publish
You now have a contact page.
The default form looks like this.
The styling comes from the Twenty Fourteen theme (one of the default themes). So, it will look different on your site if you use a different theme.
Now you’ve done all the hard work and got everything setup, it’s time to have some ‘fun’ with plugins.
Plugins add extra additional functionality to a WordPress site. Without them your site will function, but the user experience will fall a long way short of what’s expected from modern blogs and websites.
For example, there’s no contact form in a default WordPress installation. You need a plugin for that (see above). There’s no social sharing buttons either.
Everybody has their own list of essential plugins. If you Google that phrase you’ll find all sorts of lists featuring all sorts of plugins.
Very often you’ll see the staples: SEO, contact forms, share buttons, sitemaps.
Once you get past those, try taking a smarter approach and consider the purpose of your site. When you know that, you can track down the plugins to add the functionality you need.
Anyone selling digital products such as eBooks might want to install an e-commerce or payment plugin.
And if you want to add a membership area for paying subscribers, you will need a plugin for that too.
As you can see, plugins are essential, but don’t go overboard. Avoid anything gimmicky and stick to the ones you need. Some plugins use a lot of server resources, which impacts the performance of your site.
The ones you must install help your pages rank on Google (WordPress SEO), improve loading time (WP Cache), catch spam comments (Akismet) and help people get in touch with you (Contact Form 7)
Once hackers find your site, they’ll make it a target and try to gain access through the login page, out of date plugins/themes and other vulnerable areas.
Why is the login page such an easy target? Because most people don’t change the default username from admin to something more difficult to guess.
This is a big mistake.
But you’d only know it’s a problem if you spent time looking into WordPress security issues or came across a story somewhere.
Aside from the admin user issue, there are other things to think about.
Take a look at this video.
You are best using pages (not posts) to create these for reasons explained here.
What goes into these documents depends upon the nature of your site and your geographic location. There are plenty of sites offering legal documentation so a quick search should give you something.
In some cases you may have to see a lawyer to have documents drawn up specifically for your site. Before doing that, visit SEQ Legal, which offers a ton of documents you may be able to use.
Finally, now you’ve set up your blog, do you want the search engines to read it straight away or do you want to add some content first?
It’s your choice.
The default installation of WordPress allows search engines to reach and index your posts and pages. You can block search engines reading your content until the site is ready, here’s how to do it:
Navigate to Settings > Privacy > and click Ask search engines not to index this site.
A word of caution – don’t forget to change this when you’re ready for search engines to index your content!
Well, that’s it. You’ve reached the end of this mammoth (almost) 4,000 word post.
I hope you’ve picked up a few tips along the way that will help you better manage and develop your own WordPress blog?
If you have anything to add, please leave a comment.
And if you need any help with your WordPress blog, please get in touch.
Here’s to your success!