WordPress is by far the most popular CMS on the web, powering nearly 75 million websites at last count, that’s nearly 20% of the entire internet and growing. Not surprisingly there are tons of tips and tricks to keep things running smoothly. We’ve put together a list of eight super simple things you can do optimize your WordPress experience (and possibly save you lots of hassle and heartache in the future).
1 – Delete the Admin User
One of the biggest security risks to any WordPress website is having a user with a username of ‘Admin’. All a hacker has to do is guess your password and they’re in. Just create a new user with administrator privileges and then log out and log back in with a different administrator username (you can’t delete the Admin account if it is logged in). If you need help this article has very good instructions. Make sure your passwords are strong and secure too – ‘password’ or ‘letmein’ is NOT a good way to protect your website! Follow WordPress’s password recommendations, there is even a cool password strength meter – use it!
2 – Remove Unneeded Users
If you had a friend or colleague working with you years ago do they still need access to your WordPress site? If they are no longer involved in your site’s maintenance the answer is probably no? You should delete their accounts as a security precaution as well. It’s incredibly easy to add a new user in WordPress, far easier than recovering from a hack.
3 – Ensure The WordPress Core And All Plugins Are Up-To-Date
This one is dead simple, WordPress will flat out tell you if something is out of date and you should pretty much always listen.
4 – Remove Unused or Unnecessary Plugins and Themes
This one is super simple too. If you have themes that you are not using, even the ones that come preinstalled with WordPress, you should delete them (you can always reinstall them later if you really want them back). Like with the TinThumb vulnerability a few years ago, even if the active theme didn’t use the TimThumb plugin a hacker could still gain access to your site because it was installed with a non-active theme.
Limit the number of plugins you are using too. If it’s not necessary, delete it. Hello Dolly is a cute idea but I doubt you really need it’s functionality.
5 – Change the Login URL of Your WordPress Website
Every standard install of WordPress uses the same login URL – /wp-login.php. This is incredibly convenient for users and for hackers since they already know the address of the sign-in page. There are lots of ways of achieving this, including iThemes Security or Lockdown WP Admin. Both have their benefits and drawbacks so do your research first.
6 – Disable File Editing Via the Dashboard
In a default WordPress installation, you can navigate to Appearance > Editor and edit any of your theme files right in the dashboard. Unless you really need this functionality t’s a good idea to disable this method of file editing, by adding the following to your wp-config.php file:
Add define( ‘DISALLOW_FILE_EDIT’, true ); to the config.php file.
7 – Change Nickname Under User Profile
WordPress loves to broadcast your username to the world. Ensure you change the ‘Display name publicly as’ setting in each user’s profile to something different, their actual name is a great idea!
Don’t forget to change the Edit Author Slug too!
8 – Always, Always, ALWAYS Backup Your Database & Website Files
The only easy way to get back from a hack is to have a good back-up. But even if you’re not hacked it’s still a good idea to have a back-up. What if your web host goes out of business, or you upload a plugin that causes a meltdown. Having a back-up makes restoring your site relatively pain free. BackWPup Free offers back-up to a variety of sources, including Google Drive and DropBox. iThemes Security plugin also offers backup features, although not as robust as BackWPup. iThemes BackupBuddy offers a fairly impressive set of backup options but is also fairly pricey. There are tons of options for backing up WordPress websites so make sure you do your research first.
Remember, it’s not your web hosting company’s job to back-up your website for you, nor is it your web designers job. Don’t get me wrong, both should have some sort of back-up to help you out if anything goes wrong. But you’re the one running and actively updating your website, it’s up to you to ensure that you have a well functioning back-up plan.
These are just a handful of quick and easy tips designed to keep your WordPress website running smoothly. Stay tuned for more great tips and tricks, in-depth reviews of WordPress plugins and themes, and detailed How To articles. And of course, if you have any other great suggestions please leave them in the comments section, we’d love to hear all about them.