We love WordPress and we find the standard setup process  to be very easy and elegant.  Additionally, since we use WordPress as a CMS for the majority of our website builds, we have outlined and documented a set of “best practices” which we like to follow.

To follow the steps outlined in this tutorial, we will assume that you 1) already have a web hosting account (we are using 1 & 1 Hosting at the time we write this), and 2) you are following the easy installation instructions provided at the wordpress.org site.

1.  Password Protect Your Development Directory

Remember that WordPress blogs immediately begin communicating with the outside world, the minute they are installed.  It is most likely that you do not want anyone outside of your development team and your clients to see the install.

If you are using a CPanel system, should find this in the Security area of your cpanel home screen (see image):

Set a username and a password that your development team and your clients will easily remember, as they will often show the project to colleagues and friends, and will not want to fumble through their webmail to find it.  For Linux and Unix variants, you will want to use .htpasswd and .htaccess combinations.

A good reference for generating passwords is here:

2.  Generate a Secret Key for wp-config.php

In order to make the WordPress installation more secure, you should generate a secret key.  The instructions for doing this are in the wp-config-sample.php file.  Basically you can visit the following link to generate a key, and then copy and paste into your wp-config.php:

http://api.wordpress.org/secret-key/1.1/

3.  Blog Setup — Setup Your Title and Description

This is an important marketing step that should not be overlooked at the beginning of your process.  Although we are going to use an SEO plugin to manage our title and meta-tags, it is a good time to think of a title which will sum your product or website (or that of your client’s) in one short phrase.  This also gets the stakeholders thinking about  marketing jargon while during the development process, generally a good thing.

4.   Setup a (Second) 2nd Administrative User

It is a good idea to create a second user account which has administrative access, that is not labeled ‘admin’.  This may improve security as bots will usually search for an admin user when they attempt to hack your system.  This log-in will be used for the development team, and your developers can make use of it in the future for on-going work.  You may then want to delete the ‘admin’ user account for the aforementioned security boost.

5.  Delete  “Hello World” Post,  “About” Page, Default Links, and “Hello Dolly Plugin”

By default, WordPress has a ‘hello world’ post, which we don’t need, and an “About” page, which we usually delete as well.  We also delete the default links.  You can manage these in the “Edit Post” section.  The Hello Dolly plug-in, while a wonderful tribute to the Great American Songbook, generally gets deleted from our installs straight-away.  But we think of the Barbara Streisand film version while we are confirming deletion.

6.  Change Tag Line and Setup Time Zone in General Settings

You definitely want to change the ‘Tagline’ (out of the box, your blog is labeled ‘just another WordPress blog’.  We usually just make our tagline blank, unless we want to use this tag using the bloginfo(’description’) function call.

7.  Change Permalink Structure

If you go to Settings->Permalink, you can setup how WordPress will render you URLs.  We usually use a custom setting which makes urls in the following form: category/post.

/%category%/%postname%/

This will give us a ” category-slug / post-slug” structure, which also works well for pages.  Whatever the case you most likely will not want the standard links with the nasty query strings.  Ugh, so circa 2001!  

8.  Change Size of Post Box

Pretty self-explanatory, we find the posting box in the post and page editor to be very short, so it’s good to go ahead an expand it to save you the trouble of having to move your  mouse around constantly when entering posts.  Ergonomically speaking, that is.

Plug-Ins!

Note: When managing plug-ins you should stay away from ‘bulk activation’ of plug-ins, as if you activate several at a time and you get a ‘blank screen’ error, you will not know which plug-in cased the error.

9. Setup Akismet Plugin

You should have the Akismet Plugin already installed, if you don’t get it here.  Without the Akismet Plugin, I have personally opened my WP dashboard to over 1,300 spam comments.  Avoid this bad dream.

You can get the install  links and API key info here.  Kiss Spam goodbye!

10.  Get and Install All-in-One SEO Pack

Install this industry-standard plugin (download here), in order to enable optimization for SEO.  When you configure it, you can setup your title and meta tags to output the correct marketing phrases and adjust your keyword density at the granular level when you post.

11.  Setup WP Cache

With so many “bots” and artificial visitors constantly hitting your site for information, you should endeavor to serve as many cached pages as your system architecture and interactivity needs allow.  Caching files will save copies of your HTML output, and serve these, rather than querying the database on every request of a page.  We were using the WP Super Cache plug-in, but as this gave us a few errors on our last install, we have switched back to the good ol’ WP Cache plug-in:

http://wordpress.org/extend/plugins/wp-cache/

12.  Get Backups going with WP-DB-Backup

Keeping your WP database backed-up at all times is crucial.  The WP DB Backup plugin will allow you to back up and email yourself (or your development team)  a copy of your database.   You can download the backup plugin here: http://wordpress.org/extend/plugins/wp-db-backup/

13.  Install WP Security Scan

Keep your installation secure in the future with the security scan plug-in.
This plug-in will tell you what holes you have in your WordPress installation, and will instruct you how to fix them.

Find it here:

http://wordpress.org/extend/plugins/wp-security-scan/

14.  Create /images folder at your webroot.

This is not necessarily an industry-standard practice, but we like to do this.  Instead of keeping our images in our template directories, we generally like to keep our images at the web root level, so that we can easily use “/images’ in all our ‘img src’ calls.  This has an added benefit if multiple themes use the same images, as all the images will be in a central locale.

Bonus Tip!  Install WordPress.com Stats (Or another Statistics Plug-in).

There are times when you want to see your website stats for the day (or the week, month, etc) in a ‘quick’ format, right within the WP dashboard, without having to go to Google Analytics or load other applications.

The WordPress.com stats plug-in is great for easy and quick access to the blog stats, in easily digestible visual formats, as it just contains a few metrics such as referrers, keywords, and pages visited. Setup is easy, you will need your WordPress.com key that you generated for your Akismet setup.

We usually install this on all the blogs we work on, so whenever we come back to administer the site, we can see what our client’s traffic levels are with one click.

http://wordpress.org/extend/plugins/stats/

As an alternative to the WP.com stats plug-in, we also recommend StatPress:

http://wordpress.org/extend/plugins/statpress/

There you have it, our top 14 best practices!  (Plus bonus tip).  We hope this adds to your (or your clients’) Blogging Nirvana!

Close Bookmark and Share This Page

Save to Browser Favorites / Bookmarks

Ask backflip blinklist BlogBookmark Bloglines BlogMarks Blogsvine BuddyMarks BUMPzee! CiteULike co.mments Connotea del.icio.us

Digg diigo DotNetKicks DropJack dzone Facebook Fark Faves Feed Me Links Friendsite folkd.com Furl Google

Hugg Jamespot Jeqq Kaboodle kirtsy linkaGoGo LinkedIn LinksMarker Ma.gnolia Mister Wong Mixx MySpace MyWeb

Netvouz Newsvine oneview OnlyWire PlugIM Propeller Reddit Rojo Segnalo Shoutwire Simpy Slashdot Sphere

Sphinn Spurl Squidoo StumbleUpon Technorati ThisNext Twitter Webride Windows Live Worlds Movies Yahoo!

Email This to a Friend

Copy HTML: 

 If you like this then please subscribe to the RSS Feed.

Powered by Bookmarkify™

More »

Jay Harley is the CEO and web architect of Heaven Interactive. As a technologist, Jay specializes in creating business productivity software and offering clients high-level media consulting services. Before founding Heaven Interactive, Jay led a double life as a web consultant and MFA New Media instructor at the Academy of Art University in San Francisco. At AAU, he enthusiastically developed several courses in web application design and scripting, and enjoyed daily interaction with design students, offering guidance, support, and camaraderie as a media professional. Jay is now squarely focused on providing Web 3.0 solutions to businesses in the form of collaboration and presentation software, by utilizing the power of the "Web as a Platform."