Disclaimer: This post contains affiliate links. If you purchase any of the services below, I may receive a commission at no extra cost to you. After much research, I've found these services to be top quality and use them myself!
Being the number one CMS in the world, WordPress has a lot of cool features going on, which can at times distract us from the important steps we should be taking before fully customizing our websites. Below, I’ve laid out the 9 things you should be doing on your WordPress website (& you probably aren’t) in the hopes of helping you keep your WordPress website optimized, clutter free, and most importantly, secure. Let’s dive in!
It’s important to note that when I say “WordPress” I mean a self hosted website or WordPress.org not WordPress.com. You can read about the differences between the two and learn more about everything you need to set up your self hosted website through my post here.
9 Things You Should be Doing on Your WordPress Website (& You Probably Aren’t)
1. Use a Child Theme
The very first thing you should be doing on your WordPress website, even before you start customizing and designing your layout, is to install and activate a Child Theme. You may have heard the term before, but if you’re unfamiliar, a Child Theme is a WordPress theme that inherits the functionality of it’s Parent Theme. A Child Theme basically acts as a duplicate and has a separate set of files from the Parent Theme that can be safely customized and edited. When the Parent Theme has an update available, all of your customizations will be safe if they were made within the Child Theme. Many Premium WordPress Themes will automatically include a copy of a Parent and Child Theme within the download files, but some do not.
For example, when you install the Divi Theme on your website, you are installing just the Parent Theme. If you were to make changes to the WordPress Customizer like changing default colors, fonts, or maybe even adding custom code, an update to the Divi Parent Theme could potentially wipe some, or all, of your customizations. With a Child Theme, all of your customizations are safe and will not ever get removed with an update. You can create a free Child Theme for Divi from the Elegant Marketplace.
2. Change Your Login URL
Since 30% of all websites on the internet are built with WordPress, that makes it a larger target for hackers, but you don’t need to worry! As long as you’re putting the proper security precautions in place, hackers won’t be able to successfully get into your website to make alterations. The first security measure you should be putting into place is changing your Login URL. By default, all WordPress websites can be logged into by going to your-website.com/wp-admin or your-website.com/login. By changing this URL to something else (and possibly something obscure), it will make it more difficult for hackers to get in.
WPS Hide Login is a free plugin that allows you to easily change your Login URL while also automatically creating redirects for anyone who tries to access the default WordPress login pages. It is also updated regularly which is a big plus! I use this plugin on my own websites and highly recommend it. Just be sure to not use alternate Login URL’s like “/admin” for example and use something more random like your favorite food or tv character.
• Related Reading: Debunking the 8 Biggest WordPress Myths on the Internet
3. Install a Security Plugin
To continue with the security measures you should be putting into place on your WordPress website, you should definitely have a security plugin installed. Plugins like Wordfence will place firewall rules on your website to keep out hackers. It also scans your website on a regular basis and blocks malicious signatures + harmful IP addresses attempting to access your website.
• Related Reading: Top WordPress Plugins You Should Have Installed Yesterday
4. Change Permalink Structure
Next on the list is to make sure to change the permalink structure of your website’s posts. By default, WordPress will use a random string of characters for your blog posts, but for SEO (search engine optimization) purposes it’s best to use the ‘Post Name’ option so your keywords are displaying in the URL as well. Adding the date in your permalink is unnecessary as it takes up space that could be better served with keywords.
* If you already have blog posts with a different permalink structure, you need to be sure to create redirections from all of your old links to your new links. For example, redirect your-website.com/2019/02/06/old-post-structure/ to your-website.com/post-name/
6. Submit a Sitemap to Google
A sitemap is essentially a directory for your website that helps search engines like Google determine what type of content you have on your website and its individual web pages. Submitting your sitemap is good SEO practice as it also tells search engines which content on your website is most important to display to users searching related keywords online. It’s especially good to submit your sitemap when you create new or update existing pages so Google knows to re-crawl your website and display your updated information in search results.
Plugins like Yoast make it easy to optimize your website for search engines. Yoast also includes helpful information on the steps to take to create and submit your sitemap to different search engines.
7. Delete Unnecessary / Unused Content
WordPress is such a wonderful platform to work on because whenever you’re creating a new page / post / product / etc… it creates and saves revisions every so often. If your internet goes out and you forgot to save your updates, you can rest assured that most (or hopefully all) of your content has been saved. The only problem with this is that your revisions for every single piece of content you create gets saved in your website’s database and can take up memory unless you clean it out. I use the plugin WP Optimize to clean out this data every so often which keeps my website running smoothly and optimizes it for speed.
In addition to unnecessary content, you should also be deleting any plugins or themes that you do not have currently activated on your website. These take up unnecessary space, and if you’re not keeping them updated regularly, they can potentially open up your website for hackers to access.
8. Create a Manual Backup
Even though WordPress will automatically creates saved revisions of the content you’re working on, it’s best practice to create a manual backup of your website’s full database before you make any “big” changes to your website. I consider any of these changes to be worthy of a backup before you make them:
• Adding new or updating Page / Post content
• Installing new or updating existing Plugins
• Installing new or updating existing Themes
• Deleting any kind of files or content
With a plugin like Updraft Plus Backups, you can create a full database backup with the click of a button and easily restore your website to a previous backup if something goes wrong.
9. Perform Regular Maintenance
The last item, and probably one of the most important, that I see many business owners forgetting to do is to perform regular maintenance on their WordPress website. It sounds a lot more tedious than it actually is, but about once or twice a month, you should be:
1. Creating a backup of your entire website database
2. Updating your Plugins
3. Updating your Theme
4. Deleting unnecessary / unused content
5. Checking that your pages are displaying and functioning correctly
6. Clearing / deleting your website’s cache
These tasks take me on average less than 10-minutes to do unless some kind of error occurs and I need to fix it. (Which doesn’t happen very often.) These steps are extremely important to take, especially keeping your Plugins + Theme updated, because in doing so it makes it more difficult for hackers to get into your website to make harmful changes.
Here’s a video I created to show you just how easy it is!
Implementing these steps will not only optimize your website for search engines and speed, but they will keep you even more protected against harmful hackers. I know you won’t regret putting all of these steps into place for your website!
Have you already put these important steps into place for your WordPress website? If not, what will you be working on implementing next? I’d love to hear your thoughts in the comments below!