So you’ve got the server set up for your website. Go ahead and pat yourself on the back. Take a break if you’d like and come back here when you’re done.
Ok. Now you’re ready to start up your website! It’s an exciting time! Let’s get started.
Maybe you’re not convinced WordPress is the best tool for your website. That’s ok. There’s a lot of options out there. I recommend WordPress as it makes it super easy to generate more content, there’s convenient plugins to add more features, and it’s pre-structured to be fast and search engine optimized.
The exact instructions for this part depend on your chosen host. Any good host should have an article on how to install WordPress if you search for it. I used the Digital Ocean tutorial as that’s my host.
Tip: Don’t use admin or another common username. As you’ll see later, people will guess those usernames when trying to hack your site.
Tip 2: If you keep the complex password, copy/paste it somewhere until you store it wherever you store your passwords or you’ll cause major problems for yourself later (like need to mess with the backend MySQL to log in problems). I use a password manager to store all my WordPress passwords, so I can keep them random and unique. I’m not sure if the password manager will store your login properly from the initial set-up. I save the password after adding Google Authenticator.
Choose a Theme
Themes are the style of your website. They decide how your website is laid out.
Click Appearance to choose a theme. You can choose a default WordPress theme that’s already installed or click Add New to choose your own. There’s a lot of different possible themes and plenty of free ones, but don’t spend too much time on this just yet. You can change the theme any time and what you want from your theme may change as your website develops.
After choosing a theme, you can customize it in Appearance -> Customize. You can also edit the menus of your site in Appearance -> Menus.
Plugins give you loads of extra features to your website. I’ll go over the plugins I use and the order I recommend installing them in. I’ve put together a few WordPress websites now, so I’d like to think I have this down to a science. Also, all the plugins I’ll list here are free.
Tip: If you you’re having plugin install issues, you may need to change the security of your folders.
Tip: If you haven’t used WordPress before, it’s super easy to add plugins. Just login and click Plugins on the left sidebar of the dashboard then click “Add New” in the top left. You could also hover over the Plugins button on the sidebar and click “Add New” directly. Then type in (or paste in) the name of the plugin you want in the search bar and click install.
Note: Just clicking Plugins puts you in the installed menu and searching will only search installed plugins. It’s a bit annoying and I still do this to this day.
The first thing I do when I set up a WordPress site is to set up the security. There’s loads of bots out there guessing passwords on WordPress sites, so this is important.
I add the “Google Authenticator” plug-in. Go into your user, copy your secret and paste it into your favorite authenticator tool, check active, and save. I use Authy as it also has a desktop app, so I don’t need to find my phone every time I want to log in.
Now, test that it all works. Type in your username, paste in your password, and paste in your authenticator code. Now is when I save my login to my password manager. The password manager may save your authenticator code as well, but you’ll need to get the newest code from your authenticator software as that code changes all the time.
On top of that, you’ll want to add a security plugin. I recommend Wordfence as it’s super easy to use. Your security plugin can limit the number of failed password attempts, block IPs attempting to hack your site through other means, and generally reduce the stress on your server my reducing malicious bot hits on your site.
The standard settings will work fine. If you like, you can modify the Brute Force and Rate Limiting settings in All Tools. I block after 4 attempts for 30 minutes and throttle to 240 requests per minute. I also block hits to vulnerable urls after 15 per minute and 30 per minute for 404 hits.
That’s all that you’ll really need. You may also want to get Yoast SEO, BackWPUp, and Google Analytics for WordPress, so feel free to jump to those sections if you want to get started right away. The rest are recommended, but unnecessary.
Install WP Super Cache. Made by the same guys that made WordPress, WP Super Cache is a top caching plugin and great for those starting out. Download it and turn on caching in the settings (Settings in sidebar -> WP Super Cache).
Clean Up Database
Install Wp Optimize. You can use WP Optimize to clean up your database automatically on a set schedule. Depending on your settings, it’ll optimize your tables and clean up your deleted posts, comments, and extra revisions.
You may also want to limit the total number of post revisions WordPress stores. You can do that by putting define(‘WP_POST_REVISIONS’, 3 ); (replace 3 with your max revision count) in your wp-config.php file before the /* That’s all, stop editing! Happy blogging. */ line.
Image Size Optimization
I’ve installed Kraken Image Optimizer, but it has usage limits on the free plan. My preferred way of keeping the file size down is to optimize on my laptop before uploading. ImageOptim is an excellent free piece of software for Mac that keeps your images as small as possible without sacrificing size. There are alternatives on other platforms as well.
Search engine optimization
Yoast SEO – Yoast SEO builds a sitemap for you, allows you to edit meta-descriptions while you’re writing articles, and evaluates the SEO of your posts as you’re writing them in a clever little tool. There’s even more features beyond that that you’ll find with use.
BackWPUp – Back up your website for free. After all the hard you put in to your site, you want to be sure to have a back-up somewhere. I have a back up to DropBox that runs periodically. I did have some issues with set-up initially. If you’re getting a Missing function “curl_exec.” error that prevents you from using DropBox then connect to your server (ask your host if you’re not sure how) and run the following two commands:
sudo apt-get install php-curl
sudo service apache2 restart
Google Analytics for WordPress – Quickly connect your website to Google Analytics. All you need to do is enter tracking id. (which you can get from property settings in Google Analytics).
Amp – By Automattic (creators of WordPress), it adds support for the Accelerated Mobile Pages (AMP) Project. The goal of that project is to provide mobile optimized content that can load instantly everywhere.
Glue for Yoast SEO & AMP – Makes Yoast and AMP work well together.
Better Internal Link Search – Improves the search on the create-a-link pop-up tool
Safe Redirect Manager – Occasionally, you may want to change your urls. Use redirects to prevent those that bookmarked the old pages from getting 404 errors (and it’s better for search engine optimization).
Use Google Libraries – Takes load off your server and increases the likelihood users have files cached
Related Posts for WordPress – Links to related posts at the end of your posts automatically
Heartbeat Control – Limit the WordPress heartbeat. Not very important initially, but the WordPress heartbeat can cause additional load on your server.
MailChimp for WordPress – MailChimp is a great tool for getting email subscribers and setting up email campaigns to send to them. Connect it to WordPress to get them to work together.
MailChimp for WordPress – Top Bar – Have a permanent place where users can subscribe on your website.
Rough WordPress timeline
0.5 hour creating WordPress site and familiarizing yourself with the dashboard
1.0 hour on themes and plugins
1.0 hour * 3-5 posts
Focus and use that initial enthusiasm. Don’t get bogged down in finding the perfect wording, theme, or plugin. It’s easy to take a half-hour task and drag it out into an entire afternoon that way. Build an MVP, get feedback, and use experience to decide what needs your time. Chances are you’ll end up picking one of your initial favorites anyway.
This may seem a bit overwhelming if you’re reading it all now, but it’s not nearly as bad as it seems. There are some things that you might want to keep outside of WordPress. For example, I use PressKit() and my game demo pages are separate php pages. To learn more about that, check out how I structure my website.
You’ve got your WordPress and your site is ready to go! Add some posts and you’re off to the races!
Confused about anything WordPress? Add a comment and I’ll get back to you or write a post about it.