You Have Just Installed WordPress, Now What?

So you have just powered through the famous WordPress five-minute install and you're now wandering to yourself, what happens next..? You're not alone as getting started and knowing what to do next with any new website can sometimes by a little overwhelming.

For the most part, you can customise and build as you go. However, there are a few tasks you should cross off your list straight away to ensure your platform is in great shape and good to go.

Let's take a look at our top 10.

1. Have a sound backup strategy

This should absolutely be on the top of your list. Having a recent backup of your website is like having an insurance policy. There is no built-in backup solution in WordPress so you will need to find and implement one you feel comfortable with and fits in with your technical setup. A plugin like BackupBuddy is a great place to start and you can be set up in minutes. It's a small investment for a lot of peace of mind.

2. Take security seriously

WordPress sites, due to their popularity and nature of the technology that they're built on, are too often targeted by hackers and bots that can, unfortunately, exploit some common default settings and files. There are, however, some very simple precautions you can take to eliminate and at least, minimise, the chance of exploits occurring.

2-step authentication

Enabling a 2-step authentication process is easy and goes a long way in preventing unauthorised access to your website. A great place to start is DUO Security. It can be set up in minutes and is free. Even if someone has your username and password they won't be able to log in until you have approved the attempt on the mobile app on your phone.

Malware detection and scanning

It will not always be obvious when your website has been compromised or used to house corrupt files by a hacker. This is where server-side scanning and file checks can play a vital role in ensuring your site stays safe and your domain name protected against any blacklistings. Sucuri provides Malware prevention, cleanup, and scanning services for a more than a reasonable investment. Once set up, their WordPress plugin takes care of the heavy lifting for you and ensures your site is continually monitored.

Update WordPress core files

The recent versions of WordPress provide the option of automated updates. Keeping your version of WordPress up to date ensures any security patches are applied to your website and you keep one step ahead of any potential hacking attempts.

3. Delete the WordPress default content

Your default WordPress installation comes preloaded with default content like the famous “Hello world!” blog post. You’ll want to delete the default comment that comes with your WordPress installation as a WordPress best practice. Don't forget the “Sample page” and site title while you're at it!

4. Join the fight against spam

Spam comments can be a pain. I recommend using Akismet as a first-line defense against spam comments appearing in your posts and pages. Setup and activation only take a couple of minutes and you will need a username and password to get started.

5. Optimize your SEO

Don't forget, you are responsible for making sure your website can be found online and indexed by search engines – not Google! Configuring and setting you the SEO on your website to get more traffic is essential and there are a number of plugins to help.

Plugins like WordPress SEO come highly recommended and do most of the work for you by suggesting edits you can make, keyword density and metadata for posts and pages.

6. Set up a contact form

An often overlooked setup step is the contact page. If your site is online and you have made it visible to the public, be sure to give your visitors a way of contacting and getting in touch with you. Contact pages can serve as more than just a way of visitors contacting you, think of them as an opportunity to provide a means for customers to send you any questions they may have regarding your products and services or even lodge a support request.

Having a flexible and powerful forms plugin to help you along the way will make this easy. Gravity Forms is a personal favorite and one I install for all clients. It's many available add-ons and ease of use makes it the go-to plugin for web forms for WordPress powered website. You can easily add reCAPTCHA as well, to make sure you’re being contacted by real humans and not spammers.

7. Review the default settings

WordPress gives you a ton of settings options, so make sure you review all of them.


In your WordPress Dashboard, navigate to the Settings page and find the Permalinks tab.  Having the name of the post or page in your permalinks helps your SEO.  I personally use the ‘Custom Structure' with:



From the Settings menu, select General. Make sure the timezone is set to your local timezone. This will ensure the timing is correct when you schedule posts to be published or other scheduled events such as backups which you can easily do with BackupBuddy.

User profile

Don’t forget to update your User Profile. Navigate to Users and select Your Profile. From here, you can choose how your name will display on the site and which email address to be used for site notifications and alerts. You can also update and change your password from this page.

8. Restrict login attempts

After 2-step authentication, restricting login attempts is the next best way to go in blocking failed attempts to access your website admin.

There are a number of ways to protect your WordPress admin, these can range from only allowing access by a particular IP address to also relocating the admin folder into a directory other than wp-admin.

A plugin I have been using now for some time and install onto every client's WordPress site is Login Lockdown. This plugin essentially limits the number of login attempts from an IP range for a set period of time.

9. Make sharing easy

Once a visitor has found your website, it's important to make it easy for them to share amongst their social networks. In many cases, the user will most likely use the inbuilt apps on the mobile device or browser to do this. However, adding social share features and functionality to each page and post will go a long way to boosting your website's social reach and visibility.

There are many social sharing plugins available and most themes come with one preconfigured. If you're not sure where to start, I highly recommend Easy Social Share Buttons for WordPress.

10. Setup Google Analytics

This one should be a no-brainer. Tracking and being able to report on your website visitors and traffic is absolutely essential. Even if you do not know what metrics you want to report on when launching your website, be sure to set up Google Analytics tracking. You can always build your reports later, as long as the data has been captured.

If you do not know how to do this manually in the theme or template of your website, give the Google Analyticator plugin a try. You will be up and running in seconds.

Final note

This is by no means a definitive list of everything you can and should do when setting up your WordPress powered website. It will, however, get you a step in the right direction and ensure you have a safe, sound platform on which to build your web presence, online product or service.

For the most part, you can customise and build as you go when setting up your WordPress website. However, there are a few tasks you should cross off your list straight away to ensure your platform is in good shape.