Ok, you have installed WordPress, now what? How you can optimize to get best out of it. Actually installing WordPress is very easy, it will hardly take 2-3 minutes to get started, most of the hosting providers allows you to install WordPress with just one click.



Here we had listed some WordPress post installation tips which will enhance your user experience and overall security of your WordPress blog too.

#1 Disable People From Browsing Your Folders

I am pretty sure you dont want anyone,accessing or viewing your WordPress files and folders using the explorer view in web browsers, just add following line to your .htaccess file and add a blank index.php file into your wp-content/themes and wp-content/plugins folders.

Options All -Indexes

#2 Delete Primary Admin Account

By default WordPress comes with admin account, you must delete this account or change the role of this account as subscriber. If anyone try to hack your account then he first look for admin account and target this account.

#3 Change Permalink Structure

By default WordPress comes with a very unfriendly permalink (PERMAnent Link) structure something link :-


Its not good for you and search engine will going to penalize you, so you must need to change your permalink to something link :-




#4 Activate Akismet

Akismet is a free plugin which comes with WordPress and keep spam comments and trackbacks out of your blog and its been without your interaction,  you can get free API from Akismet.com/get, so just go and activate your Akismet and configure it.

#5 Change Default Media Upload Directory

By default WordPress will upload all your images, videos, documents or any other uploads to wp-content/uploads folder. Its a good idea to host your images and other uploads outside of WordPress folder, mainly on a sub-domain.

Hosting images on sub-domain will have few advantages, most important among them its that if you host images on different domain them it will allow parallel downloads and thus improve the page loading time, another advantages are that your media URL will be shorter, you can easily manage your backups and some more.

#6 Delete Unused Themes and Plugins

After installation of your WordPress, delete unused themes and plugins from your WordPress blog, it will improve your website performance and reduce server load.

#7 Remove Useless WordPress Meta Information from header

If you look at your WordPress blog source code than you will find that it has some useless code which need not to be there and some could put your website at risk, like someone from your source code can identify your WordPress version :-

<meta name="generator" content="WordPress 3.5.1" />

Any hacker by knowing your WordPress version can target your blog. Use following code to your functions.php file which will remove all useless information from your header.

remove_action( 'wp_head', 'wp_generator' ) ;
remove_action( 'wp_head', 'rsd_link' ) ;
remove_action( 'wp_head', 'wlwmanifest_link' ) ;

#8 Disable HTML In Comments

By default your WordPress comment box can accept HTML tags like <b>, <i> and even comment poster can include HTML links while posting comments, if you want you can disable HTML in comments by adding following code in your functions.php

add_filter( 'pre_comment_content', 'wp_specialchars' );

#9  Hide Extra WordPress Feed

WordPress generated multiple feeds like for article, archive, comments, single post and so on. Search engine can crawl these feeds through your header as they had <link> meta tag.

If you want to publicize your main feed then you can heed these extra feeds by adding following code into your functions.php.

remove_action( 'wp_head', 'feed_links', 2 );
remove_action( 'wp_head', 'feed_links_extra', 3 );

#10 Turn Of or Limit Post Revision

WordPress comes with a nice feature call post revision which helps you to track your post changes and if you want then you can revert to any previous version. Each time you make any change to post its saved, its good feature but it do increase size of wp_posts in your WordPress table as each revision means additional row.

As its a nice feature rather than disabling it we can just limit the number of revision that WordPress stores in MySQL database. Just add following code to the wp-config file.

define( 'WP_POST_REVISIONS', 2);

Or if you completely want to disable post revision then add following code to your wp-config.php

define( 'WP_POST_REVISIONS', false);

#11 Hide WordPress Login Error

By default when you type wrong combination of username and password on your WordPress login page it gives a detail erro report like username is wrong, password is wrong or combination is wrong. It do helps you but it also helps hackers.

To fix it, add following code to your funstions.php file :-

function technoarea_login_errors(){
return 'Nice Try!! Go Away!!';
add_filter( 'login_errors', 'technoarea_login_errors' );

#12 Prevent Search Engines from Indexing WordPress Core Files And Scripts

Google and other search engines can easily crawl and index your WordPress plugin, theme files and show them in search result, this will reduce your security and SEO value too. To fix it open your robots.txt file and following lines to it.

User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/themes/
Disallow: /wp-content/plugins/

#13 Change Auto Save Internal Of Post

By default WordPress saves draft of your post at the interval of every 2 minutes, its quite useful as you can recover your working post if anything goes wrong. You can change the time interval from 2 minutes (120 seconds) to anything you like 1 minutes by adding following code into your wp-config.php

define( 'AUTOSAVE_INTERVAL', 60 );

#14 Stop WordPress From Guessing URLs

By default WordPress has a bad habit of guessing URLs, like if you type yourdomain.com/mobile and if WordPress couldnt find that page then it will redirect you to yourdomain.com/mobile -phones because it has something common. If you want, you can ask WordPress from stopping guessing URLs and instead serve a 404 error page by adding following code functions.php file:

function stop_url_guessing($url) {
if (is_404()) {
return false;
return $url;
add_filter('redirect_canonical', 'stop_url_guessing');

#15  Set Expiry Headers for Static Content

Your WordPress contents some images, JavaScript, txt, CSS and some more doesn’t change often so you can define Expiry Header so that next time when user visit your site these files can be loaded from users local cache which will make your website loading faster and reduce server load.

For Expiry Header add following code into your .htaccess file

ExpiresActive On
ExpiresByType image/gif "access plus 30 days"
ExpiresByType image/jpeg "access plus 30 days"
ExpiresByType image/png "access plus 30 days"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"

If you are using caching plugin like W3 Total Cache then expiry header is handle by plugin itself.

#16 Redirect All Feeds To Main Feed

In #9 we had removed extra feeds from header, but feeds still exist. You can redirect all extra feeds to your main feed. Add following code to your .htaccess file :-

<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator) [NC]
 RewriteRule ^feed/?.*$ http://feeds.TechnoArea.in/TechnoArea [L,NC,R=301]

Remove feed URL with yours.

#17 Remove extra Query Parameters from URLs

You know if your WordPress blog URL is yourdomain.com but users can still reach your blog by adding few parameters like yourdomain.com/?utm=facebook. You might think both URL are working fine and landing to same page but search engine treat them as two URL and it will reduce your SEO score.

To fix it we want all URL point to canonical version, add following code to your .htaccess file and it will remove all those extra parameters:-

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} !=""
RewriteCond %{QUERY_STRING} !^p=.*
RewriteCond %{QUERY_STRING} !^s=.*
RewriteCond %{REQUEST_URI} !^/wp-admin.*
RewriteRule ^(.*)$ /$1? [R=301,L]

Ok, I had done, Now What???

  1. Few WordPress Admin Panel Hacks You Must Know
  2. Protect WordPress Login Page with Htaccess
  3. Must Have WordPress Security Plugins
  4. Security Tips For Your WordPress Blog
  5. How To Redirect Old WordPress Domain To New One


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.