Note: This was originally presented to the Ipswich WordPress Meetup in Queensland, Australia.
Congratulations, you’ve chosen the world’s most popular Content Management System (CMS) now powers nearly 25% of all websites. Within an hour you can go from a basic install to a functional website. The good bit is too that most hosting companies have one click installers for WordPress, so the more complicated parts around creating databases and copying files are all done for you.
This article is aimed around running WordPress as a website more than just a blog, but as there’s a lot of overlap. WordPress is extremely extensible and configurable, which means that nearly every custom possibility you want out of a website is probably possible with WordPress. The downside to this is that there are millions of possibilities and combinations and many, many different ways of achieving the same thing.
The steps and recommended plugins and themes in this guide should therefore only be seen as one way of doing things and not necessarily the right way for you. If you ask 10 different WordPress developers how they do things, the chances are you’ll probably get 10 different ways as well.
After installing WordPress, there a few quick tweaks you want to make for your site. As WordPress can do everything from blogging through to running custom interfaces for mobile applications, there’s no one size fits all configuration. Out of the box, we may have something which looks a bit like this:
These make your URL’s human readable. Instead of www.yoursite.com/?page_id=4, you’ll get www.yoursite.com/about and similar. To do this, login to the backend of your WordPress installation, then under Settings -> Permalinks we want to select “Post name”;
Save changes and it should now have the neater URL’s!
Change your display name
WordPress will display your login name as the default for blog posts and any areas with authoring information. Here’s what it’ll look like by default:
To make it more personalised, we can tell WordPress to display your full name instead of a generic user (like "zpresentation" in this instance). In the WordPress admin, go to Users -> Your Profile and then set the Display name publicly as setting. You can select just your first name or your full name (depending on your preference):
Now when we view a blog page, it’ll look like this:
PS: The avatar image is automatically pulled in from gravatar.com, based on your email address.
Set a default homepage
If you’re not running a blog, chances are the default display of your posts isn’t what you want. To change this, you’ll need to add a page to set as your homepage, then go to Settings -> Reading and select it:
Delete Default Content
WordPress comes with one sample page, one sample blog post and one sample comment. Don’t forget to delete these if you want your site to look professional!
Set your Timezone
If you want scheduled post times (if you use them) or the blog post times to display accurately, you’ll need to let WordPress know what timezone you’re in. You can set this by going to Settings -> General and then selecting the correct Timezone:
If you’re running a normal site, you won’t need these comments on your pages so the best way is to disable them completely. This can be done through a number of different plugins, the simplest being Disable Comments.
To install this plugin, simply go to Plugins -> Add New and search for Disable Comments:
After activating, you can then choose to disable comments everywhere or only on certain post types. If you have or plan to have a blog on your site where you want interactivity, I’d suggest only disabling it on Pages and Media:
With these defaults tweaked, you now have a clean base in which to build from.
Add Google Analytics
Do this right from the start so that you can see what happens with your website traffic as you add content, change the look and feel and also any social media campaigns. Good metrics are critical and Google are still the best at it. There are very simple plugins which will just add the tracking code to each page through to complex plugins which will pull in reporting data into WordPress for you. One of the most recommended plugins is Google Analytics by MonsterInsights:
One critical thing when updating your site is to ensure you have a good backup routine in place.
Rule 1: A backup isn’t a backup until you’ve tested it
Until you’re able to verify that the backup contains the data you expected, it’s just a bunch of bits. The backup may not have even contained the data you expected, so make sure you verify your backups frequently. Finding out when you really need them that they don’t contain the right data is the worst possible time!
Rule 2: Store important data in at least three different locations
When it comes to backups, this is critical. If you store your website backups in your standard hosting account and it’s deleted, compromised or corrupted, then you’re without a backup. Similarly, if you backup your PC to an external hard drive near your PC and they’re stolen or burnt down, you’re without a backup.
The best rule of practice for websites is to have the live data, quick restore data and then replicate offsite. You can do this easily to external services such as Dropbox, Amazon S3 and similar which will cost less than a few dollars a month.
There are a number of free plugins which will get you started, our recommended choice is UpdraftPlus:
Your hosting provider should also have the ability to create backups of your site as well, but it’s critical to ensure the backups are stored off-site. Plugins like UpdraftPlus allow you to send a copy of the backup to Amazon S3, Dropbox etc so that you have this process automated. You can also schedule these backups so that you don’t need to do it manually.
They also have a Pro (paid) version, which allows you to automatically backup before applying any theme and/or plugin updates, which is very handy to roll back if there are issues. The Pro version also allows multiple destinations, so you can have multiple backups (you can never have too many backups!).
Choosing a Theme
As you saw in the default picture of what WordPress looks like out of the box, it’s a bit…. plain. Choosing a good theme is critical to how “professional” your site appears to others.
There are thousands to choose from, both within the WordPress themes are (which are all open source) as well as from commercial providers.
NOTE: If you choose a theme which is outside of the WordPress system, make sure it has an auto-updater feature. This is critical to fix bugs, maintain compatibility as WordPress updates and also to ensure your site remains secure (more on that later).
Lets choose a basic theme, I’ve gone with “Sydney” and installed their recommended plugins. We can now customise the theme:
Modern themes take full advantage of the “Customizer”, which allows you to edit some of the site look and feel while seeing the result in real time.
Changes to most of the options include everything from fonts, link and page colours, menu layouts and similar can all be previewed from the Customizer. If you like the changes, you simply hit Save and Publish. If not, you can close without changing anything!
One popular option for a paid theme is Divi from Elegant Themes. Normally I don’t have single recommendations, however the amount of power for those who want to change the look and feel easily is very impressive. One reason for this is the very intuitive live editor:
As the toolbar denotes, I can edit the page in real time now too, giving the ultimate in flexibility.
If you want the ultimate in design made specifically for your site, you’re going to need a custom theme. While this can be quite expensive ($5000+), you’re going to get a site which should stand out. Rather than taking an existing look and feel and trying to make it fit for your website, the theme is designed from the ground up specific to your website. This results in cleaner code and far more flexibility for layouts where out-of-the-box solutions simply won’t work.
You want to avoid your WordPress site looking like this:
WordPress itself isn’t inherently insecure, but the more third party plugins and themes you add, the greater the potential for issues you’ll create. There’s no easy way for WordPress to vet what are good and bad plugins, and unfortunately any code written by humans will have bugs. There’s a few critical steps to ensure your site remains secure:
1. Use strong passwords
Think length more than complexity, xkcd have a great comic on this one:
2. Remove unused themes and plugins
If the files are left on your hosting account, there’s a possibility that they can be called and exploited even if you have them disabled. Run a backup, then delete instead of just leaving them disabled.
3. Update, Update, Update!
The good thing is that WordPress makes updates easy. Make sure you update frequently to ensure the latest security patches are applied to both the themes and plugins all the time. At Conetix, our managed services have updates applied at least once a week and if there’s a critical patch it’s pushed out immediately. I’ve yet to see a website which is fully up-to-date be exploited.
4. Install a security plugin
WordFence is a popular one here and can help limit brute force attacks, as well as scan your WordPress files for malicious changes. Security plugins aren’t required if you’ve maintained good security procedures from the moment you installed WordPress but can be a good idea if you have an existing site.
One thing to be aware of is that your website is being pinged all the time from scripts and other hacked instances to find weaknesses. We see millions of attempts per month, so even a few hundred a day for a single site isn’t that uncommon. If you keep your security up-to-date, they’ll move on to exploit someone else’s site.
Well written content for your website is critical to its success.
Many focus on SEO being a “technical” issue or the old days of thousands of links and keyword stuffing. The magic answer is to:
Write for humans then optimise for computers
Content is King
Google’s focus as a search engine is to present you with the most relevant and trustworthy information based on what you’re searching for. If you want to remain found by Google, you need to ensure the content you have is aimed at the right audience and also well written. Leave the optimisation to plugins!
One common plugin which can assist is Yoast SEO:
It’s not perfect, but a good aid to help optimise.
Think of your content as the 95% and any SEO tweaks as the last 5% and you’ll see long term rankings.
Absolutely and completely ignore any “SEO” expert who contacts you via Facebook, email or your website. Good copywriters don’t need to chase work, it’s just the fact that SEO is a multi-billion dollar industry that many scammers are trying to get a piece of the pie. Some of them you may see a short term gain, but long term if they’re not doing it correctly you’ll actually be penalised by Google.
Copyright is implicit. Even if an image doesn’t have a watermark or a copyright symbol, it’s still owned and controlled by the owner of the image. Don’t just “google” for an image to use, make sure you legally use images which have given you rights to use on your site.
Here’s just a few of the free sites which have free images:
Further Reading and Help
The WordPress Beginner Class - A series of YouTube Videos which start right at the basics and go all the way through to advanced features. If you’re looking for a guided tutorial for WordPress, this is perfect.
http://easywpguide.com/ Created by Anthony from Maddison Designs in Australia, this is a great starting guide to step you though the various WordPress components.
https://www.mattersolutions.com.au/blog/2016/11/writing-business-website-save-ton-cash-write-awesome-content/ An easy intro into creating your own content, as well as sourcing images for free. Matter Solutions are also an Australian company.