Ten things I do

These are the ten things that I do when I initially start on a clients website. These can vary and some other thing may be done depending on the scope of the project. Most of these are must haves, and others are dependent on the clients needs. But number 10 is a must and happens on every build. Have fun.

  1. Change admin user name to something else
  2. Install iThemes Security. Run Scan and set it up
  3. Delete unused plugins and themes
  4. Install W3 Total Cache, and configure it.
  5. Install a good backup plugin like BackUp Buddy by or BackWPup, and back up the website.
  6. Change permalinks, and other aspects of the settings tab.
  7. Make sure the theme, and the plugins I use are well supported.
  8. Delete all default pages, posts, and comments
  9. Install SEO by Yoast – if client wants search engine work
  10. Make some tea or coffee.

This is not all I do, but I make sure these 10 things are definitely done.

Securing your WordPress website

I thought this article was going to be a little further down the line, but something happened yesterday that pushed the timeline up a month or 2. I was working vigorously on getting BarbApple studios up to speed, you know the drill: website with matching Fackbook, and Twitter page, when the unthinkable happened. My servers went down, and the explanation I got was “Our server thought there was too much activity on my site, logging in and out, branded it as  malicious activity and we shut you down.” This might not have been an issue, but I tried to log in like 7 times, and they couldn’t figure out what the issue was.

WordPress was allowing me to change the admin password, but not allowing me to log in. After a day of this nonsense, and back and forth with tech support, it hit us both at the same time. I had a plug installed by BWS plugins called ‘Limit Attempts,’ and that’s what kept me logged out. So when the servers came back online, I was blacklisted from my work computer, and the tech that was helping me also got blacklisted. We went about it 2 different ways, and got the same result, we were able to log back in again.

I had the idea of going to phpmyadmin and deleting the records in the plugin table, but thought that was a bit rash, so instead I FTP’d to my site and just deleted the plugins folder. That might be considered rash anyway, although at the same time my tech deleted the records from the database using phpmyadmin. I don’t know which had the desired effect or both, had the desired effect, but I am back. I think his method might have worked fine, but I’d like to think I would have gotten a plugin missing error, and would be allowed in anyway, as this has happened before. So there you are, the beginning of a post on how to secure your WordPress website. This will be part 1) of 2) I think, because I want to do this properly. I am going to discuss the types of things you need to stop, how to stop them, and the reputable plugins that will help. So stay tuned.

WordPress will not crash your website, but plugins and themes will. WordPress, as I have said before, is one of the most stable web environments out there at the moment. When people complain about WordPress crashing, what they usually mean is that it had crashed due to a plugin being bad or in need of updating, or a theme that stopped working. WordPress itself is as stable as it gets on the world wide web.


This is the most important thing I can tell you to do. Do not assume that the place you are hosting has it covered. Whilst they may do, they could charge you extra money for a restore, and they may not get the restore exactly as you want it. Do it yourself, because WordPress has made it so simple. There are many plugins that will do the job adequately, but the one that I use for all my sites is the plugin BackWPup by Pento. It has been around forever and just does what it says it is going to do. So check that out in the plugins section of my blog, as it is one of my favorites.

Administrator Log in

Do not use admin, user, test, or administrator as the main log in user name. When you think about it, they aren’t really user names. These are the first names a hacker will attack, and it means that all they have to get now is the password.

Longer passwords are better: You don’t have to produce intricate passwords, but long ones – like sentences. People think they have to have longer cryptic passwords, but they forget them. Longer is better in this case, and the chances that you remember it will be better.

If you are the administrator of your WordPress site, create another user account with editor privileges to post to your own blog, so that you are not always logging in as an administrator. This way there is less of a chance of being key-logged when you are using your website. The admin account you set up should be used for admin purposes only, and this is a good thing to teach your clients also because there is more of a chance of them just posting to their sites than administering to it. This is a tricky one for me because I admin so many sites, that I am admining more than actually posting but your average client will not.

Update your WordPress

Always update your WordPress core, plugins, and your themes whenever they are due. Don’t wait a few weeks or even days to do this. The need updated for a reason, so go ahead and do it. You will only make things worse if you don’t. Sometimes after I update the WordPress core, I log out and relog back in again to see if anything else has changed in the update department, such as plugins or themes. This may not be necessary, but it is a habit I have gotten into over the years. I just know that I have left updates for a while and crashed my website a few times. There was one time I remember I had to do a full re-install because I didn’t update.

WordPress Plugins

WordPress plugins

The way to increase the things that WordPress can do is through the use of plugins. These can be a great idea and a bad idea all at the same time. Way too many times, and I’ve even done this myself, too many plugins are added to websites. They are fun, and I recommend playing around with them, but there are a few things that you should know about their use and their functionality.

Before I forget though, sometimes the theme you are using will handle the functions that the plugin you are installing is meant to do. So check and see. You make a change, for example, to not show page titles, but they are still showing. Check your Theme’s settings, because there may be a function in there that overrides the plugin, and is set to ‘On’. I am using a theme called Quantive from Rockettheme, and it does just that.

In general terms, the rule that applies to plugins, is less is more. You decide what you want your website to be. Is it a blog? Is it for e-commerce? Is it just a place to put pages of what you do? Whatever it is, select the best plugins designed for your type of website, and install them. Check out a few of the links I have provided to give you an idea of the different types of plugins. I hope to cover a few plugins per week as to their functionality, and if they really help your website or your business.

wordpress plugins

wordpress plugins

When you go to the dashboard of your WordPress website, there is a menu item on the left hand side that allows you to search for and add new plugins, but there are a few things to look at before you install any plugin. You can always find out what plugins are being used extensively and work well. Stay with these if you can because if there are a lot of satisfied users, then that plugin will have good support and good updates.

It is worth your while to look at the reviews a plugin has, the number of downloads, and any other documentation you can find before committing to it 100%. Even the most used and sworn by commercial plugins will get cranky from time to time. I always suggest to write to the author of the plugin when you install it, letting him know that you have done this, and see what the response time is.

If I design your site, then most of this will already have been done for you by me. In a separate post I have listed some of my favorite plugins, and why. Don’t get me wrong, there are what I would call some must haves in my book that a lot of WordPress developers wouldn’t touch. It is personal preference.

I will be coming back to show you how to install a plugin later, but let me finish this piece with the best way to get the most from your plugins. Since WordPress is a platform that hackers love to attack, and don’t be alarmed, this happens to a lot of platforms, the good people at update the core platform often to handle any security issues. They do this to keep ahead of the hackers, and when they do this, your plugin developer will also put out an update if necessary to keep it working with your current version of WordPress. This is the main reason why you want to use reputable plugins.

Most, if not all, of WordPress plugins are developed by third party developers, and they are connected to the WordPress core developers closely enough to know what the changes are going to be before it is deployed. They will usually be right on top of it, so make sure you visit your dashboard regularly to update your WordPress, and any plugins that need updating. WordPress will tell you when it is time to do so.

There are plugins that will update WordPress automatically, and ones that will also update your plugins automatically. I will be describing these in future blogs so stay tuned.

Static Vs Dynamic Websites

This topic can get into never-ending debates.

A static website for the purposes of this blog means that you create a page and it doesn’t change. All of these pages can be accessed from the navigation menu that the website has at the top. These types of sites are the “business card” websites where clients just want people to know they are on the web, give them some info about their company, a phone number, address,  and maybe a contact form to get a hold of them. As a developer, this is the type of site that I design for the client, make live, and don’t hear from them again for a few months: sometimes never.

A dynamic website is a good way of pushing new content onto the web, so that your subscribers have something different to see often. I know you can have websites that whilst appearing static, can change their information daily: even by the second. These types of websites are generally referred to as dynamic, or content driven websites. Everytime you go back to these sites, the information is updated and newer. When I design this type of site for a client will ensure an ongoing relationship as their needs grow for more content and more interesting things to show their clients.

This is what made me choose WordPress to begin with. This is by no means the definitive article on the difference between these particular, but just to give you an idea of how they can give you an idea of what it is you need. In my book, most websites will fall into these 2 categories: Static type or Dynamic Type. The difference is usually in what they do, and maybe how they do it. Take a look at the following list of types of websites, and you will notice similarities between them. They may be distinctive, but not all together different.

Websites are designed and developed on different platforms or programs. For example, this website is using WordPress as the platform to design it. Other sites might use similar less popular platforms, and some even have teams of programmers design a proprietary platform in which to design their sites. It can be as complicated or as simple as you like from this point forward, so I am deciding to keep it simple. Some you will have heard of, and some you will not, so don’t panic, there is always one to suit your needs. I choose WordPress, other platforms include, but are definitely not limited to:

Web 2.0

These also have programming behind them that would make that another platform, so it goes on, and on, and on. Programmers develop platforms to design end user programs such as Joomla, WordPress, and others.