These are the ten things that I do when I initially start on a clients website. These can vary and some other thing may be done depending on the scope of the project. Most of these are must haves, and others are dependent on the clients needs. But number 10 is a must and happens on every build. Have fun.
- Change admin user name to something else
- Install iThemes Security. Run Scan and set it up
- Delete unused plugins and themes
- Install W3 Total Cache, and configure it.
- Install a good backup plugin like BackUp Buddy by or BackWPup, and back up the website.
- Change permalinks, and other aspects of the settings tab.
- Make sure the theme, and the plugins I use are well supported.
- Delete all default pages, posts, and comments
- Install SEO by Yoast – if client wants search engine work
- Make some tea or coffee.
This is not all I do, but I make sure these 10 things are definitely done.
Limit Login Attempts – By Johan Eenfeldt
This plugin will limit the number of login attempts possible both through normal login as well as using auth cookies. By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease. Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
This is why it is important to research and test. Test Test Test! I used to like this plugin, but it has gotten the better of me a few times and my clients – it is too tough and I was still getting comment spam with it. Locked myself out quite a few times with this.Two mistypes, and hitting the enter key on a blank password locked me out. I know you can set it however you like, but not user friendly enough for me.
This is an awesome unobtrusive plugin to help you keep track of all of your theme and plugin updates. Easy to install and configure which is a plus for me. In their own words:
It's important to keep your WordPress sites updated, both for the security of your site and to take advantage of the latest features and improvements of your themes and plugins.
Updates to WordPress core and any plugins or themes installed on your sites can happen pretty frequently. And if you're managing multiple WordPress sites, keeping them all updated can take up a lot of your valuable time.
iThemes Sync is an easy way to manage updates for all your WordPress sites from one place. Instead of logging in to each site individually, you have one place to view and install available updates.
Maybe it is because I know the developer, maybe it’s because it’s a great plugin or a combination of both, but I love this plugin. It covers a lot of bases when it comes to WordPress website security, and gives me peace of mind for my website. It isn’t the only thing I have installed but it is a must and a first security install for me on a clients site. In their own words:
“iThemes Security shows you a list of things to do to make your site more secure with a simple way to turn options on or off. We’ve simplified these steps and provided descriptions of each action so you know exactly what’s happening on your site. You shouldn’t have to be a security pro to use a security plugin. And isn’t that the point?”
Spent ages looking for the right plugin. One that looked nice and integrated with WordPress easily. This is the plugin I settled with. I am still in the process of finding out if it works for me, but so far I love it. I would like to see it as a plugin that created its on review section with searchable reviews, but I don’t think the free version has that ability.
I just have to come up with a way to show the posts and make them searchable, which is why all reviews have their own category, but share tag taxonomis. Looking forward to updating this review soon, but I highly recommend it.