17 WordPress tips to get you on the right foot

WordPress is a fantastic platform which allows virtually anyone to setup and run a professional looking website with relative ease. And you can personalize it as much as you want thanks to countless themes and plugins.

With that said, WordPress is also notorious for some strange issues. You can have two identical installations, with the same configuration, same addons and on the same server, yet they can perform totally differently. This can make the WordPress experience quite confusing, especially if you’re not experienced with coding. Or maybe you just want to work on your content, instead of dealing with coding. Knowing your way around WordPress certainly needs some time. Knowing a few simple tips and tricks will be of great help to tackle most issues and challenges that WordPress will surprise you with. So, let’s begin.

Picking a theme

The first challenge is picking the right theme for your site. With so many themes, this can be overwhelming. Be sure to always try the live demos of the themes. This way you will get an impression of what they offer and whether they have what you need. Sometimes you can add extra functionality to a theme with plugins, but sometimes they won’t be compatible. Also, be prepared for the fact that you may have to pay to get all of the functions a certain theme offers.

SEO can be easier

Search Engine Optimization (SEO) is quite the challenge for many. The battle to get a better ranking on the results pages is fierce. Google makes a lot of changes in the way it indexes pages and this can be tricky for web admins to follow. An SEO plugin like Yoast can handle a lot of those tasks for you.

Avoid too many plugins

The strength of WordPress is the vast amount of plugins that you can use. But it can also be its weakness. Using too many plugins can be bad for the overall performance of your website. Each plugin will use some of the CPU, memory and bandwidth of your hosting plan. So, with too many plugins installed you can have very resource-consuming site. They can also be a security risk. This is why you should always only keep the plugins you absolutely need.

Keep widgets to a minimum

WordPress also offers the use of widgets which you can add to the sidebar, footer and basically (almost) anywhere you want.  They can be great to add extra functionality for your users, but don’t go overboard with them. Widgets are also resource-consuming and can distract the users from the content. Professional-looking sites don’t rely on that. They look clean and crisp. So should yours.

Customize your permalinks

The permalink is the… permanent link for a given page or post. WordPress has several options for you in its main settings. Originally, WordPress defaults to a permalink with the date of publishing. This is fine for news-related sites, but it can be confusing for pages with content which is not time-related. So, go to Settings > Permalinks and change it to some of the other options which is better for your goals. Usually a link with the name of the post, but without the date is fine.

Hide sensitive folders

WordPress is relatively secured, but it has its fair share of weak points. One of them includes some of the folders like wp-includes, wp-content, wp-uploads. You can disable the browser access to these folders via the .htaccess file which is located in the root directory of your website. You can edit it with a text editor and simply add this at the bottom:

Options –Indexes

Save the file and that’s it.

Hide .htaccess files

It’s a good idea to keep the .htaccess files hidden away from direct access. For this you can go to the main .htaccess file in your root directory and add this:

<Files .htaccess>
	Order allow, deny
	Deny from all
</Files>

Save the file and that’s it.

Move on to HTTPS

This is an absolute must for any and every website these days. Sites without a secure connection get punished by the search engine ranking systems. So, make sure you add an HTTPS connection. Many web hosts these days offer a free SSL certificate, but there are also plenty of affordable options, too. When you have done that you can use an SSL plugin to complete the transformation.

Limit Login Attempts

One of the ways hackers try to get access is by brute force. This means simply trying over and over again with various passwords. This can be detrimental to the allocated resources for your website as the bots will try thousands of variations constantly. And they may eventually get it right.

So, if you add a plugin that limits login attempts you will save yourself a lot of trouble. Such plugin will allow you to even ban IPs after a certain number of attempted retries. Generally, it’s great to allow 3 retries and then force a 20-minute lockout. This means that this username will not be accessible for 20 minutes. Then you can also add another rule that a second lockout within 24 hours increases the lockout time to an even longer period.

Block IP addresses for good

Sadly, sometimes users or hackers could abuse the site with various tactics. This is where you can resort to blocking the IP that continues to bother you. Open your main .htaccess file via cPanel and add this:

<Files *>
Order Allow,Deny
Allow from all
Deny from xxx.xxx.xxx.xxx
</Files>

Change the xxx.xxx.xxx.xxx to the specific IP. You can block one IP, several if you add another “Deny from” line or whole ranges. Note: Many users still use shared IPs and/or if you block a whole range, you may end up restricting a vast proportion of good visitors to your site. Plus, hackers can often easily switch to another network. So, it’s best to use this feature as a last resort and update the list often.

Limit Access to Login Page

This is another variation of the previous tip. Here, you can limit the access to the login page only for a specific IP address. This way only requests from that IP will be honored. Open the main .htaccess file and enter this:

<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx
</Files>

Where xxx.xxx.xxx.xxx is your IP. Note: If you use a dynamic IP or have to enter the login page via another network, you won’t be able to access it without changing this first.

Add Two-Factor Authentication

This is another layer of security which will make your WordPress site even more difficult for hackers to get into. This is good, as most hackers will just go to another site which has lower security. There’s the plugin called Two Factor which you can use do add the multi-layered authentication. This way you will have to complete a second task when logging in after you enter your password.

Hide the Admin Bar

The Admin Bar is useful for the site admins, but not for the other registered users. So you can hide it, providing a cleaner and safer experience. To do this, open the functions.php file of your theme and add this code:

add_action('after_setup_theme', 'remove_admin_bar');
function remove_admin_bar() {
    if ( !current_user_can('administrator') && !is_admin() ) {
        show_admin_bar(false);
    }
}

Save the file.

Take care of your images

Images are a great way to bring life to your website. They can also be the biggest culprit for a slow website. Moreover, they can consume a lot of your storage space and bandwidth. This is why you should use an image optimizer plugin which can compress the pics. This way you will save a lot of resources and the search engines will be happier, too.

Use the Lazy Load Images feature

Many caching plugins have the Lazy Load Images feature. This means that images will only load when the user scrolls to them. As a result, the initial loading time of a webpage will be shorter, improving the user experience. If you’re using WordPress 5.5 or a later version, this feature is actually built-in, but only for uploaded images. If you use external links to images, they won’t be lazy loaded, so you will need to use a plugin for that.

Add a title and Alt text to your images

When you upload an image to your WordPress site, you will have the option to add Title Tags and Alt Text to them. While the exact SEO benefits of this are part of a discussion, the feature will be good for your visitors. They will be able to see these tags when they hover over the image or open it. It creates a feeling of attention to detail along with a site that is well taken care of.

Use a Child Theme

It’s great that WordPress allows you to customize everything on your theme, but there’s also an issue. When the theme is updated by the developer, you will lose all of the custom code you’ve added. This is where a Child Theme comes to the rescue.

A Child Theme is basically a copy of your theme, but when the parent theme is updated, you won’t lose your custom code.

To create a Child Theme you have to visit the file directory via your cPanel or FTP and go to WP-content > Themes. Create a new folder with the same name as the one you’re using, but add –child at the end. For example: twentytwenty-child.

Inside that folder create a file with the name style.css and paste this code:

/*
 Theme Name:   Twenty Twenty Child
 Description:  Twenty Twenty Child Theme
 Template:     twentytwenty
 Version:      1.0.0
*/

Replace the “Twenty Twenty” with the name of your theme. Save the file. You can also create a functions.php file in the same directory if you want to add custom functions to it. Next, go to the WordPress Theme dashboard and enable the Child theme.  

These tips are going to help you start your WordPress adventure on the right foot. Now you will be able to focus on expanding your site and adding more functions and features as per your needs. Happy WordPressing!