The checklist is divided into five stages, each made up of 72 individual steps:
- Install: The basic WordPress installation.
- Secure: Hardening the WordPress installation.
- Configure: Adjust WordPress settings.
- Connect: Connect WordPress to online services.
- Optimise: Adjust WordPress performance.
|1||Install||Get Required Tools||It may be useful to download and install the following free software as they will be useful for the rest of the installation (unless you have alternative software installed already):|
|2||Install||Domain and Hosting||Buy a domain and hosting account for your WordPress website.|
For examples of hosting companies, see the WordPress.org recommended webhosting companies.
Your host should meet the minimal requirements for WordPress.
Once you have created your web hosting account, please note your web hosting provider’s technical support contact details ad you may need them later.
|3||Install||Email Account Setup||Set up an email address using your new domain for using in the rest of the WordPress installation (unless you have another email address you wish to use of course).|
Contact your hosting company if you are unsure how to do this.
|4||Install||FTP Account Setup||Set up an FTP address using your new hosting account for using in the rest of the WordPress installation.|
Contact your hosting company if you are unsure how to do this.
Find out more about FTP here.
|5||Install||Google Account Creation||Set up a new Google Account for using with Google integration for your WordPress website.|
This will be used for Feedburner, Google Analytics, Google Webmaster Tools and also for GMail if you wish.
|6||Install||GMail Account Integration||If you wish to take advantage of GMail’s powerful features, you can set your new email address to use GMail.|
|7||Install||Feedburner Account Creation||Set up a Feedburner account using your Google account.|
FeedBurner provides custom RSS feeds, statistics and management tools for your WordPress RSS feed.
Find out more about RSS feeds here.
|8||Install||Mailing List Setup||Set up an email list for using with your new WorPress website.|
This list will help broadcast your content.
You will need an account with a recommended email marketing provider, for example:
Once you have set up your account, you can set up an email list for your new WordPress website.
Find out more about email marketing.
|9||Install||Website Monitoring Account Setup||Set up an account with the free website monitoring service mon.itor.us.|
A website monitoring service is used to ensure that your site is live and responding.
Find out more about website monitoring here.
|10||Install||Prepare for WordPress Install||You are now ready to install WordPress. You should check out your options for installing WordPress.|
There are several ways to install WordPress:
If you are unsure, you should check which one is appropriate for you by contacting your web hosting company.
|11||Install||Create Database and Database User||If you download and install WordPress yourself, you will need a database and a database user defined to install it correctly. You can create a database and database user in the following ways:|
If you have trouble with creating a database and a database user, contact your web hosting provider.
|12||Install||Administrator Account Security||When installing, do not use ‘admin’ as the username for the administrator account as this can be a security risk.|
Try something like your site name initials + ‘admin’ – ‘My Awesome Blog admin’ becomes ‘mabadmin’. This is less obvious but still easy to remember.
Don’t panic – this can also be changed after installation if you wish.
|13||Install||Install WordPress||You should decide whether you want WordPress at the root of your domain:|
or in a folder:
Once you have decided and using the information obtained earlier from your web hosting company, you should install WordPress on your hosting account as appropriate.
|14||Install||Logon as Administrator||After the install, you can now logon using the administrator account.|
The logon screen can be found by appending ‘wp-login.php’ to the end of the URL to your WordPress installation as below:
This will give you access to the WordPress Administration Screens.
|15||Install||Check the WordPress Address and Site Address||You can check the WordPress Address and Site Address settings by using the Settings–>General Settings menu item.|
These may be fine for you as they are, but sometimes you may wish to add the ‘www’ here to each URL. Make your changes and click the ‘Save Changes’ button. You may have to logon again after any changes.
Find out more about the General Settings screen.
|16||Install||Check the Site Name and Site Tagline.||On the General Settings screen, you can also set your Site Name and Site Tagline.|
These may been set during installation. You can leave the tagline blank if you wish. Make your changes and click the ‘Save Changes’ button.
Find out more about the General Settings screen.
|17||Install||Check Timezone||On the General Settings screen, you can also check your Site Timezone.|
This will be set during installation. Make your changes and click the ‘Save Changes’ button.
Find out more about the General Settings screen.
|18||Install||Set Ping Services||WordPress can automatically notify popular Update Services that you’ve updated your blog by sending a ‘ping’ message each time you create or update a post. This helps increase traffic to your site.|
You can set the Update Services to use on the base of the Settings Writing Screen using the Settings–>Writing menu item. Make your changes and click the ‘Save Changes’ button.
You can find out more about Update Services here.
Find out more about the Settings Writing Screen.
|19||Install||Delete the Sample Content||You can clean up the sample content provided in the basic WordPress installation.|
· Delete the sample comment using the Comments Screen.
· Delete the first post using the Posts Screen.
· Delete the blogroll using the Links Screen.
|20||Install||Set Permalinks||By default WordPress uses URLs which have question marks and numbers in them which look ugly. However WordPress offers you the ability to create a custom URL structure for your permalinks (short for “permanent link”).|
Go to the Settings Permalinks Screen using the Settings–>Permalink menu item. Make your changes and click the ‘Save Changes’ button.
Tip: A simple and useful permalink structure is
This will provide good SEO benefits and performs well.
Find out more about the Settings Permalinks Screen.
|21||Install||Check Uploads Path||You can upload images, video, recordings, and files when using WordPress. These files are known as ‘Media’.|
You can check the location and structure of the upload directory on the the Uploading Files section in the Settings Media Screen. This is reached by using the Settings–>Media menu item.
Tip: You can probably leave most of the settings here alone, but unchecking the setting at ‘Organise my uploads into month- and year-based folders ’ will make your files easier to find. Make your changes and click the ‘Save Changes’ button.
Find out more about the Settings Media Screen.
|22||Install||Check Robots.txt||The robots.txt protocol is a convention to prevent web crawlers (software used by search engines to categorise and archive web sites) from accessing all or part of a website which is otherwise publicly viewable. This is done by producing a text file on your website that the web crawlers can read.|
Install a plugin for WordPress to help with this called PC Robots.txt.
Find out more about the robots.txt protocol.
|23||Install||Create Logo||You should consider creating a website logo at this stage as you can use it later in the installation process.|
Good places to start:
|24||Install||Set Favicon||A favicon is an image file associated with your particular website. Your web browser can display it in bookmarks and links to your website. You can easily create a favicon with your logo by using the Dynamic Drive favicon tool.|
Once you have created a favicon, you can then add it to your website using the All in One Favicon plugin.
Find out more about favicons.
|25||Install||Burn RSS Feed||If you created a Feedburner account earlier in the installation process, you can now setup your WordPress RSS feed to use Feed burner.|
|26||Install||Check Visual Editor Settings||The Visual Editor in WordPress is what you type your text into to publish it on your website. Many advanced users do not like using the Visual Editor as it can add extra HTML when typing.|
You can turn off the Visual Editor by going to the Users–>Your Profile menu item and checking the ‘Disable the visual editor when writing’ item.
You can also disable it globally for all users by installing a plugin.
Alternatively, you can also install a plugin that stops the automatic formatting by WordPress.
|27||Secure||Change Administrator Account Name||If you have used ‘admin’ as the username for the administrator account this can be a security risk.|
You can now change this to something different using the ‘Admin renamer extended’ plugin.
Try something like your site name initials + ‘admin’ – ‘My Awesome Blog admin’ becomes ‘mabadmin’. This is less obvious but still easy to remember. You may have to logon again after making this change.
|28||Secure||Check Administrator Account Password and Nickname||Check that the administrator account password is secure.|
You can visit the Strong Password Generator website for guidelines and a tool to produce strong passwords.
You can change the administrator account password using the Users–>Your Profile menu item. You can also change the administrators account nickname from ‘admin’ here also (the nickname is the visible name of the user on a WordPress website).
|29||Secure||Update Unique Keys||Unique Keys makes your site harder to hack and access harder to crack by adding random elements to the password. These secret keys are stored in the wp-config.php file.|
You can update these unique keys by installing the Update Unique Keys plugin. This plugin will automatically set and/or update the Authenication Unique Keys in the wp-config.php file.
|30||Secure||Delete WordPress Installation Files||The following files can be deleted using your FTP client:|
These files can provide are a security risk and do not need to be there for your WordPress website to function correctly.
|31||Secure||Move wp-config.php||You can move the wp-config.php file to the directory above your WordPress install. This means for a site installed in the root of your webspace, you can store wp-config.php outside the web-root folder and it will not be available to the web.|
Note that wp-config.php can be stored ONE directory level above the WordPress (where wp-includes resides) installation folder. Use your FTP client to move wp-config.php.
|32||Secure||Remove WordPress Version||WordPress will automatically insert the current WordPress version into the head section. of every web page. This can be useful information for hackers .|
Install the WP-Secure Remove WordPress Version plugin to remove this information.
|33||Secure||Stop SQL Injection Attacks||SQL injection is a hacking technique that exploits security vulnerabilities occurring in the database layer of a web site.|
Install the WordPress Firewall 2 plugin to identify and stop the most obvious SQL injection hacking attempts against WordPress.
Find out more about SQL Injection.
|34||Secure||Change WordPress Database Prefix||You can check the security of your WordPress installation by downloading and installing the Better WP Security plugin.|
This plugin will fix many issues already identified in your installation, so you may not need all the fixes. However, you should at least consider using this plugin to rename the default WordPress database prefix away from ‘wp’.
|35||Secure||Update Htaccess Settings||A htaccess file is used by a web server to set permission and security. Your WordPress installation contains one of these files and can be used to increase security on your website.|
Install the BulletProof Security plugin for a fast way to check the security of your htaccess file.
Find out more about htaccess files.
|36||Secure||Add File Monitoring Scan||If a hacker does gain access to your WordPress website, they can make changes to your website that may not be detectable even when you login.|
Many of the reports may be false positives, but the information is useful. If you do get hacked, you will be alerted quickly.
|37||Secure||Stop Comment Spam||Comment spam is endemic on the internet. Install a plugin to filter the spam comments from the real comments.|
Find out more about the problem of spam in blogs.
|38||Secure||Check Comment Settings||The Settings Discussion Screen allows you to set the options concerning comments (also called discussion). You can find this on the Settings–>Discussion menu item.It is here the administrator decides if comments are allowed and what constitutes Comment Spam.|
Find out more about the Settings Discussion Screen.
|39||Secure||Prevent Brute Force Password Discovery||A brute force attack involves systematically checking all possible passwords until the correct one is found.|
You can prevent brute force attacks against your WordPress website by installing the Login Lockdown plugin.
Find out more about brute force attacks.
|40||Secure||Create Backup Plan||There are many different ways to backup your WordPress installation and files. WordPress websites need two separate backup types:|
The options should be considered:
Find out more about WordPress backups.
|41||Configure||Plan Site Taxonomy||A site taxonomy is a grouping mechanism for content. There are two default ways to group content in WordPress:|
However you are not limited to just two types of taxonomy in WordPress. You create custom post types and custom taxonomies to organise your content as you wish e.g., create a job taxonomy for a jobs website or a movie taxonomy for a movie review website.
|42||Configure||Improve 404 Errors||404 errors happen when a page is requested that does not exist.|
WordPress can handle these errors fine but you can make your 404 pages much better by installing the Smart 404 plugin.
This will plugin will perform a search of the site using keywords from the requested page and attempt to redirect the user to relevant content.
|43||Configure||Configure Related Content||Once your visitors have finished reading one piece of content, it always a good idea to show them related content.|
You can do this automatically by installing the Contextual Related Posts plugin. This will display a list of contextually related posts for the current post.
|44||Configure||Install Maintenance Plugin||You will now be in adding pages to your website and you may not want the general public seeing your unfinished website.|
Install the WP Maintenance Plugin so that your visitors will only see a maintenance page while you finish the setup.
|45||Configure||Add Contact Page||Adding a contact form plugin such as Contact Form 7 makes adding a contact form very simple.|
Install the plugin and create a contact page.
|46||Configure||Add Utility Pages||Most websites will have pages for the following:|
Google may require sites using Adsense to have some of these pages.
|47||Configure||Add HTML Sitemap||Some website visitors like to be browse a map of the entire site.|
Install the Atlas HTML Sitemap Generator plugin and it will create a sitemap page for you automatically by using a shortcode (a special code that produces an effect when typed into a WordPress post or page).
|48||Configure||Install a WordPress Theme||Installing a WordPress theme is easy, choosing one is difficult!|
The following list should be kept in mind:
|49||Configure||Configuring the WordPress Theme||Once installed you must configure your WordPress theme.|
The following list if options is not exhaustive:
|50||Configure||Test WordPress Theme with Sample Content||If you wish to test your theme , you can import the test data supplied at WordPress.org and run through some of the suggested tests.|
Once you have finished with the test data you can use the Bulk Delete plugin to delete it all.
|51||Configure||Add Mobile Support||If you wish to add mobile support for your WordPress website you have many choices of mobile theme. The following two plugins come recommended:|
|52||Connect||Configure Google XML Sitemaps||An XML sitemap is a list of pages of a web site accessible to a search engine. You can install the Google XML Sitemaps plugin will do this for you automatically. This will help your website get indexed more quickly and allow you to see how Google sees your site.|
Find out more about sitemaps.
|53||Connect||Configure Google Analytics||Web analytics is the measurement and analysis of website visitor data so that you can optimise your website. The best free tool for this is Google Analytics which you can sign up for using your Google account.|
Once you have created the necessary code for your website, you can install the Google Analyticator plugin and add your code.
Find out more about web analytics.
|54||Connect||Install WassUp Realtime Analytics||If you want to see what your visitors are up to in realtime, you can install the WassUp Realtime Analytics plugin.|
This will give your a simple view of visitor interactions with your website as they browse through. Very useful and fascinating to watch.
Please note that this plugin cannot be used with certain caching plugins used to increase performance.
|55||Connect||Configure Twitter Integration||Using your email address created earlier, you can create a Twitter account. You should then customise your Twitter profile picture and customise your Twitter page to match your website. Once your Twitter account is setup, the following plugins will integrate Twitter into WordPress:|
|56||Connect||Configure Facebook Integration||Using your email address created earlier, you can now create a Facebook account. Once your account is created, you should customise your profile and add a Facebook page to advertise your website. The following plugins can then be used to integrate Facebook into your WordPress website:|
|57||Connect||Configure LinkedIn Integration||LinkedIn is a business-oriented social networking site. If you are in business, it can be useful to link your WordPress Website to your LinkedIn profile. This can be done using the following plugins:|
Find out more about LinkedIn.
|58||Connect||Add Social Media Integration||There are many social media WordPress plugins available. Here are some that may be useful:|
Find out more about social media.
|59||Connect||Add Mailing List Integration||Using your mailing list provider account setup earlier, you can now add integrate a subscribe box for your mailing list to your WordPress website. The following plugins may help:|
Please check with your mailing list provider for more information. Don’t forget that you can add an email form to a text widget if no plugin is available.
|60||Connect||Configure Adsense and Other Advertising||If you use Google Adsense, you can now integrate your adverts into your website. There are numerous plugins availableto help with Adsense if you wish.|
There are other options for advertising on your WordPress website.
|61||Connect||Connect to Web Monitoring Service||Using your the free account with the free website monitoring service mon.itor.us created earlier, you should now add your site to the service so that you uptime can be monitored.|
|62||Optimise||Configure WordPress SEO||There are many plugins to improve WordPress SEO.|
The plugins below should provide coverage for most installations.
Find out more about SEO.
|63||Optimise||Add Popup to Advertise Mailing List or Products||Adding a popup window to your website can increase subscriptions and is a great way to announce new products or services to your visitors.|
|64||Optimise||Add a New Visitor Greeting||New visitors often appreciate some context and background information about your site.|
You can offer them a special welcome and invite them to become permanent subscribers using the What Would Seth Godin Plugin Do (WWSGPD).
Find out more about the background to this plugin.
|65||Optimise||Add Your Sales Pages||Your sales page is where you present your products or services to your customer. A sales page can be added using any theme with some work, but there are several commercial themes that can help with sales pages directly:|
You should also consider your copy writing skills when designing your sales pages.
Find out more about sales pages.
|66||Optimise||Integrate Payment or Ecommerce Provider||Now you want to get paid!|
WordPress makes it extremely easy to integrate your payment processor or ecommerce functionality into your site. There are many plugins available:
|67||Optimise||Cleanup||You may now have multiple unused themes and plugins in your WordPress website.|
You should now deactivate and delete any unused themes and plugins from your website. Unused themes and plugins which are not updated can be a security risk.
|68||Optimise||Increase the Performance of WordPress||You can improve the performance of WordPress using a caching plugin. The most highly recommended one is the W3 Total Cache plugin.|
This plugin also has transparent content delivery network (CDN) integration which allows your content to be spread across high performance servers to increase performance.
|69||Optimise||Test Your WordPress Configuration||Now that your website is almost complete, you should test the WordPress configuration to see if there are any issues:|
|70||Optimise||Test Your Website Using Different Browsers||It is a good idea to know how your website is displayed to your visitors.|
If your sign up for the free service at BrowserShots.org which will allow you to test your website in various browsers on different operating systems.
You should see how it looks in the following combinations:
|71||Optimise||Run a Final Security Scan||Running the following plugins may identify security issues that have been missed by any steps so far:|
Some of the issues identified will be false positives, but the scan is very useful.
|72||Optimise||Add Content and Publicise||Once you have done your keyword research and created your first content then you should let the world know about your new website by creating a press release.|
Well done! Time for a coffee