There are a few essential steps that need to be taken with any new wordpress install. Obviously not every wordpress blog will be the same but there are some basics that I feel should be done regardless of what kind of blog you’re creating.

Here we’ll go through 10 steps that are essential to preform after any wordpress install including a list of 10 plug-ins that are a must for blogs of any type.

Step 1 – Change Permalink Structure

When you go to Settings > Permalinks, you’ll notice that the default permalink is http://site.com/?p=123. This structure not only isn’t a good idea for SEO but it also doesn’t tell your visitors anything about the link they’re visiting.

I would suggest a custom structure here using only the post title (http://site.com/title-of-article) which will provide some keywords for search engines as well as giving your readers something to go on.

Some people choose to add in the category (http://site.com/category/title-of-article) however, if you want to assign multiple categories to a single post, you will have to work out a way to deal with duplicate links.


To change your permalink structure choose Custom Structure and paste /%postname% in the box. If you want to add the category as well paste in /%category%/%postname%

Step 2 – Set up Authors

Since we want to remove the admin account in the next step for security reasons, it’s time to set up the authors of our blog. To do this go to Users > Add New and fill out the form. Be sure to make yourself an administrator, you will then want to set up any other authors that will be writing for your blog assigning them to whatever role and permissions you want them to have.


Step 3 – Fix Security Issues

There are a few minor security issues that need to be dealt with on a new wordpress install. While these aren’t major risks, it’s good to have every security measure possible in place to keep your blog safe. The last thing you want after taking the time and energy to put your blog together and get it up, is for it to be brought down through an exposed security point that could have easily been avoided.

Disable Remote Publishing: Unless you use an external blog editor I would recommend disabling both Atom and SML-PRC publishing. These settings are under Settings > Writing.


Remove The Admin Account: You’ll want to delete the default admin account that is automatically created when you install wordpress. Hackers know that this account is automatically added by default and is automatically assigned ID#1 making it an easy starting point for them. To do this go to Users, mouse over the admin account and click Delete.

Disable Post Via Email: These settings are also under Settings > Writing. If you don’t plan on posting via email, don’t put any real information in this section.


Create a blank index.html file to hide directories: Put this file in every directory you don’t want people to be able to browse. That way if someone loads a directory, they will just be shown a blank white page instead of the contents of the directory.

Alternatively, you can use htaccess to prevent people browsing your directories if you’re confident editing it.

Step 4 – Set up Discussion Settings

In this section we’ll be focusing specifically on the areas shown in the image below. First navigate to Settings > Discussion


There are a number of areas under the Settings section and most of them are either very intuitive like the General Settings or will just be left on the default settings. However, the Discussions area has some important options that you will set according to your own personal preferences. Let’s take a look at each of these options and what each mean.

  • Attempt to notify any blogs linked to from the article – This will notify any other wordpress blogs that you link to in an article with a pingback. I recommend you have this checked since pingbacks can send some pretty decent traffic to your blog.
  • Allow link notifications from other blogs (pingbacks and trackbacks.) – This notifies you if any other wordpress blogs link to you and adds a pingback/trackback to the comments of the article that was linked to. I also recommend you have this checked for the same reason.
  • Allow people to post comments on the article – This one is totally a personal preference. If you want to allow comments on your blog check it, if not leave it blank. My personal opinion on this is that comments are a large part of what makes blogs great, however, I know of some great blogs that have comments disabled because the author doesn’t have time to keep up with them.
  • Comment author must fill out name and e-mail – I recommend having this checked to reduce the amount of spam you get in your comments.
  • Users must be registered and logged in to comment – If you have a site where users can register you would probably want this checked to further reduce spam. However, if, like most blogs, you don’t offer registration or don’t want to require readers to register to comments, leave it unchecked.
  • Automatically close comments on articles older than — days – Some bloggers choose to close comments for older posts so that they don’t have to keep constantly going back to check for new comments and reply to them. If you want to implement this strategy check this option and set it to the number of days you prefer to leave the commenting open.
  • Enable threaded (nested) comments — levels deep – Threaded comments are a new feature in WordPress that I haven’t had a chance to thoroughly explore. If you want to use nested comments, first you need to make sure your theme supports them, then check this box and set the number to the maximum you want shown on your blog. Any more than the number shown will be hidden and the reader will be given the option to view them.
  • Break comments into pages with — comments per page and the — page displayed by default. Comments should be displayed with the — comments at the top of each page – If you have a very active blog and get a lot of comments you will probably want to check this option. Using the default settings, if a post has more than 50 comments, they will be split up on multiple pages with the last page displayed and older comments at the top of each page.
  • Email me wheneverAnyone posts a comment – If you would like to get an email every time someone posts a comment on your blog, check this option. If you have a high traffic blog, you may not want to do this to keep your email down to a minimum.
  • Email me wheneverA comment is held for moderation – If you would like to get an email whenever there is a comment awaiting moderation on your blog, check this option. I recommend checking this one since most people want to get comments moderated as soon as possible.
  • Before a comment appearsAn administrator must always approve the comment – If you want to have to approve every comment before it goes live, check this option. Some may choose to do this so that they can check for spam or inappropriate comments before they actually show up on the blog.
  • Before a comment appearsComment author must have a previously approved comment – This is the option I have chosen on Arbenting. If the comment author has never replied on my blog before, I have to approve it before it goes live. However, if the comment author already has approved comments on the blog, their comments will post automatically.

Step 5 – Update Your Ping List


To update your ping list go to Settings > Writing and scroll down to Update Services. Make sure that, at the very least, Pingomatic (http://rpc.pingomatic.com/) is in your Update Services box. Other than that I would also recommend adding the following list along with any additional services you would like notified whenever you add new content to your blog.


Step 6 – Set up Feedburner

Setting up your feed at Feedburner not only gives you more options than you would have with the default, but it also allows you to keep track of your statistics. Go to Feedburner and set up an account if you don’t have one already. Then type in the address of your blog and hit next to set up a feedburner feed for your blog.

If you need help setting up your account or just want to learn more about Feedburner’s options, Setting Up Feedburner to Syndicate Your RSS Feed is a really helpful screencast on doing just that.


Now anytime you link to your feed, make sure to use your new feedburner address. We’ll finish the Feedburner process in step 10 with the Feedburner Feedsmith plugin.

Step 7 – Upload and Activate your Theme

Chances are you won’t want to keep the default wordpress theme. If you’re a professional blog you’ll probably either want to have a custom theme made or purchase a premium theme.

If your blog is a personal or a hobby blog, you may want to try out one of the many free themes available. Whichever way you choose to go, you will have to upload and activate the theme.

First connect with your host via FTP and go to the folder where you have your blog installed. Go to wp-content > themes and upload your theme. Then, to activate the theme, go to Appearance and click on the theme you want to activate.


This will cause a pop-up window showing you a preview of the theme you are about to activate. Click Activate “Theme” and you are done.

Step 8 – Set up Analytics

Google Analytics is one of the best free statistic tracking services available. To set up your account go to Google Analytics and either log in with your Google account info or in the unlikely event you don’t have one, sign up. Now you just need to add your website.

If you don’t know anything about Analytics and need help setting up your account, How to Use Google Analytics for Beginners is a great tutorial for you.


NOTE: Don’t worry about inserting the javascript into your pages yet, the Google Analytics Plug-in will take care of this for you.

Step 9 – Edit the About Page

By default there is a generic ‘about page’ already in your new wordpress install. However, you aren’t going to want to leave this the way it is. Instead you want to personalize it and actually make it about you or your blog. To do this go to Pages, hover over About and click Edit.

I would recommend putting a bit about your blog, a bit of personal information and a photo of yourself if you feel comfortable. Blog readers like to know a little something about you, so adding this bit of a personal touch to your blog is essential, in making this connection.


Step 10 – Install and Activate the Following Plugins

WordPress is a pretty impressive blogging platform on its own, but add plugins, and you have one of the most customizable blogs available. There are thousands of plugins to choose from that can do pretty much anything you can imagine. The plugins we are going to focus on here are those that I feel are essential to any wordpress installation.

To install these plugins you will need to go to the sites, download and unzip them. Then, via FTP, go to the folder where wordpress is installed and go to wp-content > plugins. Upload any plugins you want to install to this folder.

Alternatively, if you’re using WordPress version 2.7 up you can go to Plugins > Add New in your dashboard and search for the plugin there. You can then click “Install” when you find the plugin and it will copy the files to your server for you automatically.


To activate the plugins you have just uploaded go to Plugins and click Activate for each plugin you want to activate. Any plugins with settings will now have it’s own section under Settings.

Plugin 1 – Akismet


Akismet is one of the best spam filters available for wordpress and is one of the two plugins that comes pre-installed on your blog, so all you will need to do is activate it. Once activated, it will ask you for your WordPress API Key. If you already have one for another site, you can use it here, individual keys can be used on multiple sites.

If you do not have a key, sign up for one at WordPress API Keys. Once you have this go to Plugins > Akismet Configuration, enter your key and click Update Options.

Plugin 2 – Permalink Redirect

Search engines tend to hold it against your site if multiple URLs show up for identical pages. Permalink Redirect makes sure that there is only one URL for each blog entry.

While it is a good idea to install this plugin regardless, make sure to use it if you set your permalinks to blog.com/category/title_of_the_post.

Plugin 3 – All in one SEO Pack

All in one SEO Pack gives you options to optimize your wordpress blog for search engines that the basic wordpress install is missing. For the basic settings go to Settings > All In One SEO and fill in the Title, Description and Keywords for your blog. You will most likely leave the other options on this page set to their default.


The other half of this plugin comes into effect whenever you write a new blog post or page. When you are editing a post or page, if you scroll down to the bottom of the page, you will see a section for All In One SEO Pack where you can add the Title, Description and Keywords of each individual post and page, or disable the SEO altogether for them.


Plugin 4 – WordPress Automatic Upgrade

While upgrading wordpress is not the hardest thing to do, it can be cumbersome and a waste of time that is unnecessary with the WordPress Automatic Upgrade plugin. This plugin lets you know when a new version of wordpress is available and allows you to back up your files and upgrade with only the push of a few buttons.

Plugin 5 – Google Analytics for WordPress

The Google Analytics for WordPress plugin automatically tracks and segments all outbound links from within posts, comment author links, links within comments, blogroll links and downloads. It also allows you to track AdSense clicks, add extra search engines, and track image search queries.


This is also where you will put in the javascript for Google Analytics keeping you from having to edit your theme. Go to Settings > Google Analytics and paste the legacy urchin.js script into the box.

NOTE: It is very important that you use the legacy urchin.js script and not the ga.js since this plugin will not work with the ga.js script.

Plugin 6 – WP Super Cache

WP Super Cache is probably not essential for a brand new blog, but since most people start a blog with the intention of it growing, this plugin may become more of an asset as this progress occurs. The plugin generates static html files from your dynamic WordPress blog. This allows for quicker page loading for your readers, as each additional time the page is accessed, the more compact and less memory intensive static page it has generated will load rather than the fully scripted WordPress one.

Plugin 7 – Google XML Sitemaps

Google XML Sitemaps will create a Google sitemaps compliant XML sitemap of your wordpress blog that you can submit to any search engine. While there are some settings you can change for this plugin, it pretty much just works on its own.


Plugin 8 – No Self Pings

Chances are you are going to want to reference and link to past relevant blog posts in your current ones. By default, when you do this, the post you link to will get a pingback from the new post. No Self Pings keeps wordpress from sending pingbacks from your blog to your blog.

Plugin 9 – Feedburner Feedsmith

Now we can complete the last step to getting your Feedburner feed set up. Install and activate the Feedburner Feedsmith plugin, then go to Settings > Feedburner. All you need to do here is put in the Feedburner feed address you set up in step 6 and click Save. The plugin will now detect all ways to access your feed and redirect them to your FeedBurner feed.


Plugin 10 – WP DB Backup

Always back up your data! The geek’s mantra. This holds true for your wordpress databases as well. Imagine suddenly losing a years worth of blog posts and not having a back up. The thought brings tears to my eyes. WP DB Backup allows you to easily back up your wordpress databases.

Bonus: Delete The Hello Dolly Plugin – This is really an insignificant step but one that I always feel the need to take just to keep my folders as clean as possible. Hello Dolly is a useless plugin that puts random lyrics to hello dolly on your dashboard. It comes pre-installed and since I’ve never had any reason to activate it, I always delete it.

Wrap Up

So that’s my must-do list, the routine I got through after every wordpress install. What are the essential steps you take with your new installs?

Enjoy this post? You should follow me on Twitter!