WordPress setup is a task that some of us do a lot. If you’re setting up a site on WordPress.com, you really don’t need to do much; it’s all done for you. But if you’re setting up a WordPress.org-based site, you may find this little checklist helpful.
When I set up a new web site with WordPress, I put in a bunch of different plugins.
- Askimet for spam
- Shortpack for media shortcodes (the Jetpack shortcode complement)
- Google Authenticator for two-factor authentication
- WordPress SEO By Joost (Yoast) de Valk
- Google Analytics for WordPress (also by Joost de Valk)
- Safe Mode (lets you append &safe_mode=1 to any URL, disables most plugins
- BackWPUp (backing up to AWS or some other low-cost cloud vendor).
- BulletProof Security
- Limit Login Attempts (to keep out crackers)
I set up the permalinks to this custom setting, /%category%/%postname%/. This allows the site to have section that appear in the URLs.
I activate Askimet to keep comment spam at bay.
I put in Google Authenticator to allow two-factor authentication.
There is a concerted attack by some internet criminals on WordPress.org sites. It is vital to change the admin password to something hard to guess. It is vital to use the Limit Login Attempts plugin.