Now that you have WordPress installed, there are additional steps to do, we need to install important plugins and place bits of codes here and there to assure security and optimize our WordPress performance
Crucial WordPress plugins to install
Below is the list of plugins you need to install and activate, check below for installation instructions. You can also click on each of them for configuration guide.
How to install WordPress plugins
head over to your admin Dashboard , Login from here http://websiteURL/wp-admin
Head over to plugins, Add new
Now search for the plugin you need, Click Install, then after few second Activate
One you Activate a plugin, you can find its settings under Plugins, or on the Plugin icon on your WordPress dashboard section
robots.txt file
We need to head over to File manager, and make sure to create a file under the name of robots.txt and paste the below content, this file need to be on the root folder Public_Html. For instructions check step 4 here
User-agent: *
Sitemap: https://website.com/sitemap.xml
Disallow: /wp-admin/
Disallow: /category/
Disallow: /page/
Disallow: /tag/
Disallow: /2016/
Disallow: /2017/
Disallow: /2018/
Disallow: /2019/
Disallow: /2020/
Disallow: /n2021/
Disallow: author/admin/
Disallow: //wp-content/
Allow: news/wp-admin/admin-ajax.php
To test your file head over here https://www.google.com/webmasters/tools/robots-testing-tool
.htaccees file
Create a file under the name of .htaccess and paste the below content, this file need to be on the root folder Public_Html
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
SSL www to root domain redirection, you need to activate SSL for your word press first before using this one, check the guide here
increase load times by caching images
Paste the below content at the end of your .htaccess file
<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On
# Default directive
ExpiresDefault “access plus 2 days”
ExpiresByType image/jpg “access plus 2 days”
ExpiresByType image/jpeg “access plus 2 days”
ExpiresByType image/gif “access plus 2 days”
ExpiresByType image/png “access plus 2 days”
</IfModule>
disable browsing your server files
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>
also add
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
disable image hot linking by adding only your allowed list of sites
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://www.subdomainname.website.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.website.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.panel.website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.panel.website.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ – [F,NC]
Make sure your .htaccess file contains the default WordPress required codes as well, especially if you are having problems.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Options -Indexes
</IfModule>
Change WordPress permalinks settings
Now we need to change permalinks, head to the WordPress dashboard, Settings, Permalinks, and make sure it matches the below options.
Creating Email accounts and securing them
Head over to your cPanel, then search for Email Deliverability, then click Manage on the right side of your domain name.
On this page, make sure that your DKIM , SPF and reverse DNS ( PTR) values are valid, if not click Install to insert these values in your DNS settings
Also you can copy these values and then you can add them manually in your DNS zone manager, in WHM panel
Now head back over to your cPanel home, and search for Email, then open Email Accounts, then click Create
choose the email ID you need, along with the password, then click Create on the bottom of the page.
There you can see the settings you need to enter in your email app, for now you have to use none SSL settings, until we convert your site to use SSL.
Make sure to do all the settings shown on this page, click on each plugin to configure it, then head over to the next step for activating SSL.