Now that you have WordPress installed, there are additional steps to do, we need to install important plugins and place bits of codes here and there to assure security and optimize our WordPress performance

Crucial WordPress plugins to install

Below is the list of plugins you need to install and activate, check below for installation instructions. You can also click on each of them for configuration guide.


Table Of Contents

Google Site Kit

wpForms Lite




W3 Total Cache


How to install WordPress plugins

head over to your admin Dashboard , Login from here http://websiteURL/wp-admin

Head over to plugins, Add new

Now search for the plugin you need, Click Install, then after few second Activate

One you Activate a plugin, you can find its settings under Plugins, or on the Plugin icon on your WordPress dashboard section



robots.txt file

We need to head over to File manager, and make sure to create a file under the name of robots.txt and paste the below content, this file need to be on the root folder Public_Html. For instructions check step 4 here

User-agent: *
Disallow: /wp-admin/
Disallow: /category/
Disallow: /page/
Disallow: /tag/
Disallow: /2016/
Disallow: /2017/
Disallow: /2018/
Disallow: /2019/
Disallow: /2020/
Disallow: /n2021/
Disallow: author/admin/
Disallow: //wp-content/
Allow: news/wp-admin/admin-ajax.php

To test your file head over here

.htaccees file

Create a file under the name of .htaccess and paste the below content, this file need to be on the root folder Public_Html

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

SSL www to root domain redirection, you need to activate SSL for your word press first before using this one, check the guide here

increase load times by caching images

Paste the below content at the end of your .htaccess file

<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On
# Default directive
ExpiresDefault “access plus 2 days”
ExpiresByType image/jpg “access plus 2 days”
ExpiresByType image/jpeg “access plus 2 days”
ExpiresByType image/gif “access plus 2 days”
ExpiresByType image/png “access plus 2 days”

disable browsing your server files

<Files xmlrpc.php>
Order Deny,Allow
Deny from all

also add

AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

disable image hot linking by adding only your allowed list of sites

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^*$ [NC]
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^*$ [NC]
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ – [F,NC]


Make sure your .htaccess file contains the default WordPress required codes as well, especially if you are having problems.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Options -Indexes

Change WordPress permalinks settings

Now we need to change permalinks, head to the WordPress dashboard, Settings, Permalinks, and make sure it matches the below options.


Creating Email accounts and securing them

Head over to your cPanel, then search for Email Deliverability, then click Manage on the right side of your domain name.

On this page, make sure that your DKIM , SPF and reverse DNS ( PTR) values are valid, if not click Install to insert these values in your DNS settings

Also you can copy these values and then you can add them manually in your DNS zone manager, in WHM panel

Now head back over to your cPanel home, and search for Email, then open Email Accounts, then click Create

choose the email ID you need, along with the password, then click Create on the bottom of the page.

There you can see the settings you need to enter in your email app, for now you have to use none SSL settings, until we convert your site to use SSL.

Make sure to do all the settings shown on this page, click on each plugin to configure it, then head over to the next step for activating SSL.