Are you ready to make your site faster + less enticing for hackers? The great news is that it’s pretty easy to secure WordPress after installing it. While these steps are not required to use WordPress, they will help you avoid some shitty situations or needing us to unhack your site.
This post is the last part of a series in setting up your own WordPress website, DIY style. If you missed the third post, check it out here.
The most simple way to secure WordPress is by clearing out the default content that comes with the files you downloaded during step 3. This includes not using “admin” as your username!
Delete default post content to secure WordPress
The first place to start removing content is the Posts section of your WordPress dashboard. When viewing All Posts, if you see a post entitled “Hello World!” it’s time to remove or rename it. (If you have a lot of posts in place, you can search for that phrase.) The “Hello World!” post is what WordPress puts on all sites to demonstrate how the blog feature works.
The next area to check is the Categories section under Posts to see if you have more than just “Uncategorized” as an option. If not, or if you wouldn’t use any of the existing categories as your default, create a new one by adding a name + clicking “Add New Category.” (WordPress will create a slug for you + the description is not required.) Next, go to Settings > Writing + set your default post category, then save the changes. Now you can go back to Posts > Categories + delete “Uncategorized.”
Remove default page content
Head to Pages + check that you no longer have a page titled “Sample Page.” Just like the blog post, you can search for it if needed. If you do have this page in your list, click “Edit” to see if the content is something you use. If it is, rename the page + save a new permalink. But if the default page is full of dummy content from your WordPress installation, trash it.
It’s important to check the page first because some developers use the default sample page to include notes on the custom theme. I do something similar for my clients. Instead of changing the Sample Page content, I create a new page + title it STYLE TILE so that any piece of default content can be removed.
Default WordPress comments
Next head to the Comments section. Scroll to the last page of comments by clicking the double arrows pointing to the right. If you see a comment from Mr. WordPress, go ahead + delete it.
Deleting the “Hello World!” post will automatically delete this default comment + secure WordPress even further, but it’s worth double-checking.
Pre-installed plugins
By default, WordPress comes with Hello Dolly + Akismet installed but not active. If you are using Akismet to help with spam, that’s awesome! If you aren’t using it + you are likely not using Hello Dolly either, be sure to delete the inactive plugins.
Why do you want to clean up your plugins? Because they can become outdated + therefore a security risk since their files are on your server. Plus, removing unused files from your site + server can speed it up along with making your Dashboard easier to use. win-win!
Default WordPress themes
Depending on what version of WordPress you are running, you might have different default themes available. I always recommend keeping at least 1 WordPress theme installed because it is great for troubleshooting major problems. But, there is no reason for you to need 4 or more unused themes on your site.
All of the WordPress themes are named after the year they were released — twenty twelve, twenty sixteen + twenty nineteen, for example. You can pick which one you’d like to keep around, but I’d suggest a newer option rather than the older ones.
Don’t delete an active theme, since that will change the look of your site.
To delete themes you aren’t using + don’t want, head to Appearance > Themes. Then click on the theme you’d like to delete to open a pop-up window. From there, you’ll see “Delete” in the bottom right corner.
And just like that, your site is free of all unnecessary default content! If you want to dive deeper into increasing your site’s security, check out my WordPress security ebook to turn your site dashboard into fort knox + keep the hackers + crappy circumstances from affecting you.