WordPress Configuration: A beginners guide to improving your WordPress Workflow

I’ve been maintaining websites built on WordPress for quite some time now (going on 10 years in fact) and I’ve learned quite a few things about improving my WordPress configuration to ensure I get the best results both for my personal projects and for my clients.

I also spend a lot of time on Reddit — mostly looking at memes and reading pointless arguments — BUT I do also spend some time on the WordPress Subreddit where it’s recently dawned on me that many beginners still struggle with the basics of their WordPress configuration workflow. So, without babbling on any more, I’ve decided to list out a few essentials you should seriously consider when setting up (or getting someone else to set up) a new site on WordPress.

1. WordPress.Com or WordPress.Org? Yep, they’re different, with the basic distinction coming down to flexibility. While WordPress.com offers an easy set up and maintenance option, it is also considerably restrictive when it comes to customisation and functionality. WordPress.Org on the other hand is a self-hosted, fully customisable and limitless solution. It also means a bit more responsibility from your end as the Website Administrator, but in turn provides you with much more flexibility. For the sake of the rest of this article, we’ll be sticking with WordPress.Org – for those of you who go down the WordPress.Com path, the following will likely not apply.
2. Choose a good Hosting Provider. Trust me, I’ve learned the hard way. I started out like many, using the cheaper option aimed at small businesses which, it turns out, is almost always a shared hosting solution offered by providers such as NetRegistry or BlueHost. Don’t get me wrong, these can be a good starting point, but as your site (and your knowledge) starts to grow, you’re going to wish you’d purchased dedicated hosting instead to avoid the migration headache down the track. As opposed to shared hosting (where your website shares the server with other sites), dedicated hosting means that your site is the only one hosted on the server. In short, this equates to better performance, faster speeds, improved security and better support. Put some time in to research your options – I switched to Cloudways and haven’t looked back since.
3. Install an SSL Certificate. Most often, this comes free with any good hosting provider. Cloudways for example include a Let’s Encrypt SSL free with every application install and many other providers do the same. Without one, you’re opening up your user base to potential security threats and your site is also being highlighted as insecure in most web browsers. There’s really no excuse not to have one. Converting from http to https down the track can be quite the undertaking depending on the size and scope of your site, so act early and do it before you even start!
4. Set up a Staging Environment. Remember when WordPress 5.0 rolled out late last year? I can’t even begin to imagine the anxiety levels of pushing that Update button without first testing on a staging environment. Essentially, a staging environment is a duplicate of your site that allows you to test any changes or updates for issues before pushing them live. This is especially helpful for core WordPress updates, plugin updates and site customisations. Again, a good hosting provider should be able to assist with this, otherwise there are some tutorials available to help you out.
5. Install a Security Plugin. Admittedly, I only started doing this recently due to a slight ignorance of their existence and am surprised I got away with it relatively unscathed. Since then, I wouldn’t push a new website live without having the added peace of mind that my site is being kept secure 24/7 and I’m being alerted immediately of any issues (including site down-time). Like anything, there are free and premium options available with many users opting for the Wordfence solution. Again, do your research and choose something suitable for your site needs. Remember: No site is ever completely secure, but you can take steps to minimise vulnerabilities. This leads me to my next point…
6. Stay up to date. As a WordPress Administrator, it is your responsibility to keep the core WordPress installation and any plugins up to date. It’s baffling how many WordPress websites exist that boast outdated versions of plugins, some of which date back months or even years. Updates are released for a reason, and can quite often include important security patches that are required. Get into the routine of checking your site/s regularly and updating your plugins, it’s an absolute must for any WordPress configuration!
7. Backup, Backup, Backup. Let’s say you are hacked and need your site back online quickly. Do you have any back ups of your website available? No? Oh, good luck then. Yet again, another reason for revisiting point #2 — a good hosting provider will include regular back ups as part of your plan. I’d also go one step further and install a backup plugin such as Vaultpress or UpDraftPlus to conduct automated off-site backups for you also. You’ll thank me for the added peace of mind.
8. Choose Secure Login Credentials. The very core of your WordPress configuration starts with the Admin screen and this is yet another one that seems obvious – Don’t create basic login credentials for Administrators. Choose a secure Username and an extra secure Password. Don’t question it, just do it. In fact, don’t limit this advice to WordPress. Do it for everything. Trust me.

So there it is, in a nutshell. I think I’ve covered a lot of the basic information a beginner needs to know for their WordPress configuration, much of which was learned over many years of trial and error. It may seem like a lot to get your head around, but it really isn’t when you begin to get an understanding of how all of these little steps come together to complete the bigger picture. Enjoy the platform, because it truly is and can be as flexible as you want it to — just make sure the basics are in place first to avoid any headaches down the track.