The most important actions you should take after installing WordPress

After having installed WordPress on your server it is time to put your batteries and take a series of actions that are very important. Enter and find out.

1. Install a theme that adapts well to your website.

You have thousands of free themes that you can search and install from the WordPress admin panel itself, it's very easy.

On the other hand, if what you want is a professional site you can get some premium theme payment. It is highly recommended by most professional bloggers.

2. Install a security plugin.

Believe it or not, there are many threats that can compromise the security of your blog. To avoid them there are many plugins that will improve the security of your installation by default.

The one that I use in my blog iThemes Security . I recommend it to you. Among many other things, it blocks the IPs that try to log in to your administration panel to take control by brute force.

3. Delete the default content

When you do a WordPress installation from scratch, files with default content are installed so you can create your blog quickly. Actually that content is not worth anything, besides it usually comes in English.

Delete the post " Hello world ", also the predefined page as well as the comment that comes with the installation.

]4. Friendly structure of your urls

For the SEO of your blog it is very important that you change the default structure of the WordPress urls. You must put the type: .

5. Create a sitemap

A sitemap is a file with the structure of your website. It is very important for Google, so that your spiders can correctly index all the pages.

You can create a XML sitemap very easily with WordPress plugins. Once you have created it you must upload it to Google Webmaster Tools .

6. Install a cache plugin

It is important for the good performance of your website that you have installed a plugin that is responsible for managing the cache. Why? Because that way reduces the download times of the contents of your site and by increasing the performance of your hosting .

7. Install a backup plugin

One of the worst things that can happen to you when you have a site with WordPress is that your data gets corrupted, you are hacked or you simply lose control of your blog.

This does not usually happen with a CMS like WordPress but it's always better to prevent. For this I advise you to install a plugin for backups like Better WP Security .

One of the great advantages of this plugin is that you can make backups by programming them periodically and without need to be in front of the computer.

I hope you have understood that after installing WordPress you need to continue configuring it before writing. I recommend you to continue learning more about the WordPress installation and configuration because it is to invest time intelligently.

Customize everything you can to ensure and optimize your website.

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

WorPress 4.0 beta 4

There is less left for the final version of WordPress 4.0 and today the last beta came to light.

With more than 250 changes, in beta 4 over everything has been improved the icon bar of the editor, which you already know that in WordPress 4.0 follows the scroll, improvements in the language selector in the installation and the new grid style design has been adapted to small screens multimedia attachments manager.

Vulnerability in the Disqus plugin: found and solved

 Disqus WordPress

A few months ago a researcher discovered vulnerabilities in the Disqus plugin for WordPress that, fortunately, they have already been fixed.

Nik Cubrilovic, who is the name of the good Samaritan, discovered up to three possible serious flaws in the plugin . The biggest problem was a bug that could allow a cross-request (XSS) in the file " Manage.php " of the plugin, used for the same settings.

The problem is that there were parameters without the necessary filtering that would prevent an attacker from injecting an exploit .

To prove it, the security researcher created a sample exploit
and tested it in a real-world scenario by sending an email electronic deceptive to the administrator of the web of tests.

Something of social engineering was required to convince the user to visit the web of the attacker and that this way the exploit would work but it worked

He also discovered that there was not a nonce in the settings file that checked the sending of data, come on, that did not use the function wp_verify_nonce that any developer should apply as basic security measure of verification that a nonce is valid.

The creators of the Disqus plugin for WordPress included a nonce but they did not manage to be verified in the shipment, so that an attacker was still allowed to erase plugin settings or to launch an exploit .

Fortunately, the expert located an unfiltered parameter in the plugin update script that could be fixed and so avoid an XS script S.

All these vulnerabilities were reported to Disqus on June 9, and were fixed on June 29 with version 2.7.6 with improvements that included not only the solution to the failures detected by Cubrilovic but also by other security researchers such as Alexander Concha and Marc-Alexandre Montpas. In addition, Disqus released version 2.7.7 that contained additional security enhancements.

So quiet, Disqus is secure in addition to being the substitute for the most commonly used native WordPress comment management, with more than 1.4 million downloads and used on the most important websites, including this blog 🙂

Source: Security Week

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Problems accessing due to IP blocking • WordPress Help

In the last hours it is being informed of multitude of users that can not access their blogs hosted on .

The problem seems to be motivated because has blocked the IPs of the service provider (ISP) Sky Network which manages traffic from Europe to the US and other countries.

This has been because has detected IPs, coming from that provider , which could be a danger to your servers so have blocked the entire ISP at least for the time being.

So if you can not access your blog or even all WordPress .com may be because has your IP among the blocked.

We do not know anything else at the moment, so patience. In the meantime you can encourage to install your own WordPress the .org, the authentic one, and thus not depend on the decisions of others in the future. And if nothing, wait.

WordPress 3.9.2, security update • WordPress Help

This update solves important security flaws and in the meantime it was the first time that the WordPress security team worked hand in hand with the security team of Drupal to solve them, a good practice in which we all win.

The list of modified files, which I know that many of you like to control these things, is the following:

If you do not have active automatic updates you are taking a long time to go through the page of WordPress desktop updates and now update to WordPress 3.9.2

Previous WordPress branches have also been updated to versions 3.7.4 and 3.8.4 (in case you're still using them) and the beta 3 of WordPress 4.0.