15 Point Checklist: WordPress Start-Up Guide After Installation

15 Things You Should Do Before Writing a Word

Some people install a new WordPress site more often than they change their underwear. And some people, of course, might install a WordPress site only once or twice in their lives. (And some people, unfortunately, fall into both of these categories.)

Whichever type you are, after you’ve installed WordPress on your domain, there are still a number of things you should do before you ever write a word. Below is a checklist of the fifteen most important steps you should go through before hitting “Publish.”

The Experienced Installer

For the experienced installer, getting your site set up can be somewhat tedious. You know WordPress backwards and forwards, and so there are no decisions you need to think about for your blog. You know what should be on it and what shouldn’t. Installing a new site is just a matter of going through the steps.

But have you ever laid those steps out in a checklist fashion? Or do you need to try to remember everything each time you set up a new site?

If you’re like most, you just go through the process and try to remember everything. And then typically, of course, you forget something until down the road when it starts causing some type of issue for you.

If you are an experienced WordPress installer, then you can take the Quick and Dirty List below and be on your way. You may change it up to suit you, but it’s a good place to start.

The Beginning WordPress User

If you are a beginning WordPress user, or you’re someone who installs a new site infrequently, then the amount of choices you have when beginning a new site can be overwhelming. Some decisions are critical, of course, but some things can wait for later. But which are which?

Not to worry. This set up checklist will highlight the critical areas that you’ll need to address.

How This List is Organized

Some things on this checklist are more critical than others, but instead of listing them in order of importance, we will list them in the order that you find them on your Admin Menu in the Dashboard of your site. This way you’ll be able to start at the top and then just work your way down in a quick and systematic way.


The Quick and Dirty List
(Extensive details below for less experienced installers.)


1. Trash “Hello World” Post
Posts >> All Posts >> (hover over title) Trash

2. Set Default Category
Posts >> Categories >> (hover over title) Quick Edit


3. Delete Links
Links >> All Links >> (click “Name” to select all links) >> (choose “Delete” from pull down menu titled “Bulk Actions”) >> Apply


4. Trash “Sample Page”
Pages >> All Pages >> (hover over title) Trash


5. Install Your Preferred Theme
Appearance >> Themes >> Install Themes tab (default view is “Manage Themes” tab – you will need to select “Install Themes”) >> Activate

6. Install Google Analytics / Statistics
Appearance >> Editor >> (on the right-hand side click “Header (header.php)” >> in your header.php file, find the code </head>) >> (paste your Analytics code directly before </head>) >> Click Update File (at the bottom)


7. Delete Default Plugins
Plugins >> Installed Plugins >> (check the “Plugin” box to select all – or manually select what you’d like) >> (choose “Delete” from pull down menu titled “Bulk Actions”) >> Apply

8. Install Desired Plugins
Plugins >> Add New


#9-13: Settings >> General

9. Title
10. Tagline

11. Set Your URL to WWW

12. Membership / Registration

13. Timezone

14. Allowing Comments or Not
Settings >> Discussion >> (check or uncheck the boxes according to your preferences) >> Click Save Changes

15. Set Up Permalinks / Pretty URLs
Settings >> Permalinks >> (choose permalink structure or create your own) >> Click Save Changes

Set-Up Checklist with Explanations

For those who may need more explanation, please see the expanded list below.


“All Posts” Subsection

1. Trash “Hello World” Post

By default, WordPress comes with one post already published titled “Hello World” in order to show you what a post (and a comment) looks like once it’s published. You’ll want to trash this.

Posts >> All Posts >> (hover over title) Trash


Once you trash the post, you will see Trash (1) near the top of the page. Click on that to go to the Trash section, and then hit the “Empty Trash” button.

“Categories” Subsection

2. Set Default Category

With a new WordPress install, the default category is called “Uncategorized.” You should change this to something more appropriate for the theme of your site.

Posts >> Categories >> (hover over title) Quick Edit

After changing the title, remember to hit the “Update Category” button.


“All Links” Subsection

3. Delete Links

WordPress comes with a number of links in your Links section. All of these can be deleted.

Links >> All Links >> (click “Name” to select all links) >> (choose “Delete” from pull down menu titled “Bulk Actions”) >> Apply


“All Pages” Subsection

4. Trash “Sample Page”

Like the “Hello World” post, WordPress also comes with a published “Sample Page” to show you what pages look like. You should delete this page in the same manner you deleted the “Hello World” post – trash it and then go empty your trash.

Pages >> All Pages >> (hover over title) Trash


“Themes” Subsection

5. Install Your Preferred Theme

If you have a theme that you would like to use, then install it and activate it. If you are planning on looking for a new theme, then it’s recommended to skip this step for the time being and go searching for a theme after you have completed the other steps in the set up process.

Looking for a theme you like can take a long time, and you are likely to get sidetracked if you go searching for a theme at this point.

Appearance >> Themes >> Install Themes tab (default view is “Manage Themes” tab – you will need to select “Install Themes”) >> Activate

If you have a theme on your computer that you would like to use, then choose the “Upload” link. All the other options on this page are for searching the WordPress theme directory.

Once you have chosen a theme, remember to “Activate” it.
“Editor” Subsection

6. Install Google Analytics / Statistics

Of course you’re going to want to check out all your site’s statistics, even from Day 1. Google Analytics is probably the best free way to do that.

If you aren’t registered with Analytics, then you can get signed up here. You can find instructions on the site for setting up a domain and getting your Analytics code. Once you have that code, you will need to insert it into your theme’s header file before it will begin tracking your site.

(Note: If you prefer not touch your theme’s code, then there are plugins you can get that will insert the code for you. See the plugins section below for a few suggestions. … Some themes also have a space for Analytics code in the theme, so you may want to check for this.)

Appearance >> Editor >> (on the right-hand side click “Header (header.php)” >> in your header.php file, find the code </head>) >> (paste your Analytics code directly before </head>) >> Click Update File (at the bottom)


“Installed Plugins” Subsection

7. Delete Default Plugins

Currently WordPress comes with two plugins by default – Akismet and Hello Dolly.

Akismet is an anti- spam plugin. It requires an API key (i.e. you have to sign up to use it). If you are planning on making money with your site, then you’ll also need to pay for it. Many people who make money with their sites prefer to use a free anti-spam plugin. If that’s your case, then you can delete Akismet. (You can always reinstall it later if you decide you want to use it.)

Hello Dolly is plugin that inserts random lyrics from the song “Hello, Dolly” on your blog. Why do you need this, you ask? You don’t. It’s a holdover from the very beginning days of WordPress. And while it can be configured to do other things, you probably won’t ever get around to it. That being the case, it’s better to say, “Goodbye, Dolly.”

Plugins >> Installed Plugins >> (check the “Plugin” box to select all – or manually select what you’d like) >> (choose “Delete” from pull down menu titled “Bulk Actions”) >> Apply

“Add New” Subsection

8. Install Desired Plugins

While you don’t need the default plugins, there are a few plugins you should install.

Anti-Spam Plugin – If you choose not to use the default Akismet plugin, you should get some other type of anti-spam plugin. Even if you don’t open up your comments to the public, spammers will still spam your comments file with automatic bots.


SEO Plugin
– WordPress is pretty good out of the box for SEO (search engine optimization); however, having a good SEO plugin can still help you get more traffic from the search engines.


Google Analytics Plugin – If you prefer not to touch your theme’s file in order to install your Google Analytics, you can get a plugin to install the code for you. Below are two plugins that will do the trick.


Plugins >> Add New

Like the themes directory page, if you have a plugin on your computer that you’d like to use, you should choose “Upload” in order to install it.

You can search the WordPress plugin directory for these types of plugins or others you might want. All the other options on this page are for searching the WordPress plugin directory.

Once you have chosen a plugin, remember to “Activate” it.


“General” Subsection

#9-13: Settings >> General

9. Title

Make sure the title of your site is what you’d like it to be.

10. Tagline

Make sure the tagline of your site is what you’d like it to be. The tagline is typically printed just below your title in the header section of many themes if you choose to use it. The tagline is a good place to put keywords related to your site and/or a USP (unique selling point) – a slogan that sets you apart from your competition.

11. Set Your URL to WWW

On the General Settings page you will see your site’s URL listed twice (“WordPress address” and “Site address”). There is a good chance that your URL is NOT the WWW version. In other words, it probably looks like this:


Your site will work either way, but it’s better to have only one version of your site (www or non-www). One reason for this is that if others link to your site’s homepage in two different ways, the authority of those links may get diluted. (Some of the authority will go to the www version, and some of the authority will go to the non-www version.) The reason to choose the www version of your site is that many people naturally think of web addresses as being www.something.something.

There’s no use fighting the tide. It’s better to change your site’s address to the www version.


Remember, there are TWO places to change this:

Settings >> General >> WordPress address (URL)


Settings >> General >> Site address (URL)

12. Membership / Registration

You will need to decide if you are going to let visitors register for your site or not. In most cases for WordPress sites, this depends on whether you will require visitors to be registered in order to post comments. (We will talk about more comment controls later.)

If you are planning to allow comments on your site, and you are also planning to require visitors to register in order to comment, then you will need to enable registration. If not, you can skip this step.

General >> Membership >> (check box titled “Anyone can register”)

13. Timezone

You will want to make sure your site has the right timezone for you. By default, you will see your Timezone set to UTC. (UTC stands for Coordinated Universal Time. It is a standard by which time is regulated worldwide.)

Your time zone is either 0 UTC (if you live in Greenwich, England, for example), or it is number ahead or behind 0 UTC (such as UTC-5 or UTC+7), depending on where you are in the world.

But you do not need to know any of that. WordPress has made choosing your time zone easier by including a number of major cities from around the world. Simply use the pull down menu to find a city that is in the same time zone as you.

Settings >> General >> Timezone >> (use pull down menu to select a city in the same time zone as you)

>> CLICK “SAVE CHANGES” – Most likely, you have made a lot of changes in this section. Don’t forget to click the “Save Changes” button at the bottom of the page!

“Discussion” Subsection

14. Allowing Comments or Not

One big decision you will need to make is whether you are going to allow comments or not. By default, WordPress is set up to allow comments. If you do not want to allow comments (or don’t want to allow them yet), you will need to edit this section.

In this section, you can also put other parameters on commenting such as requiring visitors to register in order to comment. (Remember, if you do this, you will need to check the “Membership” box that we talked about in Step #12.)

Settings >> Discussion >> (Check or uncheck the boxes according to your preferences.) >> Click Save Changes

“Permalinks” Subsection

15. Set Up Permalinks / Pretty URLs

The last thing to do is to turn your URLs from ugly web addresses (like http://www.example.com/?post_id=2) into web addresses that make more sense to both your visitors and the search engines (like http://www.example.com/top-5-recipes-for-chocolate-cake).

WordPress currently gives you a way to easily change your URLs three different ways. However, there are many more ways to set up your URLs if you use the “Custom Structure” option available to you.

One of the biggest advantages to have a “pretty permalink” is that it can help (at least somewhat) with SEO. Because of this, most people like to include at least their title in their permalink, like the example above:


In this case, the title of the post was “Top 5 Recipes for Chocolate Cake.”

But you might also want to include your category too, so it might look like this (if your category is “Cakes”)


Or it would look like this if your category is “Desserts.”


If you choose to set up a custom permalink structure, then there are a number of tags for you to use. You can find a list of different available tags here. (You can also find a link to this page on your Permalink Settings page.)

We’ll go over a few common permalink structures that many people like to use. If you find one that suits you, then you can just copy these tags into the “Custom Structure” box on the Permalink Settings page.

1. Postname only

Looks like this: http://www.example.com/top-5-recipes-for-chocolate-cake
Tags (put this in the box): /%postname%/

2. Category/Postname

Looks like this: http://www.example.com/desserts/top-5-recipes-for-chocolate-cake
Tags (put this in the box): /%category%/%postname%/

3. Category/Postname/Date

Looks like this: http://www.example.com/desserts/top-5-recipes-for-chocolate-cake/2011/10/20
Tags (put this in the box): /%category%/%postname%/%year%/%monthnum%/%day%/

You can obviously switch any of these tags up in any order. Just remember to put /% before the tag and %/ after the tag (but DON’T DOUBLE the slashes //).

Settings >> Permalinks >> (choose permalink structure or create your own) >> Click Save Changes

The Advantages of Checklists

Checklists are great. They keep you on track and keep you from wasting time trying to remember everything.

This checklist may not be suited exactly to your tastes, but it should at least provide a starting point for you. I’d encourage you to go through it the next time you set up WordPress and edit it to your liking. Every install you do thereafter should go at least twice as smooth.



(Thanks to alancleaver_2000 for the image.)

27 Responses


    Hey Joe!

    Great article.

    Please forgive me for being a little forward here – because this is most definitely a wonderful article, and well detailed. I just can’t help but to state that all of that isn’t of any value if the site gets hacked, and there is no backup created.

    There are some simple hardening tasks that need to be done, and that should include creating a backup. I know it’s hard to recommend plugins, because they all don’t necessarily play nicely with one another – but please, there really are more steps here, and they are critical ones.

    16. Secure your site (harden it against attack).
    17. Back it up.

    For this, you could simply suggest some (free) plugins that work well in the multi-user framework. I would really appreciate that.

    Thanks again.
    David R. Thayer

    Carma Leichty

    Great list. I’ve always meant to put a list like this together but haven’t done it yet. Thanks! My only variation would be the plug-ins. I use what you list, plus a couple of others for forms and backup options (which was referred to above). I’ll bookmark this! Thanks!


    Hey Joe –

    Thanks for your response. I appreciate that very much.

    I decided to share with you (and your readers) exactly what I do with a basic WP installation to secure it and back it up using free plugins. Is that okay?

    Here is what I do for security hardening. This is somewhat of a “soft” approach, but I haven’t had any sites hacked (yet) since I started implementing these steps about a year ago – and it’s all “free” plugins. The problem is, I have not tried this approach on a multi-user site, so I don’t know what issues could arise yet. This is where I was hoping to gain from your testimony.

    1. First – when it comes to hacking, I want to know I’ve been hacked. I have too many websites to bother with checking all of them daily myself. This plugin warns me about anything suspicious. For this I use exploit scanner. http://wordpress.org/extend/plugins/exploit-scanner/

    2. Next – I want “pro-active” firewall protection. This next plugin is intuitive. It investigates web requests. Once identified, it stops those obvious attacks. Next it intelligently whitelists and blacklists pathological-looking phrases, based on which field they appear within, and mitigates them for you. This plugin is WordPress Firewall 2; http://wordpress.org/extend/plugins/wordpress-firewall-2/

    3. Next – I want to make it a little more difficult to find and hack vulnerable files and folders. Also, I want to be sure that my database is well protected from injection hacking. Now, this next plugin requires you to push a few buttons, but it is still very simple to use. For this I use Bulletproof security; http://wordpress.org/extend/plugins/bulletproof-security/

    4. Next as an extra measure of commenting attack. I add anti-spam methods to WordPress forms for comments, registration, lost password, login, or all. This prevents spam from automated bots. I use SI Captcha for this; http://wordpress.org/extend/plugins/si-captcha-for-wordpress/

    5. Last – I add an additional web-based backup generator plugin – even though I have already backed up with “Bulletproof Security”. This gives me some real piece of mind. Also two new folders have to be created manually to store the backups, so not everyone is going to want to do this. This plugin is a full backup and restore plugin for WordPress, it will backup and restore both files and database, and if necessary, I can share these backups with my clients. This is the XCloner plugin; http://wordpress.org/extend/plugins/xcloner-backup-and-restore/

    Joe, most of your readers are likely to be developers. This process takes time to do properly, time that has to be accounted for, but I install these plugins on every WordPress site that I sell or rent, and the extra mile that I walk to do this has VERY SELLABLE BENEFITS for the client.

    So my question is, regarding multi-user installations, should this all work nicely together?

    David R. Thayer


    @David Wow. Thanks for all the good tips.

    I forgot the securing part of your first comment. I also use Exploit Scanner. I’ve also recently started trying out a plugin called Antivirus: http://wordpress.org/extend/plugins/antivirus/ .

    As for whether these things work with a multi-user site or not, I would think they would. I ran a WPMU site before when it was a separate piece of software, and at that time I found a lot of regular plugins worked fine, but a lot of them didn’t. It was something you really had to pay attention to. I have a site now (albeit with less real-world testing done on it) with the new incorporated version of WPMU (“Multisite”). I find that normal plugins are integrated more seamlessly, and I haven’t had any issues with plugins as I did with WPMU. The new Multisite version seems to be able to natively treat plugins in a more flexible way (i.e. either activating them for all sites or only for individual sites). At least that’s been my experience.

    Fiona Collins

    Thanks for such a great check list. I to have from time to time been in too much of a hurry to get my first post up and left things incomplete. I have often though I should put together a check list like this one, but thanks to you you have just saved me a lot of time. I also would like to thank you for the info regarding security, I have a bit of work to do in this area, I will be very busy sorting this out.



    I respectfully but strongly disagree with the always forcing WWW

    First off, both will work, just whichever one you have set will be the one that gets the other redirected to it. So if I set as non-www and a user puts in www or links to a page with www, it won’t matter – WordPress will automatically and seamlessly redirect them to the set one. This doesn’t affect SEO as this is a 301 redirect that WP performs internally.

    There are many advantages to moving from www and using non-www.
    Shorter links – helpful in social media sharing like Twitter.
    The link will appear shorter in Google search results and may show more keywords in the URL string.
    If you have other subdomains like blog. training. etc then this is less confusing.
    It is a shorter link for business cards.
    It isn’t needed, so why have it? The user will get to it even if they type www.
    WWW is anachronistic and as the web dev community is begining to lose it so to are many people accepting it.

    Just my .02 :)

    Aslam Shah

    Wow.. thanks all for such a wonderful article..

    Plus thank David for the additonal Security Stuff.. i really needed this..



    I see what you’re saying; however, a 301 redirect doesn’t float ALL the juice to the new link. It may float “most” of it, as Matt Cutts says, but even then, how much is “most”? I have seen some people say they have done their own testing and found it to be about 70% (if memory serves me — maybe even a little less than that). If it’s up to 95% percent, then I maybe wouldn’t worry about it so much. If it’s at 70%, however, then I’d want to make sure I got that extra 30%. … The problem (as always) is that we don’t know exactly what Google’s magic formula is, and so we’re left guessing.


    Thank you for the report. I’d like to see a printer
    friendly page just I could print it out and have it
    handy to follow.


      Truly. Only one page of the actual article prints in Firefox. The other pages are navigation, comments, and ads. Even better would be to provide a PDF of the checklist.


        @Jack & Margie

        The print-out version is on its way. We’ve been working on it this week.

        Thanks to Jack for the idea.


    Hi Joe,
    great post to use as a check list after installing WordPress.

    If I may add something, among the other tasks to do, bloggers should also create an XML sitemap, to notify search engines about the structure of their websites (and for future updates).

    Thanks for sharing!

Comments are closed.