WordPress is one of the world's most popular content management systems (CMS), powering over 43% of all websites on the internet. Due to its flexibility, WordPress is suitable for creating blogs, small business sites, online stores, and even complex corporate portals. However, WordPress installed by default is not ready for full operation. Skipping basic settings can lead to security vulnerabilities, poor functionality, and difficulties in site management.
This guide is your checklist of mandatory actions for initial WordPress setup. By following these steps, you'll get a secure, easy-to-manage, and properly search-engine-indexed site.
Prerequisites:
- Installed WordPress.
- Access to the admin panel at yoursite.ru/wp-admin
Preparation
Before starting setup, ensure you have everything needed:
- Login credentials: Ensure you have the admin username and password to access the WordPress admin panel.
- Hosting: Know where your hosting control panel is located (e.g., cPanel, ISPmanager) to manage files and databases.
- Backup: Critically important to make a full site backup (files + database) before making changes. Do this via your hosting panel or plugins like UpdraftPlus or Duplicator. The backup protects you from data loss in case of errors.
Basic Site Settings (Settings → General)
Go to Settings → General in the WordPress admin panel to configure basic site parameters.
| Setting | Description | Recommendation |
|---|---|---|
| Site Title | Your project or business name displayed in browser title and search engines. | Specify a clear and memorable name, important for SEO. |
| Tagline | Slogan or brief description of the site's essence. | Briefly describe what your site is about (e.g., "Your Travel Guide"). |
| WordPress Address (URL) | URL where WordPress is installed. | Usually leave as-is (e.g., https://yoursite.ru). Change with caution! |
| Site Address (URL) | URL users will access the site from. | Usually matches the WordPress address. |
| Administrator Email Address | Email for receiving notifications. | Use a working and monitored email for critical notifications. |
| Membership | Whether to allow user registration. | Uncheck "Anyone can register" if registration isn't needed. |
| New User Default Role | Default role for new users. | Set to "Subscriber" for minimal privileges. |
| Timezone | Your local timezone. | Select e.g., Moscow (+3:00). |
| Date Format / Time Format | Display format for date and time. | Choose a convenient option. |
| Site Language | Interface and content language. | Set to "Russian" or your required language. |
After making changes, click Save Changes.
Configuring Permalinks
Human-Readable URLs (Slugs) are link structures that make them understandable for users and search engines. For example, https://yoursite.ru/post-title/ is better than https://yoursite.ru/?p=123.
- Recommendation: Choose the "Post name" format (/post-name/). This is the most SEO-friendly and user-friendly option.
- Alternatives: Other formats like "Day and name" or "Month and name" include dates, which may be undesirable for evergreen content.
- Importance: Configure slugs immediately after installing WordPress. Changing the structure later may break existing links.
Click Save Changes after selecting the format.
Discussion Settings (Comments) (Settings → Discussion)
Configure comment parameters to manage user interaction.
| Setting | Description | Recommendation |
|---|---|---|
| Allow comments | Enable comments for new posts. | Enable if you want to allow comments; disable if unnecessary. |
| Comment author name and email | Require name and email. | Check to protect against spam. |
| Users must be registered | Require login to comment. | Uncheck if you want open comments. |
| Automatically close comments | Close comments for old posts. | Set at your discretion (e.g., after 30 days). |
| Manual moderation | Comments must be manually approved. | Enable to combat spam, especially at launch. |
| Previously approved comments | Require a previously approved comment. | Uncheck to avoid delaying new commenters. |
| Notifications | Notifications about new comments or moderation. | Enable moderation notifications to track new comments. |
| Comment nesting level | Depth of comment replies. | Set 3–5 levels. |
| Comment pagination | Splitting comments into pages. | Optional for active blogs. |
| Comment order | Display order of comments. | Choose "Newest first" or "Oldest first". |
Click Save Changes.
Privacy Settings (Settings → Privacy)
A privacy policy page is mandatory in many countries (e.g., under GDPR).
- Options:
- Select an existing page if already created.
- Create a new page using WordPress’s template. Mandatorily edit the template, replacing placeholders with your site's actual data.
- Importance: Don’t ignore legal requirements. Consult a lawyer if necessary.
Reading Settings (Settings → Reading)
Configure how the homepage and posts are displayed.
| Setting | Description | Recommendation |
|---|---|---|
| Homepage | What displays on the homepage. | "Your latest posts" for blogs; "A static page" for business sites (select "Home" and "Posts" pages). |
| Posts per page | Number of posts to show per page. | Set 5–10 posts. |
| Syndication feeds | Number of posts in RSS feed. | Similarly, 5–10 posts. |
| Search engine visibility | Allow site indexing. | Uncheck "Discourage search engines from indexing this site" after the site is ready to launch. |
Click Save Changes.
Security - Priority Measures
Security is a key aspect of site operation. Perform these steps:
- Change admin password: Go to Users → Your Profile and set a complex, unique password (don’t use "admin" or "12345").
- Change admin username: The "admin" username is a target for attacks. Create a new user with "Administrator" role and a unique username. Log in as the new user, delete the old "admin" user, assigning its content to the new user.
- Updates: Go to Dashboard → Updates and update WordPress, themes, and plugins to the latest versions (e.g., WordPress 6.8 as of 2025).
- Remove unused themes and plugins:
- Keep one active theme (e.g., Twenty Twenty-Five). Delete the rest.
- Delete unnecessary plugins like "Hello Dolly".
- Install a security plugin (recommended): Install a plugin like Wordfence, Solid Security (formerly iThemes Security), or Sucuri Security. Configure firewall, malware scanning, login attempt limiting, and two-factor authentication (2FA).
Users and Roles (Users)
Understanding user roles is crucial for access management:
| Role | Permissions |
|---|---|
| Administrator | Full control over the site. |
| Editor | Manages content but no access to settings. |
| Author | Publishes and edits their own posts. |
| Contributor | Creates posts without publishing rights. |
| Subscriber | Manages profile only. |
- Your Profile: Check name, surname, username (see security above). Configure admin color scheme and enable/disable visual editor.
- Adding Users: Add new users only when necessary and assign roles carefully.
Appearance
- Selecting and installing a theme:
- Browse free themes in the WordPress directory.
- Selection criteria: responsiveness, speed, support, rating, relevance.
- Install and activate a theme, e.g., Twenty Twenty-Five.
- Theme customization:
- Use Customize to configure logo, colors, menus, and widgets.
- Menus:
- Go to Appearance → Menus, create a new menu (e.g., "Primary Menu").
- Add pages, posts, or custom links.
- Assign the menu to a location (e.g., "Primary Menu").
- Widgets:
- Go to Appearance → Widgets to add content blocks (e.g., "Search", "Recent Posts").
- Drag widgets to desired areas (sidebar, footer).
Creating Core Content
- Posts vs. Pages:
- Posts: For blogs, news, updates (chronological order, categories/tags).
- Pages: For static content (About, Contact, Home).
- Creating essential pages:
- Home (if using a static page).
- About Us / About Company.
- Contacts (with a form or information).
- Privacy Policy.
- Blog (if using static pages).
- Create a test post: Try creating your first blog post.
- Categories and tags: Use them to organize content.
Next Steps
- Testing: Check the site on different devices (PC, smartphone, tablet). Ensure all links and buttons work.
- Plugins: Gradually add necessary plugins (e.g., for contact forms, SEO, backups). Don’t overload the site!
- Optimization: Consider loading speed (caching, image optimization).
- SEO: Start with basic content optimization (headings, meta descriptions). Consider installing a plugin like Yoast SEO or Rank Math.
- Regular maintenance: Update WordPress, themes, and plugins; perform backups; monitor security.
You've completed key stages of basic WordPress setup, creating a solid foundation for your site. Regular updates and backups will help maintain its security and performance. Your site is now ready for content creation and further development!
