What that figure probably doesn’t tell you is how many are set to the default settings and how, with a few minor changes, you can improve your search engine ranking, website security and fundamental usability faux-pas.
I’ve purposely avoided any additional plugins to keep this simple. These are some simple changes to WordPress “out the box” that I go through every time.
Tip #1: Remove “Powered by WordPress”
Automattic (the team behind WordPress) are reeling in the endless link-backs from all those websites. Link-backs are a legacy mechanism to improve search engine ranking. This rule comes with a number of caveats now but still stay true in the fundamentals of SEO. Automattic don’t need this link juice and it’s only opening up security implications to potential hackers who want to break in to your site.
Pop in to your theme folder (in Appearance > Editor), open the footer.php file and remove the link:
<a href="http://wordpress.org/" rel="generator"><?php printf( __( 'Proudly powered by %s' ), 'WordPress' ); ?></a>
Tip #2: Remove the WordPress version meta tag
Similar to the 1st tip, this is only there to provide Automattic some useful statistics when they scan your site from the link-back. It also tells any hackers how to get around the (relatively poor) security layers in your version of WordPress.
Back in your theme folder, open the function.php file and add the following line:
Tip #3: Disable comments globally
Originally a brilliant way to engage with your visitors, these pests are now synonymous with ruthless spammers/spambots trying to improve their website with pointless link-backs (most links in comments append the
rel="nofollow" attribute which essentially tells Google to ignore it). Comments rarely add any value to your content anymore with the rise of social media and more elegant solutions for engagement.
Head to Settings > Discussion and uncheck “”.
(You might also want to install the Disable Comments plugin which disables comments on all existing posts and pages too.)
Tip #4: Remove the Meta widget
The idea behind this widget is wonderful – it demonstrates some fundamental features baked into WordPress for accessing open data such as RSS feeds and sitemaps. Take note of those generated URLs for the future. However, it also offers the public a nice easy way to access your website CMS, as well as confirming the login URL to any would-be hackers.
Head over to your theme’s Appearance > Widgets and remove the widget from your sidebar.
Tip #5: Disable registration
By default, anybody can sign up to your website (as part of the originally enabled comments system). By doing so, anyone can access your administration albeit with limited functionality. Don’t leave it to chance though – there are some naughty folk out there, preying on the naive.
In your Settings > General, uncheck “Anyone can register”.
Tip #6: Customise your permalinks
Up until recently, the default setting for WordPress permalinks (or URLs to the rest of us) was to use querystring parameters such as ?p=123 and ?cat=12. Similarly to our early tips, this is a dead giveaway to any potential hackers of what is powering your website. If your hosting provider allows, you should change your URL structure to something more organised, user-friendly and prone to hacking.
Under Settings > Permalinks, choose one of the options that uses the name of your post – I prefer Post Name or a custom “/%category%/%postname%/”.