I’ve recently switched from Grav CMS to WordPress on one of my sites, Python Land. I jotted down some lessons learned and some advanced tips while setting up this WordPress site that I’d like to share with anyone interested.
I’m not new to WordPress, and I’m certainly not new to running websites. I’ve been doing it for 25 years. My first sites used tables to structure the pages, CSS wasn’t invented yet, and SEO didn’t exist either. Yeah… I guess I’m that old (and wise, hopefully).
Anyways... without further ado, here we go!
1. Pick a good WordPress theme
Picking the right theme is hard; don’t underestimate it. There are many good-looking themes, but it’s hard to judge a book by its cover. There are many crappy themes that may look nice on the surface but are horribly coded and inflexible. They are built to sell, not to keep working flawlessly in the long run.
Even though the appearance is a crucial part of a WordPress theme, it’s not the most crucial. Here are more important factors to consider:
- Not all themes are as flexible or customizable as you might hope. That’s not always a problem; you can create a child theme and add your own customizations, that is, if you’re a developer. But some themes allow you to create hooks and such right from the WordPress dashboard, so you won’t need to create a child theme at all.
- If you want to use specific plugins, make sure the theme you pick works nicely with that plugin. This is especially important if you plan on using big plugins that add new types of pages, like bbPress, LearnPress, or LearnDash.
- A theme these days must have excellent mobile support: it must be more than responsive. In some niches, more than half the visitors use their phones to access your site. It should offer you ways to specifically customize the theme for different screen sizes.
- Who’s developing it? Is it one of 100 mostly similar themes they’re selling, or are they focussing on one or a couple of themes and doing those really well?
The theme I settled on
I struggled through a couple of themes while setting up my WordPress site. My first advice is not to let it hold you back. It’s better just to get started, build up experience, and find out what’s missing in the theme you picked. Accept that you’ll have to change the layout one or two times. This way, you won’t get stuck on one of the first things you need to do.
Now you must be curious about which theme I settled on. It’s GeneratePress, a free theme that has a premium version too. After initial explorations, I paid for the premium version because I wanted to use the ‘Elements’ feature, allowing me to create some PHP based hooks to customize the layout.
Here are some of the advantages of this theme:
- It’s highly customizable.
- It’s super fast and lightweight, which is good for your visitors and search engine ranking.
- The developer has been working on it for a long time and seems to be very helpful regarding questions on their forum.
- Free of abstractions and bells and whistles, which works nicely for a site that focuses on information and learning.
I’m not saying this is perfect for everyone, but you might want to give it a spin.
2. Get your SEO basics right
There are some decisions you can’t postpone when it comes to SEO. I’m not an expert, so by all means, do your own research. But there are some simple things to get started, though. I’m pretty sure that what follows is good advice. Correct me if I’m wrong.
First of all, install the Yoast SEO plugin. It’s by far the best and most installed SEO plugin, and it will help you out with useful tips and warnings about your site’s configuration and your posts.
Next, pick a permalink structure that’s SEO friendly. I settled for a custom structure:
I don’t include anything but the post name in the URL. The advantages:
- You’re very flexible: you can move a post to another category without changing the URL
- Your keywords are as close to the root domain as possible, which presumably is a good thing.
I purely picked this structure for the first reason, though, because I know from experience that I like to move stuff around, rename categories, etcetera. You don’t want to change the URL of posts afterward, hurting your search engine rankings.
3. Disable XML RPC
Only days after getting up and running, I woke up to a very slow website. I was getting hammered with requests to
xmlrpc.php, here's a small fragment from my server logs:
XX.XXX.XX.80 - - [19/Dec/2020:09:52:26 +0100] "POST //xmlrpc.php HTTP/1.1" 200 4122 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
After doing some research, it turns out this script is from the old days before WordPress had a REST API. You can safely disable it unless you know it’s needed for something. Remember, you can always re-enable it, too, if ever needed.
You can disable access to the file
xmlrpc.php with a plugin, which is ideal if you're not that technical. But I like to tame the ever-growing number of plugins, so I decided to block it by adding a simple
Order Allow,Deny Deny from all
It’s all you need, and it saves us one less nagging plugin, bragging about its terrific premium features while potentially adding some extra security vulnerabilities to our sites.
4. Include a security plugin in your WordPress setup
The issue above reminded me of one of the most essential plugins every WordPress site needs: a security plugin that offers a WAF (Web Application Firewall) and malware scanning. I didn’t do too much research here since there’s one plugin with 4 million installs, of which I know it works well: WordFence security.
Again: by all means, do your own research. But if your time is limited, I guarantee you this one is excellent. Some of the features that make it so great:
- It has an auto-learning mode: it learns about the usage patterns of you and your visitors. After one week, the firewall will activate itself.
- Directly after installing, it protects you against brute-force attacks on your login forms and, I presume, on any REST APIs and that horrible XML RPC script we’ve seen before.
- It has a rate limiter that prevents excessive amounts of requests to your site.
If you take a look at the server logs for any WordPress site, you’ll want to install such a plugin. Hackers are constantly trying to log in or abuse known vulnerabilities, with countless calls to
5. Setting up WordPress using pages or posts?
The main focus of this particular site is the Python 3 guide. I created the guide using pages because:
- pages have a more permanent, timeless character
- pages have a hierarchy, allowing for sub-pages
However, menus allow you to (manually) create such a hierarchy too. So, would I be better off using posts instead? I’m still not sure, to be honest, and I’d love to hear from you if you have advice on this front.
One thing I miss from pages is the ability to add tags. I added a custom hook that adds previous and next links inside the guide. I only want these links to appear in the guide, so it would be ideal for identifying such pages by a tag. It’s probably possible with a plugin, but it’s still on my TODO list.
6. Install Google SiteKit
There are three important issues that Google can help you with, for free:
- Analyzing your site’s traffic with Google Analytics
- Get insight into your site’s performance and speed with PageSpeed Insights
- Monitoring how well you are doing in Google’s search engine with Search Console
Google’s SiteKit is a one-stop solution to all three, and it’s officially created and supported by Google. It helps you:
- integrate Google Search Console,
- measure your site speed, right from the WordPress dashboard.
It even helps you set up and configure accounts, so you don’t have to do it manually. If you are using AdSense: it’s supported as well.
7. Implement caching and other optimizations
- Install a caching plugin. I settled for WP-Optimize. First and foremost, enable the cache. Then enable HTML, JS, and CSS modification. Check your site thoroughly because the minification can break some plugins and themes.
- Enable Cache-Control headers for static files. WP-Optimize can do this for you by altering your
.htaccessfile. Make sure that you have
mod_headersenabled on your server. Apparently, I hadn't. I found out because PageSpeed Insights keeps complaining about this while I enabled the feature.
Now that you have PageSpeed Insights, you will probably notice that your site doesn’t score very well in loading speed. You can probably spend hours optimizing your website, but there are some quick fixes as well. The two things that helped a lot for me:
8. Migrating from another CMS to WordPress
If you’re migrating away from another CMS and can’t import your data to WordPress, some plugins can still help you a lot.
First of all, install a broken link checker. There are multiple, and I picked this one. It not only checks for broken links in your articles but also checks for broken image references. I did introduce a couple of broken links while migrating, and it only lasted for a few hours, thanks to this plugin. This also brings me to a second plugin I profited from a lot.
The automatic upload images plugin will automatically upload images to your media library. It’s very useful when you copy-paste articles from your old site to your new site. When you copy-paste an article, the image src attributes still point to the old location (the CMS you are moving away from). The plugin detects such images, downloads them, and adds them to the media library. Be aware that WordPress does not support SVG files, and this plugin won’t support them either. That’s where the broken links checker came in for me!
There are some important steps to take right after installing WordPress. You should think of security, SEO, and a good theme first and foremost. Just like my site, this article is a work in progress. I’ll keep adding relevant tips when I stumble upon them.
Originally published at https://python.land on December 19, 2020.