Thursday , November 23 2017

10 Things Every WordPress User Should Know Before Installing WordPress


WordPress is the first choice of every blogger out there and there are two main reasons for that:

  • It has an easy to use interface and anyone without any knowledge of programming can also use it.
  • It has an architecture that makes it easy for just about anyone to customize.

I started using WordPress 5 years back when I  needed an effective CMS to manage my articles on my website and the software has only gotten better since, Now any software, no matter how user-friendly, has its own ways of doing things and, yes, its own little quirks. In this article, I am going share 10 tips that you should definitely know before installing WordPress.

1. If you click on the Remember Me box during login, you can stay logged in to WordPress for 14 days

custom wordpress login page

By default, WordPress creates a secure cookie that keeps you logged in for two days. As long as you don’t close your browser or log out of WordPress, you can return within 48 hours and still be logged in. If you’re using WordPress constantly and don’t want to keep logging in every couple of days, check the Remember Me box when logging in, and you won’t have to log in for 14 days.

If your session expires while you’re working in WordPress, you get a popup login window that keeps you on the screen you were working in.


Anyone who uses your device while the WordPress cookie is active will be able to access your website. If this is a concern, remember to log out of WordPress or close your browser.
There are Plugins which enable you to change the length of time the Remember Me box keeps you logged in. Some will also automatically keep the Remember Me box checked.

2. Choose any username when setting up WordPress but don’t use “admin” because it’s too obvious.


When you’re installing WordPress on your hosting account, the default username in the settings box is “admin.” However, you can choose whatever username you want, and that’s exactly what you should do. For many years WordPress did not offer the choice and the first administrator account always had the username “admin.” Hackers know this, and they know that lots of new users are not exercising their choice and continue to use “admin” – so they try that username first. And they have a lot of success.

While it’s crucial to have a complex password, it’s also good not to have too simple a username. One strategy is to use a letter-number combination, such as cahrles123 or ron000 or even avoid using your name at all.
WordPress usernames must be unique, so if there are a lot of users on the system, your username may get rejected because someone else is already using it.

3. Remember and WordPress on your own hosting account are different.


Some people try to log on to their self-hosted WordPress site by going to When their username and password don’t work, they think something’s wrong. What they’re forgetting is that self-hosted WordPress sites (you have your own hosting account where you installed WordPress) have nothing to do with (a blogging platform that’s hosted for you).
If you’re trying to log in and it’s not working, before clicking Lost Password, double-check your address bar and make sure you’re on your own domain, not at The home page of also looks completely different from the login screen of a self-hosted site, so you can tell that way.

I have heard of people trying to log in to their own site by going to, which is where you get Plugins,
Themes, and, of course, your copy of WordPress. But like the .com site, the .org site has nothing to do with your login either.

4. Keep your email address up to date.

Profile ‹ ThisPress — WordPress

Keeping your User email address up to date is important because if you ever forget your password WordPress’s lost password function emails a special link to your User address. If that address is no longer functioning and there’s no other user with the power to get into your account and change the email address, then you’ll need to go directly into the database in order to change the password.

You update your email address in your User Profile, which is accessible from the top right of any admin screen or from the Users section of the side menu.

If you’re the owner/administrator of the site, it’s also important to keep the General Settings email address up to date. If that’s not working, you won’t get notifications about comments, new user signups, and so on.

Keep in mind that User emails must be unique within the WordPress system. In other words, you cannot create two users with the same email address.

5. Never make changes to the core files of WordPress itself, or of your Themes or Plugins.

Manage Themes ‹ ThisPress — WordPress

Even if you know what you’re doing and you don’t damage the coding, any changes you make to WordPress itself, your Theme, or your Plugins will be lost the next time you do an update.

For the vast majority of WordPress users, the simple answer is: NEVER touch these files.

WordPress does have editor screens for Theme and Plugin files, but most people should NEVER use these.

The one exception is when a Theme or Plugin has a custom.css file that’s meant for you to change, but again you need to know what you’re doing.

In the case of Themes that do not have a way to add custom CSS, create a Child Theme and make your changes there.

6. Keep WordPress, Themes, and Plugins up to date.



WordPress, as well as Themes and Plugins, gets updated regularly to add new features, fix problems, and ensure security. Make sure all of these are up to date.

  • You’ll be alerted to updates in a variety of ways:
  • Messages at the top of your admin screens
  • On the Dashboard -> Updates screen
  • Messages at the bottom of your admin screens
  • Numbered symbols on the admin menu
  • Messages on the Themes and Plugins screens

Of course, these notifications depend on being logged on to WordPress. If you’re not regularly logging in (at least once a month), here are a couple of options:
Join the WordPress Announcements email notification list by signing up for the Forum at (you’ll want to be a forum member anyway, for sharing information about WordPress and Plugins).
Install a Plugin that sends you notifications. The advantage of this method is that these Plugins usually include notifications about Theme and Plugin updates as well.

Whenever you update WordPress or Themes or Plugins, always do a full backup – database and files – immediately beforehand. Even if you have a regular backup schedule, do a special backup right before updating. That will save you the trouble of making up for anything you changed between then and your last scheduled backup.
Some Themes and Plugins do not use the default method of updating, so their notifications do not appear under Dashboard – > Updates or as circled numbers on the admin menu. Typically they will produce their own notification messages, but these may only be on their own admin screen.

7. You can make individual pages Private or Password Protected but cant hide your entire WordPress site from the public. 

Reading Settings ‹ ThisPress — WordPress

For many years, WordPress had a Privacy section under Settings and many people mistakenly believed this would hide the entire site from search engines and from the public. The setting still exists under Settings -> Reading but is now more correctly described as Search Engine Visibility and simply states that it will Discourage search engines from indexing this site. In other words, there is no guarantee that search engines will obey the rules.

There never was a general setting to hide self-hosted WordPress sites from the public. Even if Search Engine Visibility is turned off, anyone who knows the address will be able to access the site. To protect all or some of your content from just anyone, you’ll need to use the Password Protected or Private setting under Visibility on particular Posts or Pages or use a Plugin that makes content visible only to registered users.

If you check the Search Engine Visibility box and discourage search engines from indexing your site, you’re also telling WordPress not to notify any update services when you have new content on your site.

8. When you’re first building your WordPress site and before you start blogging, turn off Comments.

Discussion Settings ‹ ThisPress — WordPress


When you start building a website, you’re probably creating web pages like About Us or Plumbing Services – pages where you don’t typically want people commenting. By default, WordPress activates Comments on all Posts and Pages, so as you create Pages, they’ll have Comments activated.

Instead of remembering to uncomment them before making your site live, it’s easiest to turn off Comments before starting the creation of your site. Then, when you’re ready to begin entering materials for which you do want Comments – such as blog Posts – then you can turn on auto comments at that point.

Automatically adding the Comment function to Posts and Pages is controlled from the Settings -> Discussion screen. The box Allow comments etc is checked by default. Uncheck it before creating your Pages. Then check it again when you’re finished your Pages so that as you add blog Posts, they’ll have Comments on them.

When you add Pages after you’ve begun blogging, remember to turn off comments on those Pages.

9. You should backup your WordPress database and all your files as often as you change your content.


It’s good to have a backup schedule for WordPress (database and files) and a good rule of thumb is to base it on your activity level: if you add content about every two weeks, then set up a biweekly schedule. If you’re adding new content daily, then every couple of days or even every day is the right schedule.
Most backup Plugins allow you to set up an automated schedule. That takes a load off your mind but do remember to update the Plugin if your content creation habits change.
Manual backups only make sense if you’re updating content about once a month because any more often and the work of a manual backup is going to be too much. Even then, you need to remember to do the backup when you add the new content – and how many of us will actually remember?
Go schedule your backups!

It’s always best to have two copies of your backups – in two different locations. For example, save one on an external hard drive at home and one in the cloud.

10. You can always access your WordPress login by adding “/wp-admin” to the end of your domain name.

Desctop screenshot

Even if there’s no Login link on your site or you’re on a device that doesn’t have the bookmark for the login page of your site, you can always log in from here:

This URL won’t work, however, if you have a security Plugin that deliberately hides it. In that case, you’ll need to find out what the alternative address is.
Some people recommend having your WordPress admin pages run through your browser in secure mode (SSL). If you implement this, through a Plugin for example, then, of course, the URL would be:

I hope you enjoyed reading the article if you have any questions regarding the article feel free to drop your comment below.

One comment

  1. Thanks for the help…. it helps a lot.

Leave a Reply

Your email address will not be published. Required fields are marked *