WordPress security and optimisation tips

WordPress is most popular blogging platform. Because of its ease to work with it as well as excellently easier for geeks to understand the difficult side of web hosting. There are certain things to do after installing WordPress. Because of its popularity, there is greater chance of hacking and for this some precautions needs to be undertaken.

WordPress header file is situated in activated theme folder. It can be accessed through hosting file of cPanel as well as through WordPress administration. It is wiser idea to backup everything to local file before applying any customisation. There is chances of presence of meta tags that can provide information about version number of WordPress, remove those from header.php files to make it more secure.

Or else you can add the following code snippets to functions.php files. WordPress functions.php file is located at activated theme folder of WordPress. Go to the last line of it and add this code snippet out there and save the file.



remove_action( 'wp_head', 'wp_generator' ) ;

  remove_action( 'wp_head', 'wlwmanifest_link' ) ;

  remove_action( 'wp_head', 'rsd_link' ) ;

Most of times due to presence of HTML in comment form which makes spammers to put spam links in comments. After disabling HTML the hyperlinks also got disabled. Add the following code snippet to functions.php files to disable HTML in WordPress comments.



add_filter( 'pre_comment_content', 'esc_html' );

Most of times due to presence of large number of post revisions we found that the size of database of WordPress get larger as the result of it and this might slows down your site to a considerable extent. It is a good idea to disable post revision in  WordPress. Go to wp-config.php file which should be located at the root of WordPress installation and always backup file before initiating any customisation. Add the following code and then save it and refresh your site.



define( 'WP_POST_REVISIONS', false);


When you type article of post editor, by default settings, it saves automatically the draft of article in every minute or 60 seconds, alternatively it is a good idea to make it 120 seconds or 2 minutes. Go to wp-config.php file and from there, paste the following code and then save it and then refresh your site.



define( 'AUTOSAVE_INTERVAL', 120 );


In this way, now autosave interval of article to draft changes from one minute to 2 minutes. In this way, the pressure on database and system reduces further and this means CPU loads reduces and leads to more precise and faster website rendering.

In WordPress there are multiple instances of rss feed beginning from comment, archive, tag, category, articles. If you want to have main category of rss field and want to have all the other rss feeds to be disabled as most of them presence in the form of tags in header.php file and that could be possibly cause security risks and could slower the website due to presence of such large number of different feeds.

By disabling all of these feeds except the one main feed, the security and optimisation aspects are very well taken care of. Add the following lines to functions.php of WordPress files. Go to last of functions.php file and add the following code and then save it and then refresh your site.



remove_action( 'wp_head', 'feed_links', 2 );

remove_action( 'wp_head', 'feed_links_extra', 3 );

While login to WordPress at some times when password or username provided incorrect, it tends to provide some indication of whether the password is not correct or the username is not correct. These are login warnings but it can be very much helpful for hackers and could provide the real indication of wordpress login. So, it is a better idea to disable WordPress login warnings and indication. Open functions.php file and at the end of it past the following code.



function no_wordpress_errors(){

  return 'GET OFF MY LAWN !! RIGHT NOW !!';


add_filter( 'login_errors', 'no_wordpress_errors' );


Generally, search engines are systems and it tend to index most of links of yours website. You do not want certain files and folders to be indexed by search engines. There is a way to stop search engines from indexing such files and folders. Open WordPress root directory or home directory by accessing cPanel and then file browser and then open robots.txt file.

As usual save it and then edit it in the file editor. Add the following code into it and save it.


User-agent: *

Disallow: /wp-admin/

Disallow: /wp-includes/

Disallow: /wp-content/plugins/

Disallow: /wp-content/themes/

Disallow: /feed/

Disallow: */feed/


It stops search engine bots from indexing out of backend of WordPress. Save the robots.txt file.

It is a good idea to use Google Custom search instead of built in WordPress search. The reason is that by redirecting yours search to another server such as Google now wordpress server remains out of constant search and this provides additional power to server.

From time to time, you could be testing some more themes and after testing these themes stay inside of yours WordPress installation. It is a good idea to delete such unused themes and plugins and only keep the themes which are there by default from the makers of WordPress.

WordPress has inbuilt functions of guessing nearby meaning to URLs and open pages which most not be there and in this process visitor reaches at 404 error pages. It is a better idea to disable this guessing process of wordpress. In this way less generation of 404 error pages occured.

Open functions.php file, then back up it and then edit it and at the end of it paste the below code and then save the functions.php file and refresh your site.

While searching about your sites most of times, there are links which should be similar to your site but longer one and that could be redirecting to your site and you must want these features to be limited, and to remove it altogether so that only name of your site can be searched upon, and the following code makes and improves the online search engine optimisation of yours website to a larger extent and it maintains it by providing correct URL.

Open root directory or home directory of WordPress and from there open, .htaccess file and paste the below code into it and save the file.

<IfModule mod_rewrite.c>

 RewriteEngine On

 RewriteCond %{QUERY_STRING} !=""

 RewriteCond %{QUERY_STRING} !^p=.*

 RewriteCond %{QUERY_STRING} !^s=.*

 RewriteCond %{REQUEST_URI} !^/wp-admin.*

 RewriteRule ^(.*)$ /$1? [R=301,L]


WordPress has both static and dynamic files. Static files are images, javascripts and css customisations and most of times these remains as it is and that is why if these files are cached on visitor’s web browser then, most of these should stay for one month or some time and that makes loading of website faster as these static resources, reload from viewer’s web browser instead of WordPress server. This further reduces the server loading times.


ExpiresActive On

ExpiresByType image/gif "access plus 30 days"

ExpiresByType image/jpeg "access plus 30 days"

ExpiresByType image/png "access plus 30 days"

ExpiresByType text/css "access plus 1 week"

ExpiresByType text/javascript "access plus 1 week"


Paste this in yours .htaccess file and save it and refresh your website on your favourite web browser. In this way, web site loading times becomes faster and load on server reduces and that optimises your website further. It is important to remember that if you are using any third party caching plugin then it is better to not to use these code as these optimises website automatically and if you have no third party plugin then you can easily, paste this code to optimise it.

There are various methods which could help you out with further customisation, optimisation of WordPress so that it could increase page rendering time, security as well as good for search engine optimisations.

*A few days ago. I read a post on digital inspiration Blog which discussed ‘Things You Should Do After Installing WordPress’. I’d never hear of this before, but I was intrigued, so I read on.*

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *