After a WordPress installation, the system's default state is configured for testing convenience, not for serious operation โ the URL structure is unfriendly to SEO, the timezone is likely wrong, comments are wide open, and search engine indexing may still be turned off. If you start publishing content without addressing these settings and come back to fix them after traffic has built up, the cost is much higher (particularly with permalinks โ changing them after the fact means handling a large volume of 404 errors). Half a day spent getting the following configurations right is a worthwhile investment for any new site.
Do This First: Permalinks โ Don't Put It Off
Go to Settings โ Permalinks and change the structure to Post Name.
The default /?p=123 format has no SEO value and isn't convenient for sharing. Switching to post name produces URLs in the format yourdomain.com/article-title/, which is more legible for both search engines and users.
Why this comes first: Permalinks form the foundation of your entire site's URL structure. Once content has been indexed by search engines, changing them invalidates all existing links โ you'd need to set up 301 redirects for every old URL to recover the equity. Fixing this before the site has any indexed content is the lowest-friction approach. After making the change, remember to click Save โ WordPress automatically refreshes the .htaccess rules when you do.
General Settings: Title, Timezone, Language, and Site Address
Go to Settings โ General and work through the following:
Site Title and Tagline: Put your brand name in the Site Title field, and write a short, clear description of the site's positioning in the Tagline. These two fields show up in browser tab titles and search results, and before any SEO plugin is installed, they're the default source for your Meta Title. Don't leave them blank, and don't leave in placeholder text like "Just another WordPress site."
Timezone: Select the timezone that matches your business operations. Getting this wrong means scheduled posts publish at the wrong time and WooCommerce order timestamps become unreliable โ both annoying to troubleshoot later.
WordPress Address and Site Address: If your SSL certificate is already installed, both of these fields should start with https://, not http://. If the site is already forcing an HTTPS redirect while these fields still show HTTP, you'll get Mixed Content errors that affect page loading and SEO. If you installed WordPress through a hosting control panel and selected HTTPS during setup, this should already be correct โ but it's worth confirming.
Language: If your site is targeting overseas users, keeping the admin interface in English makes it easier to follow WordPress's official documentation and plugin instructions.
Delete the Default Content and Start Clean
WordPress installs with a "Hello World" post, a "Sample Page," and a sample comment. None of these serve any purpose for a real site โ delete all of them.
Also review the pre-installed themes and plugins: WordPress ships with two or three official themes (Twenty Twenty-Three, etc.) that you're not using. Deactivate and delete them โ deactivating isn't enough, because inactive theme files still sit on the server and can be exploited if they contain vulnerabilities. The pre-installed Akismet plugin (anti-spam, requires an API key to function) and Hello Dolly (serves no practical purpose) can also be deleted unless you're specifically planning to use Akismet.
Comment Settings: Configure Based on Your Needs, or Disable Entirely
Go to Settings โ Discussion.
If your site is a corporate website or product showcase, comments offer no value โ uncheck "Allow people to submit comments on new posts," then go through existing pages and disable comments on each one individually (or use bulk editing). Turning it off globally only affects new content; already-published pages need to be handled separately.
If you're keeping comments active (for a blog, for instance), at minimum enable: requiring manual approval before comments appear, and requiring commenters to provide a name and email. These two settings filter out the majority of spam without any additional plugin needed.
Favicon
Go to Appearance โ Customize โ Site Identity and upload your site logo and favicon. A 512ร512 pixel square image is the recommended favicon size โ WordPress automatically generates size variants for browser tabs, bookmarks, and mobile home screen icons. This step is quick but frequently skipped. A site without a favicon displays the browser's default icon in the tab, which reads as visually unfinished.
SEO Plugin: Pick One and Install It Early
Get the SEO plugin installed before publishing any real content โ the sitemap needs to exist from the moment you start publishing so search engines can discover and index your pages as quickly as possible.
Rank Math and Yoast SEO are the two most widely used options, each with different strengths. Install one โ don't install both, as their features overlap and they'll interfere with each other. After installation, complete the basics: fill in your site information through the plugin's setup wizard, verify the sitemap is generating correctly (visit yourdomain.com/sitemap.xml to check), and submit the sitemap URL in Google Search Console.
There's also an easy-to-miss setting in WordPress core: go to Settings โ Reading and make sure "Discourage search engines from indexing this site" is unchecked. This option sometimes gets enabled during local development or testing โ leaving it on after launch means search engines won't index your content, and it's not always obvious why.
Caching Plugin: Match It to Your Server Environment
Caching has a direct effect on site speed, but the right plugin depends on your server environment.
LiteSpeed Cache performs best on LiteSpeed servers (LiteSpeed Enterprise or OpenLiteSpeed). If your server runs Apache or Nginx โ which is the default for most Cloudways setups โ LiteSpeed Cache doesn't deliver much benefit. WP Rocket (paid, consistently reliable) or W3 Total Cache (free) are better fits in that environment. If you're not sure which web server you're on, check your hosting control panel or the Server Details section in Cloudways.
Whichever plugin you install, run a test through Google PageSpeed Insights or GTmetrix afterward to confirm the caching is actually working โ sometimes a plugin is installed but misconfigured, which means it's doing nothing.
HTTPS and Security: Just the Priority Order Here
Full configuration steps for HTTPS, Cloudflare, Wordfence, strong passwords, and two-factor authentication are covered in the WordPress Security Guide โ no need to repeat them here. The short version on priority: confirm the SSL certificate is installed and all site addresses have been updated to HTTPS first โ that's the non-negotiable baseline. Then install one security plugin (Wordfence or Solid Security). Cloudflare can be configured when you have time โ it doesn't have to be done on day one, but sooner is better.
Analytics Tools: Install Before Traffic Arrives
Google Analytics 4 (GA4) and Google Search Console are both essential, and earlier is better โ analytics tools need time to accumulate data. Installing them a month after launch means losing a month of traffic history, and early-stage data is genuinely useful for later optimization decisions.
GA4 can be connected through the Google Site Kit plugin (Google's official plugin, the simplest setup), or managed through Google Tag Manager alongside other tracking codes. Search Console only requires adding your property in the Search Console interface and completing domain verification using an HTML tag from GA4 or your SEO plugin โ no separate plugin needed.
Pre-Launch Page Checklist
Create these pages before publishing any products or content:
About Us and Contact โ these directly affect user trust and factor into how search engines assess site quality. Privacy Policy and Terms of Service are compliance requirements โ if you're integrating PayPal, Stripe, or Google Analytics, these pages are checked during platform review. WooCommerce stores also need a Refund Policy and Shipping Policy page.
WordPress includes a built-in Privacy Policy template generator under Settings โ Privacy โ use it as a starting point and edit the content to reflect your actual business practices.
Cost Reference
| Item | Cost |
|---|---|
| WordPress core | Free |
| Domain name | ~$10โ20/year |
| VPS or managed hosting | ~$8โ20/month (small to mid-size sites) |
| SSL (Let's Encrypt) | Free |
| Cloudflare basic tier | Free |
| Rank Math / Yoast SEO free tier | Free |
| Google Analytics / Search Console | Free |
With these configurations in place, your WordPress site has a clean, compliant, SEO-friendly starting point. These settings won't generate traffic on their own โ but they ensure that the content you publish going forward doesn't lose indexing opportunities or user trust because of avoidable initial setup mistakes.