As before, I’ll emphasize a few things:

1. Your WordPress security is only as good as the security on your local computer. If you’re not running good antivirus and anti-malware software or are using an insecure wireless connection, none of this will matter.
2. Likewise, if you’re not keeping your WordPress install updated, none of this will matter.
3. I should have at least mentioned this in my previous security article but didn’t: your WordPress security is also only as good as your web server’s security. Since the audience for these tutorials is beginners, I’m going to assume that you don’t have a lot of control over your host’s security settings. So I’m not going to say anything else about this other than to look for a reputable host with experience hosting WordPress.
4. Make sure you’re using a strong password. See step 2 of my previous tutorial.
5. I’m going to assume you already know how to install WordPress plugins.

NOTE: I’m writing this guide for WordPress 2.92, the current stable release. All of these plugins seem to work with WordPress 3.0, but I haven’t thoroughly tested them.

WP Security Scan

Let’s start by checking for the biggest security holes first, using the plugin WP Security Scan.

After you install you should see a new “Security” section on the left column of your dashboard:

Let’s click “Scanner” and check our file permissions, the most crucial of security settings in WordPress. Chances are everything will be shaded green, and everything’s ok. However, if anything’s not set correctly it will be highlighted in red. Changing file permissions is beyond the scope of this tutorial – contact your web host if you need to change anything.

Next, let’s change our database prefix. This is a “security through obscurity” technique. What we want to do is make your WordPress database harder to exploit by using a database prefix other than the default one – this way any sort of generic, automated attack on the database will likely fail because the hacker will be using the wrong database prefix.

BEFORE ATTEMPTING THIS MAKE SURE YOU BACKUP. I can’t stress this enough. I wrote a tutorial on backing up your WordPress tutorial. Even if you don’t use the plugin I describe there, make sure you’ve got a good backup before proceeding.

If you followed my last security tutorial and changed your database prefix during install, you can skip this step.

Otherwise, click “Database” on the Security section. You’ll see something like this:

If you see something other than “wp_” in the field labeled “Change the current” field, then you can skip the next step.

Change “wp_” to something else. It’s highly recommended that you still keep the _ for database readability in the future, however.

Click “Start Renaming”

If this fails, you’ll either have to change the database prefix manually or not at all. Manual changes of the prefix table are beyond the scope of this tutorial.

Secure WordPress

Next, let’s install Secure WordPress. After you install it click “Secure WP” in the settings column of the left column of the dashboard. Most of the defaults should be fine, except one: if you’re not planning on using Windows Live Writer, check the box next to that option and click “Save Changes.”

WordPress Firewall

The steps above will help prevent attacks by hiding information about your WordPress install from attackers, making sure the correct file permissions are set, and plugging a few potential security holes. Next we’ll install some plugins that actually stop attacks on your blog.

WordPress Firewall is a handy plugin for preventing a variety of attacks. This one is especially important if you weren’t able to change your database prefix. It’s quite simple – just install it. There should be no need to change the default settings. Important: WordPress Firewall has only been tested up to WordPress 2.8. It has not been tested with WordPress 2.92 or WordPress 3.0 beta 2.

Bad queries

Block Bad Queries, like Firewall, prevents hackers from performing certain common dangerous actions on your site. This one you just install and activate – there are no settings to change.

Chap Secure Login

If you’re not using SSL to login (once again, beyond the scope of this tutorial), you can use Chap Secure Login to encrypt your password. This is especially recommended if you use a lot of different computers to access WordPress, or frequently use public wireless Internet connections. Chap is another remarkably simple plugin – just install it and activate it and you’re ready to go. Note: you’ll get a warning the first time you login after installing. According the plugin developers, this is to be expected.

Login Lockdown

Finally, we’ll want to protect against brute force or dictionary attacks. In an out of the box WordPress installation, users can attempt and fail to login an infinite number of times. This means someone could try thousands of password combinations until they got the right one. Login Lockdown will ban users from IP addresses that have tried and failed to login too many times.

Install the plugin and click “Login Lockdown” in the “Settings” section. You should get an options menu that looks like this:

If you have a hard time typing your password correctly, you might want to set the “Max Login Retriess” a little higher.

I also recommend using the “Mask Login Errors” option. Normally, if a user types an incorrect username WordPress will return an invalid user name error. But if the user types a correct username but an incorrect password, WordPress will return an invalid password error. This gives someone trying to crack your password an extra hint as to whether they at least have the right username. If you use the “Mask Login Errors” option, WordPress will return a generic “username or password is incorrect” error instead.

Ask Apache

Many people swear by AskApache Password Protect. However, I have not been able to get it to work with my host. Your mileage may vary. If I understand it correctly, this plugin adds an additional password to the /wp-admin directory. If you allow open registrations and have lot of users logging in, you might not want to use this plugin.

Conclusion

There’s still much more you can do, such as using .htaccess to protect directories, moving core WordPress files, and monitoring for exploits. Those are things we’ll have to cover in the future. If you have need to harden things further now, please see the Hardening WordPress Codex entry. Remember no (usable) site will ever be completely secure, but if you’ve installed the plugins above your chances of getting hacked will be greatly reduced.

This tutorial assumes you already know how to install plugins.

This tutorial should be forward-compatible with WordPress 3.0

1. Install WP-DB-Backup by Austin Matzko

2. Mouse over Tools so that the down arrow appears

3. Click the down arrow

4. Click Backup

5. You’ll see something like this:

On the left are the default database tables included with WordPress. All of these are included every time you backup. The only thing you have to decide here is whether to exclude spam comments from being backed up (I recommend this) and whether to exclude post revisions (I recommend excluding these too, unless you have a specific reason for keeping revisions).

On the right is a list of additional database tables, most of which were probably created by plugins. There’s also a table called that will end with the name “commentmeta” – this can be used by plugins.

If your plugins have created a lot of data that you would like to save, or you’ve spent a lot of time configuring particular plugins, you’ll want to backup these tables. Otherwise, you can keep your database backups smaller by not checking them.

7. Next we see the Backup Option. There are three choices here:

A. Save to the server

This will save a backup of your database as a file on your web server. I don’t recommend this.

B. Download to your computer.

This will create a database backup file that you can save to your local computer.

C. Email backup to:

This allows you to send a copy of the backup to any e-mail address you’d like.

8. Let’s go ahead and download a copy to our hard drives now.

Check options you want in the Tables section then click “Backup now!”

You should see a progress bar, and when that’s done your browser will prompt you to save the file. You can save this file wherever you’d like.

9. There’s another section called “Scheduled Backup.” This is where this program gets really great.

Here we can schedule a backup to be e-mailed to a particular e-mail address however often we’d like. I recommend checking selecting “Once Daily.”

10. On the right, you’ll see that list of optional tables again. Check the ones you want to backup every time the backup runs.

11. Enter the e-mail address you want the backups delivered to in the “Email backup to:” field.

12. Click “Schedule backup.”

13. You should now get a backup file as an e-mail attachment every day. You should save these attachments to your local computer. If you’re using Gmail or another web mail host that has a lot of storage space, you might want to leave your databases on their server as an additional off-site backup. Be aware that that’s an additional security risk – if your e-mail account is ever compromised, the would have access to all of your database backups.

I think I’ll kick off the series with a couple simple ones…

• Why isn’t this plugin working with my theme?

  This is probably one of the most common issues I read about regarding WordPress. Sometimes even more experienced WPers can get this one wrong. Now, I’m not saying this is the solution to all problems between plugins and themes. Its just that this little bugger is often the culprit.

  Try ensuring that your theme has <?php wp_head() ?> somewhere inside the <head> section of the document. Also, for that matter, make sure it has <?php wp_footer() ?> somewhere in the foot of the document; Before the </body> tag.

  If your theme lacks these function calls many plugins that manipulate your theme will not be able to hook into the required areas. This can cause many headaches.

  If you have no idea what I’m talking about, you may be better off having a coder buddy take a look at the theme for you. Or you can also contact the theme author, if the theme you use was created by someone else.

• How come my URLs are yucky?

  Or, “How come my URLs look like www.mysite.com?p=123 instead of www​.mysite.​com​/my-​sample-​post/?”

  This one is right up there with the previous question. I see it all the time. However, more and more web hosts these days support the “nice” URLs by default without requiring any extra effort. So, its just a matter of going into the WordPress control panel, changing your Permalink Settings and then saving. Unfortunately, we’re not all this lucky…

  The first thing to try would be to contact your web host support and make sure they have whats known as mod_rewrite (or similar functionality) enabled on your account. If such functionality is not available on your web host, and you really need this feature, you may need to upgrade to a new host that does support it.

  If your host does support it and has it enabled on your account, but it still doesn’t work, you can check that WordPress is able to write to the .htaccess file (which is where all the “nice” URL magic happens).

  For WordPress, on Unix-based systems, the htaccess file should be “CHMODed” to at least 666. On Windows-based systems the procedure is a bit different. It can be different depending on your particular setup so I won’t go into that.

  Basically, as was the case with the previous question, you may need to seek help to figure this out. If you don’t have a code buddy, get one! They are really great to have around. Just make sure you buy them a nice gift for their trouble.

• Can I have a link to login to WordPress somewhere in my theme?

  Sure! It’s actually easier than you might think…

  Some themes have a link for that already. But, there are also some that seem to lack this obvious and simple feature. You can easily add this to any theme yourself. No need for any programming knowledge. Simply add <?php wp_loginout() ?> somewhere in your theme and you’re done. Easy right?

  Another nice function along the same lines is <?php wp_register() ?>, which will show a link to your registration page (if your settings allow users to register), or a link to the WordPress control panel if you are already logged in.

  Do note though that by default the link will be output wrapped inside <li> tags. This is so you can include the link in a list of other links, like a “meta” section. If, however, that is not how you want it to be output you can use the function like <?php wp_register('', '') ?>. That will simply output the link and nothing else.

  An example of how to customize that is something like <?php wp_register('<p>', '</p>') ?>, which will output the link wrapped in its own paragraph. Just change the opening and closing tags in the function to make it output how you want. Dead simple!

That’s all for now… I hope it helps!

Do you have a question about WordPress? Want to see it answered here on Weblog Tools Collection? If so, please send us an E-Mail or drop a comment here. Your question just might be featured in the series!

Ekin Ertac has created a really useful WordPress Cheatsheet that lists out all the available template tags and their purpose, along with listing several other useful information for creating or modifying themes. The cheatsheet is available for download in PDF format.

Download WordPress Cheatsheet

Meta: Words or phrases marked in italic will be explained in future posts.

You have a role of doing something wherever you are at or at whichever position you are, those roles are pre-defined and involve certain things that you can do and cannot do, some times we do break rules, however with software we usually cannot.

Likewise with WordPress there are some roles that are pre-defined and have certain capabilities that you can use to assign to members of your site, in this post we will look at those roles and know what each of them mean.

Subscriber Role

What is Subscriber Role?

A subscriber role is the most basic and default role that is assigned to any user that registers to the site, unless you of course change that by tweaking the settings.

A subscriber can comment on your blog without having to enter their details and also modify your database by setting up their profiles.

Best Practices for Subscriber Role?

Subscriber role is suited best for users whom you want to register to your site and comment without having to enter their details everytime, in addition to that you can also use this role to promote special offers and more, but it may require additional coding or plugins.

Subscriber Role in WordPress;

• Modify their Profiles
• Comment on the blog (when logged in) without having to provide name and email, unless you change that in the settings.

Who Should You Assign Subscriber Role to?

Subscriber Role can be open to everyone who wants to save sometime while entering their details over and over again while commenting and various other things you reserve for subscribers, however they need to be logged in, this role is best suited for every user on your site, and every other roles on your site has all the capabilities that this user has.

Contributor Role

Who is a Contributor?

A Contributor to your site has a bigger role than a regular subscriber in the sense that they can compose articles unlike subscribers, however they cannot publish or schedule the articles.

Any article written by a contributor can be saved as draft or under pending review which we will look at when we deal with “Types of Posts a WordPress site can have and what it means”.

A contributor can only contribute towards the site, however they do not have rights to publish a article.

Best Practices for Contributor Role?

A contributor role is best given to someone who wants to contribute to your site by adding new articles, but which you would like to go over before publishing.

Contributor Role In WordPress;

• All of the Subscribers privileges+
• View comments in the administrator panel.
• Add new posts to drafts or to pending review.
• Edit their own posts.
• View posts added by others in post listing section, however they cannot view drafts and scheduled post, but they can see the titles.

Who Should You Assign Contributor Role to?

Contributor roles should be assigned to those users who want to post articles to your site, however you still need to go over them before you publish them, this means that everything they write will go through you before it hits your site.

Author Role

Who is a Author?

Author is a well known term and it has the same meaning in WordPress, a author can write articles, add it up as pending review, save it under drafts but more importantly they can publish what they write.

Yes publish it, which means, whoever you assign an author role can publish articles to the site without having your consent.

Best Practices for Author Role

You can give the role of an author to people who can add and publish articles to the site without having to ask for your review, once you give a role of a author they do not have to go through the pending preview cycle to publish, so you might not have a control over what gets published.

This role requires a bit of trust as they can publish anything (not explained) to your site without your knowledge.

Author Role in WordPress;

• All of the Contributor privileges+
• View posts added by others in post listing section, however they cannot view drafts and scheduled post, but they can see the titles.

Who Should You Assign Author Roles To?

In a hierarchy you would always want to go through top level, however once you assign a role of a author to someone, it bypasses that and it does not require checks, so you should only assign this role to people who you trust can write good articles for your site, if you feel otherwise you should always put them in the contributor role.

Editor Role

The Editor role can do all of the above, but in addition to that, they can edit other’s post (which is what a editor does) and change anything in anyone else’s post, however WordPress logs who edited which post and when (if you have post reviews on), so you need to turn post revision on which we will look at in future posts.

However when you assign the role of an editor to someone, you virtually give control over everything that is published on your blog to them, so do this very carefully and thoughtfully.

WordPress does not have a role between an author and a editor which is really wanted, but you can actually restrict roles by using several plugins.

Who Should You Assign Editor Roles To?

If an author can write and publish articles, an editor can write articles, publish them, edit them, they can do the same for any other author or editor on the site, this means that the person whom you assign as a editor has all the rights except for administrative which we will see next.

This role should only be assigned when you are entirely sure you want to do it and except for administrative privileges it has every other privileges a newspaper or magazine editor has.

Administrator Role

I have a key to your house and I can do anything with it, virtually a administrative role is just like that, once you assign a role of a admin to someone, they can do as they like, so this role should *NEVER* be assigned to anyone other than yourself, if you do need to do that, make sure you assign it to someone who you trust.

An administrator account can DELETE your entire blog, they can DELETE all comments, in short they can ruin everything you created in couple of clicks.

That aside an admin user on a WordPress blog is responsible for upgrading the blog, upgrading plugins, moderating comments among other things that all of the above roles add up to, so this is a role you should never assign to anyone (not explained) unless you are certain of what you are doing.

Who Should You Assign Admin Roles To?

No one, unless you are really sure what you want to do with your blog.

Which Role Can Be Used and When In Simple Words

• A subscriber role should be used when you want people who comment on your blog to not enter their information over and over again.
• A contributor role should be used when you want your subscribers to contribute to your site, but don’t want to directly publish articles to your site.
• An author role should be used when you trust a contributor or someone you think will write the best, without you having to go through what they wrote.
• An editor role should only be given to people who you trust to write, edit and publish not just their own articles but those of other’s too.
• An administrator role should never be given to anyone other than yourself, this is the most critical role and can rule the roost, and it does, but only if you hold it yourself.

All your comments, suggestions and critiques are more than welcome, it helps us improve.

P.S. I left Editor Role and Administrative Role in-depth talk deliberately along with WordPress Premium Subscribers as I will cover them in future.

You may also come across several questions, however to keep you assured all your questions will be answered in the WordPress for Beginners series.

Touring the Main Admin Dashboard

WordPress provides users with a really nice dashboard that will allow you to manage and perform several actions, however the first thing that you see when you login to WordPress is a screen as you see below (click to enlarge), lets explore that, I have marked the screen with numbers and will explain what each of it means accordingly.

When you first login to the WordPress admin, you will see a lot of information, sometimes this can be overwhelming, however we will decipher it here.

#1 – This is basically a place where you will see the name of the site and a option to visit your blog homepage.

#2 – You will see the name of the person who has logged in, and an option to logout, in addition to that you will also see quick links to perform several actions on WordPress.

#3 – The sidebar, this is a place from where you can perform several actions including writing new posts, editing them, managing plugins and users and more, all of which I will cover in future posts in this series.

#4 In this section you can change screen options and find help with problems, I will cover screen options detail in this post, to learn more about finding help read a earlier post Troubleshooting problems with WordPress.

#5 This section provides information about statistics about your blog with information such as number of posts, number of drafts, number of comments and so on.

#6 QuickPress is a easy and quick way to publish posts and images to your blog, again will be covered in detail in future posts.

#7 A easy way to keep an eye on comments, moderate them and reply to them.

#8 If you have posted drafts it will show up here, drafts are basically posts, however they have not been published to the blog, we will explore them in detail later.

#9 On this section you will see the latest news from the WordPress development blog.

#10 When someone links to you it is a really good thing, however you don’t have to visit each and every site on the internet to find out who linked to you, this section will query Google and display the latest incoming links to your blog, you can change it to query some other blog tracking source, we will see how to do that in this post.

#11 Information about plugins that add to the features provided by WordPress, includes most popular, newest and latest updated plugins. I will do a dedicated post on plugins later in this series.

#12 In this section you will see news from the WordPress community, you can directly subscribe to it too in your RSS reader, the website to subscribe is Planet WordPress.

#13 This is the footer area and has links to main WordPress site and also tells you which version of WordPress you are using.

We will dive in deeper into many different options available in this post, however if something is left out, it means that it will be covered in depth in future posts in the series.

Expanding & Minimizing Admin Dashboard Widgets and Sidebar Options

Options provided on the dashboard are by default expanded so that you can get information at a glance, however if you do not want to view all the information at one go, you have a option to minimize it.

To minimize the widgets, take your mouse to the right hand corner of the widget, a arrow will be displayed to you, click on it to minimize the widget, to maximize it follow the same steps.

You can also expand and minimize the sidebar options in a similar way. Take a look at the GIF animation below on how you can do it.

For certain sections that do not have additional options, you will not see a arrow key like for the comments section. WordPress remembers you choice so if you logout and login again you will see it the way you left it.

Rearrange WordPress Dashboard by Dragging and Dropping Widgets

The admin dashboard contains several widgets, however some of them may be more important to you than the others, so what do you do?

Well nothing much, just drag and drop. WordPress allows you to rearrange the dashboard by dragging and dropping widgets to any position you want.

To do that just take your mouse over to any widget, you will see a 4 way arrow when you do that, click and hold your mouse when you see that, it will select the widget, move your mouse to any location where you want to see the widget. Take a look at the GIF animation below to see how you can do that. WordPress remembers you choice so if you logout and login again you will see it the way you left it.

Customizing Dashboard, Changing Column Numbers and Removing Widgets

Though the admin dashboard in WordPress provides us with important information in a readable format, it is not necessary that we might all like it.

With WordPress nothing is forced upon you can you easily customize what you can see and how many columns you want to see.

You can customize screen options on the dashboard by clicking on the screen options button in the right hand top corner.

Once you click on the button you can remove widgets you don’t want to see and also customize the number of columns the information should be provided to you in.

Modifying Widgets on Admin Dashboard

Certain widgets on the admin dashboard can be edited and customized to suit you needs, however not all of them have that option.

To find widgets that can be customized move your mouse to the right hand corner of the widget but a little more left than what you would do to see the arrow as suggested above, if you see a configure link you can customize that widget, see the GIF animation below.

If you find the configure link, click on it and you will be shown options to customize the widget.

For example if you want to use a different source for incoming links, you can configure it accordingly, in addition to that you can also configure to view more items and display item date.

Not all widgets have configuration options, but you can still take advantage of those that have.

This concludes the part of exploring the WordPress admin dashboard, many things may have been simplified and many questions may have been framed in your mind, do let me know about them, I will try and answer it to the best of my knowledge.

There are some questions I may not answer right away because it will only do justice to answer them with a full blown post.

I would also want you to share your own tips and tricks with everyone as I may have omitted several things which might be important, your suggestions and views are important so don’t forget to let us know about it.

And if you do have a few seconds, please share your views through this small poll, it will help us improve, thanks in advance.

WordPress has a very good plugin to take care of such spammers in the form or Akismet, this plugin will block spam comments and help you keep your blog clean from spam links.

Akismet plugin is available by default in all new WordPress installations, however it does not work out of the box and you need to setup Akismet to work for you blog, in this post we will see how to setup Akismet to protect your blog against spam comments.

Activate Akismet

Before you can use the plugin, you will need to activate it, to do that click on the plugins menu and then click on the Installed link in it.

Find Akismet in the installed plugins and click on the Activate link to activate the plugin. I will be doing a more detailed post on working with plugins later.

Obtaining WordPress.com API key

Once you have activated Akismet you will see a message that the plugin is activated, along with that you will also see a message that you need to add a WordPress.com API key for it to work.

Many new WordPress.org users may not have a WordPress.com API key, to get one go to the registration page for WordPress.com and signup for a free WordPress.com account.

Once you have registered and confirmed you account, you will receive the API key in your email, make sure to store it someplace safe. If you do not have the original email login to your WordPress.com account to your Global Dashboard Profile (clicking this link will take you there).

You will see your API key on your profile page, copy the API key and save it someplace safe for future reference.

Hint: A single WordPress.com API will work for multiple blog installations you have, so you do not have to perform this step over and over again for all your blog setup, just keep the API key handy.

Add API key to Akismet Configuration

Once you have got the API key, go back to the admin dashboard of your blog and click on the enter your WordPress.com API link, this should take you to the Akismet configuration page.

Paste your API key into the box provided and click on update options, alternatively on the same page you can also choose to automatically discard spam comments older than one month.

This will help you save some database space, as in the long run as your blog gets popular you will attract more and more spam comments.

Tips and Tricks for Using Akismet

Once you have activated and completed the API key setup, Akismet will work in the background protecting you from spam comments, however it is always a good practice to check the spam folder every once in a while to see if any genuine comments have been marked as spam.

Though those cases are very rare, you may still find one or two stray genuine comments being marked as spam.

Also there may be times when you may want to mark comments as spam, for example a trackback from a newly created spam blog may not always be detected, you can mark the link as spam, Akismet will take care of them in the future.

Alternatively if you have received 10 spam trackbacks from a splogger (spam blogger), there is no need to mark all the 10 comments as spam individually, just mark one of them as spam and click on the “Check for Spam” button to mark all the other trackbacks as spam, this will save you some time dealing with spammers.

There may be several things that I may have missed out here, please feel free to discuss and add your own views and suggestions.

This post is part of our WordPress for Beginners series where we will be explaining several things to make using WordPress much more easier.

Publish Post Box

A couple of Twitter questions posted to @weblogtooltips (are you following us yet?) about publishing posts in the future with plugins make me think that some users of WordPress might not know about the cool features that are built right into the admin panel. (yes, WordPress does that)

As the screenshot to the left shows, the publish box in WordPress holds a couple of hidden gems that might not immiediately be apparent. You can do one of two things with the fantastic post you just wrote (beside just posting it outright):

• You can make your post public and make it a sticky on the front page or you can choose to password protect it or make it completely invisible to people that are not logged in to your blog. This option is available on your “Add New Post” page under the Publish box. You have to click on “Edit” next to “Visibility: Public” to see these settings. Just change the settings, add a password if you want it protected and click Publish

• You can also setup your post to be published in the future. You can access this setting by clicking on the Edit link next to “Publish immediately“. Just set the date/time you want your post to be published (future dates result in future posts, past dates result in posting in the past) and Voila, it gets scheduled for the future. You can also use this feature when editing a post to move posts around chronologically on your blog, though I suggest against it. Posting in the future does not require any other setup of any kind. If your server’s time is set correctly and your timezone is set correctly for your blog (under Settings tab->General, shows a useful example), your post will appear automagically on your blog on the scheduled time.

Remember that just clicking on “Publish” publishes your post even if the Status is set to draft. There is also a “Pending Review” feature under the “Status: Draft” section that can be used to differentiate between true drafts and articles that are complete but need to be reviewed. This option might be useful for multi-user blogs or just to keep track of articles that are complete and those that still need work.

Welcome to WordPress, now that you have installed one of the best platform to blog with, there are a few things you might want to tweak and change to get the best out of it.

I am starting a new series called “WordPress For Beginners” that will focus on helping newcomers and moderate users optimize their WordPress installation, though I will try and cover many things here, there may still be things that may not make it to this list, so if you think I left anything out please feel free to add to this list.

This guide is based on WordPress 2.8 so few things may not be available/different if you are using a older version of WordPress.

In this post I will concentrate on exposing the different settings WordPress has and you can use after installation.

After Installing: Change Your Administrator Password

The initial administrator password is generated randomly, so you might want to change it to something that you can easily remember.

Create Another User With Administrative Privilege

Though not required, it is always good to create a new user with your name and use that for all administrative purposes, again this is not a requirement, however I personally don’t like to write blog posts using the admin user.

Change Blog Title & Tag Line

Your blog is unique and you might want to give it a nice title and tag line, to do that go to Settings -> General and update the information there.

Disable Option For Anyone To Register

Unless you want people to register and comment on your site, you do not require this feature, go to Settings –> General and uncheck the checkbox next to “Anyone Can Register” and save the settings.

Setup your Timezone, Date & Time Format

On the same general settings page, setup the timezone for your country and change the date & time format that suits you best.

Configure Writing  Settings

Go to Options –> Writing and configure how you want the write panel you to display, and also other options related to converting content and correcting improper HTML in the post to be XHTML valid.

If you plan to write blog posts from a desktop or external editor, you will have to enable remote publishing, without which you may not be able to publish using a external tool or device.

If you want to publish posts using email, you can also set that up on this page itself.

Add Ping Servers

Whenever you write a new post not all services will automatically know about it, however WordPress allows users to automatically ping these services whenever you write a new post.

In the Settings –> Writing options page you can enter a list of Update services WordPress needs to ping when you write a new post. Here is a comprehensive list of services you can add there.

Update: Based on comments from Otto and Matt, I have removed this list, to get a list of services you can check the WordPress Codex: Update Services.

Setup Reading Options

By default WordPress will display the latest posts on the home page, however you can also show a static page instead of it, to change that go to Settings –> Reading and change the default page that should be shown when someone visits your blog.

In this page you can also change the number of posts that should be displayed on each page of your blog and the number of posts that should be shown when someone subscribes to your RSS feed.

You can also decide whether to show full or partial content in feeds, I suggest you keep it as full content.

Commenting, Trackbacks, Pinging & More

Whenever you write a new post, you may sometimes include a link to another site, WordPress provides you with an option to automatically notify the external blog in the form of a trackback or pingback.

In addition to that other blogs may link to you, and WordPress has the ability to provide us with an option to send you trackbacks & pingbacks.

If you do not want that to happen you can go to Settings –> Discussions and disable it.

You can also setup if you want to allow other users to comment on your posts, the criteria for allowing users to comment on your blog and so on in this page, along with displaying of Avatars for commentators.

Setup Media Options For Images

Whenever you upload a image to your blog, WordPress will resize and display it accordingly, if you want to change the size of the thumbnails and other image sizes, you can visit Settings –> Media.

Privacy & Disallowing Search Engines From Crawling Your Blog

If you want to let your blog remain private and don’t want it to be crawled by search engines, WordPress provides you a easy option to do it, go to Settings –> Privacy and change the privacy settings for your blog.

Setup Permalinks

WordPress is a wonderful platform in the form that it allows users to setup how the URL for your blog should be like.

Optimized URLs are usually good for SEO, you might want to change the Permalinks for your blog by going to Settings –> Permalinks.

In addition to the available options, you can also setup custom permalinks by using tags, you can find a list of tags you can use in the permalink by visiting this WordPress Codex document for custom tags.

Image Upload Location and URL

A often overlooked area of the settings is the Settings –> Miscellaneous page, on this page you can change the default location of where images get stored when you upload it and also provide with a URL that you want the images to be appended with.

For example I use cache.techie-buzz.com instead of techie-buzz.com for my images, so I can set it up on this page.

This concludes the first part of the new WordPress for Beginners series, in the next part I will look at a bit more technical aspects of setting up your blog and installing essential plugins and themes.

Please feel free to comment and tell us about things I may have missed out.