WordPress Setup

Security
First, we’ll take some security measures. As it is, Wordpress is quite vulnerable to hacks and exploits and we’re going to change that.

Before we work on the website itself, here’s an important cautionary notice:  
Offline Security
Your PC must be kept clean! Make sure that you have a virus scanner installed, running regular scans (click here to download a free Windows antivirus program, if you don’t have one yet). You should also have a good firewall to protect your connections to and from networks (click here for a free Windows firewall).
Why is this important? You will be connecting to your website and uploading data to it. If you have malicious software on your computer, you can infect your website with it which can lead to your site getting hacked or just “breaking”, i.e. files being modified in such a way that the site isn’t accessible anymore.
This kind of thing doesn’t happen very often, but believe me, when it does, it’s a real pain!

Block spam comments
Just like you can get spam-mail in your inbox and need some filter to protect against this, you can get tons of spam comments to your blog. A good spam filter is available and already installed, but it also comes with a drawback or two. Let me explain what it’s all about and also show you an alternative.
Go to the “Plugins” menu by clicking here: 
This takes you to the list of installed plugins. You’ll see two already listed, “Hello Dolly” and “Akismet”. Akismet is your spam filter. Click on “Activate”. 
Now, you’ll see a yellow bar across the top of the page stating that you need to enter your Wordpress.com API key for Akismet to work. You can then go to the Akismet website to sign up for a key and here’s where you’ll see the “problem” with Akismet.
 
Akismet can be free for personal use. They still ask you to make a contribution, but you can choose not to pay anything. For business use, you need to pay.

There’s absolutely nothing wrong with Akismet asking for money, in return for their highly valuable service. If you’re on a really tight budget, paying for spam filtering might just not be an option for you, though and I can understand that as well.

So, at this point you can decide to either sign up for Akismet, get you key and then activate it in WordPress (follow the on-screen instructions for this), or use a free alternative.

You can easily find free anti-spam plugins but in my experience, they tend not to work very well. A free option that works flawlessly is to use Facebook comments on your site.

You can install this plugin to get the job done. The easiest way to install the plugin is to go to the plugins menu, click on “Add New” and then search for “Facebook Comments” in the search field.

From the results, you can choose to install a plugin directly, without having to download anything.
There are, unfortunately, also two downsides to using Facebook comments. The first is that you are excluding a certain amount of people from ever commenting on your site. Some people simply don’t use Facebook or don’t want to use their FB account on external website.

On the other hand, replacing the existing comments with Facebook comments can be a bit tricky and it really depends on what theme you use. I can’t possibly cover all options for all themes in this guide.

Plugins
Next, we’ll see how you can customize your website by installing plugins. Click on the “Plugins” menu item in the left menu and then click on “Add New”. 
On the screen that opens, you can search for plugins. You can use it like a search engine to look for plugins that do some specific thing you are looking for. For now, we’re going to go for some very specific plugins to increase your website’s security.
Type “wordpress firewall” into the search field. 
Click on “Search Plugins” and you should see the right plugin as the first entry in the results.
Click on the “Install” link on the left hand side and then on the “Install Now” button on the screen that opens to start the automatic installation. The installation is usually very quick. Once it’s done, click on “Activate Plugin”.

We will use this exact same process to install a few more plugins that are essential to keeping your website safe from hacking attempts and also to do some search engine optimization.

Here is the list of plugins that you should install by entering each one of the names into the plugin search-field and then installing and activating them:

 Login Lockdown  WP-DBmanager  WordPress SEO by Yoast  smush.it

Login Lockdown and smush.it are very simple and only need to be installed and activated. Login lockdown prevents brute force attempts of hacking into your WordPress admin account. Smush.it automatically and losslessly compresses all images that you upload, which makes your pages load faster. If you want to learn more about improving your page loading times, there’s an extensive guide here.
We’ll get back to the WordPress SEO plugin later on. 
WP-DBmanager Database Backup
When you install the WP-DBmanager plugin, you’ll see a warning message appear in your dashboard and it will ask you to move a file. For now, don’t worry about that. We will take care of this file just a bit further on in the guide.
The database is where all the content information of your blog is stored (posts, pages, comments, etc.). It’s very important to do regular backups of your database, since this is what you will be falling back on if anything ever goes wrong with your blog or you accidentally delete something important.
Open the “Database” tab in your WordPress admin panel:
 
First, go to the “DB Options” highlighted above. Here, you can set up automatic backups to be mailed to your inbox. 
Simply enter the e-mail address you want the backup files sent to and set an interval for the backups. Set this according to how often you intend to post. I would set it to at least once a week and if you will be posting more than three times a week, set it to backup daily.
You can simply clean out all the backup files once a month and only keep the newest one in your inbox.
Sometimes, the automatic backups don’t work for me. I have no idea why, but on some of my sites, this feature works and on others, it doesn’t. In the latter case, I simply do a manual backup after each new post. It’s very easy to do: In the “Database” menu, select “Backup DB” and then click on the “Backup” button in the middle of the screen. This saves the backup file to your server, from where you can periodically download the newest one to your hard-disk (you’ll see how to do this later on in the guide).

Shologoo