Things change rapidly in the WordPress world. The content in this post is more than a year old and may no longer represent best practices.
There were lots of question at the February 2017 East Bay WordPress meetup. Here they are with their answers.
What’s the Best Directory Structure for WordPress?
If you are planning to have multiple WordPress installs on your hosting account, or to install both WordPress and other apps on a single domain, it’s a good idea to put WordPress in its own directory.
There are also other occasions when you might want to create a separate directory or subdomain. (WordCamps move the previous year’s WordCamp info onto a subdomain so that the main domain always shows the current year’s information.)
And then there’s the question of whether to use a subdomain or subfolder structure for WordPress Multisite.
The WordPress Codex is the best place to start:
- Moving WordPress
- Giving WordPress Its Own Directory
- Before You Create a Network
- Create a Network
- An Introduction to WordPress Multisite Setup (Kinsta.com)
- Subdomains vs. Subdirectories, Rel Canonical vs. 301, and How to Structure Links for SEO (Moz)
Note that we will be having a meetup about WordPress Multisite in May.
What are Some Best Practices for WordPress Security?
There are many posts about this (most of them covering the same points), but again, it’s helpful to start with the WordPress Codex article “Hardening WordPress.”
- The Wordfence Cyber Security Survival Guide (Wordfence)
- WordPress Security – 19+ Steps to Lock Down Your Site (Kinsta)
- Securing WordPress from the Start (iThemes)
- WordPress Security: The Ultimate 32-Step Checklist (WPMU Dev)
- Steps to Cleaning a Hacked WordPress Site (Sucuri)
- 20 Simple Tricks to Secure Your WordPress Website in 2017 (CodeinWP)
Among the most fundamental suggestions are
- Keep WordPress, plugins, and themes updated
- Use a good username (not “admin”!) and password
- Don’t re-use passwords across multiple sites
- Don’t use an admin account to publish content
- Make sure your user id is not “1”
- Use an antivirus on your computer to prevent infections spreading to your website.
It’s easy to start using strong passwords by installing a password management app. LastPass is free for 1 device and $12/year to install on all devices. It generates and stores strong passwords and syncs them between your phone(s) and computer(s).
What’s the Best Tool for Publishing a Site in Multiple Languages?
You (or your clients) may have a multi-lingual readership, and sometimes an on-the-fly mechanical translator like GTranslate doesn’t cut it. The most-established (though by no means easiest) plugin is WPML, which Sonja London recommends. Polylang and Weglot are two others.
Note that if one of these plugins doesn’t work with your theme, the problem might be the theme.
- SEO and Multilingualism in WordPress (WP Mayor)
- Multi-regional and multilingual sites (Google)
- How to Create a Multilingual WordPress Site with WPML (WP Beginner)
- Setting up a Multilingual WordPress site with Polylang (WP Beaches)
- Weglot Review: Translate Your WordPress Website in the Fast Lane (WP Mayor)
Those plugins address the front end of the site (what visitors see). The Polyglots team is in charge of translating the WordPress admin and settings pages for themes and plugins. Plugin and theme authors are encouraged to make their extensions translation-ready. There’s an Admin Language Per User plugin so each author on your site can interact with WordPress in his or her own language.
Where Can I Find a Good Genesis Starter Theme?
StudioPress provides a free Genesis Sample child theme, but it’s not everyone’s ideal starting point. Tonya Mork over at Know the Code will teach you how to build your own Genesis Starter Theme.
Here are a few other options: