[ad_1]
[ad_2]
After installing WordPress, what do you install next?
We have the obvious theme > child theme
What comes later? At what point do you install security (backup and firewall), at what point do you install a cache plugin? When do you handle the Cloudflare CDN? When do you optimize for Google PageSpeed?
Things like these are not clear in my mind. Ive a gew website clients and Im looking to do a better job.
Thank you!
I do WordPress > security > backup > SEO > cache plugin and then themes/child theme
First comes server works: security (UFW, folder/file permission, fail2ban, etc), backup (mysqldupm, tar, rsync) and cache (redis, memcache, nginx cache, varnish).
Next step: WP config, user roles, permission, media settings, permalinks etc
Third one: Theme/Child theme, usual plugins (Forminator, GenerateBlocks, Honeypot, PostSMTP), assets (fonts, logos, color palette).
And last: SEO. I use TheSEOFramework.
I do not use Security and Cache plugins, nor CDN for security and caching.
More or less, following https://developer.wordpress.org/advanced-administration/
1. Core installation.
2. Backup.
3. Whatever basic-functionality plugins are needed (WooCommerce, ACF, etc).
4. Query Monitor (to be removed when the thing is up and running).
5. SEO. Because basic content like posts / pages need metadata and the SEO plugin facilitates installing that.
6. Theme as required. Blocks as required.
7. Buildout.
8. Duplicator, to facilitate going live.
We do it in this order WordPress > Security > Backup > SEO > [all the rest](https://new.reddit.com/r/WordPress_org/comments/147gt1q/must_have_wordpress_plugins_and_themes/) (without caching while developing the site), but mostly we just clone/duplicate our WordPress Template/Blueprint site which has all the basic plugins/themes installed with all the needed settings in place, to a development subdomain.
My typical setup is like this:
– Theme
– Misc. Functionality plugins based on the project but typical stack always has (WPForms, Elementor, MemberPress or WooCommerce, and WPCode for code snippets)
– SEO (now using AIOSEO — used to be Yoast & RankMath before)
– WP Mail SMTP to ensure emails work
– Backup & Migration with Duplicator
After that I setup security things through various code snippets in WPCode as well as enabling Cloudflare.
I add caching last and then deploy.
Don’t tip-toe around the fact that you can’t log in to the back end until you install SSL or immediately change your password immediately after logging in.
Nobody gives 2 shits what you install after that other than keep dev tools off prod.
I already have a “base” system with the theme and necessary plugins we use and I clone it.