The 5 most important settings for WordPress

These settings for the installation of WordPress are our "must haves" for every good website.

We are often asked by clients which settings should be configured in addition to our SEO plugin to make their WordPress website even better. This is why we have written this concise guide with our “optimal settings”.

You can perform points 1 to 3 even if you are no technical expert. For points 4 and 5, I recommend that you be at least an experienced WordPress user with a little coding experience.


WordPress Permalink Settings

The most important setting for every WordPress website is the correct permalink structure. You will find it in the administration mode under Settings > Permalinks. For this, WordPress already comes with various options. In any case, we recommend that the article name be included in the URL. Depending on the type of website, here are a few points to pay attention to:

  • For “normal websites” which contain a blog with articles that belong to multiple categories (i.e. when a blog post is assigned multiple categories), you should set the option “Post name”.
  • Websites and shops whose blog articles are always assigned only one single category (our recommendation) should choose the “User-defined structure”. This is where you paste the following code so that the category of the corresponding post always appears in the URL as well:

    By doing so, the categories themselves also become effective for SEO.
    Important: In order to ensure that the category is applied correctly in the URLs across the website, you should enter one point for the category base. This results in only the category permalink appearing in the URLs, without any superfluous information. By the way, we recommend that the category permalinks not be cluttered with superfluous search terms. Instead, we always reduce these terms to one or two words so that the URLs do not become too long and "spammy". The setting with the point does not work with keywords. In this case, either leave the base empty or use the keyword placeholder to (creatively) optimize it for your main topic, such as we have done so in our screenshot.

  • Blogs which are (later) to be listed on Google News require a unique identification number (or "ID" for short) in order to be picked up by Google News. If every blog post is only in one single category (which we strongly recommend), you should also include the category in the URLs as well. The settings for the user-defined URLs will then appear as follows:

Hint for WordPress permalink settings: I recommend you to avoid using the date in permalinks, because this can be contra productive: If you actualize your content later, the “url-date” will remain the old one, in order not to create a 404 error. So, even if you do the work to keep an article relevant, the url will not be actualized.

Although some people are of the opinion that changing the permalinks from the standard ID to other URL combinations could slow down the website, we were unable to verify this in numerous testing scenarios. Even if a minimal slowing down of the website does result from the "narrative" URLs, in our opinion the advantages of these "speaking" URLs still outweigh the alleged disadvantages. It is only in the case of extremely long URLs and an enormous amount of content, such as we see on YouTube or eBay, that we recommend using the standard variant with IDs.

Now click on "Apply changes" to save.

Please note that after changing the URL structure, you will re-transmit your sitemaps to Google and Bing, and will also forward any dead links that could have been generated due to this change directly to the new structure. For new and small websites, the redirection is not that important. However, if your website is already well-established or is on its way to becoming well-established, you should definitely configure the redirection. For the latter, you can configure forwards with 3 clicks in our SEO suite. By the way, dead links which you should redirect will also be shown to you by the Google Webmaster Tools.

2. Reading settings

In order to allow your website to be found on the internet, go to Settings > Reading. Now deactivate the feature that prevents search engines from indexing your website. It is extremely important that this checkbox be deactivated for search engine optimization

WordPress Reading Settings

Depending on your preferences, you can now also vary the number of posts for blog pages and news feeds. Generally, the lower the number, the faster your website will be. However, users will then be shown less content at once on the screen, and may leave before they click on a link or continue surfing on the page. Generally, you won't go wrong if you choose the default setting of 10 posts.

The news feed setting is also a matter of personal preference: If you show the entire text, you offer users the ability to read your posts even without having to visit the site. The short version only shows a preview of your posts; to read the full version, users will need to visit your website.
As a fan of the newsreader Feedly, I am generally in favor of choosing the setting that shows the entire text. This is because I as the reader then do not need to leave my news aggregator to read every blog post, making me more likely to remain loyal to the page than those who constantly force me to visit their page to read the articles.

3. Security

To secure your website, we recommend the following settings to fend off unauthorized access and malware:

  • Change the administrator's user name. He should not be called "Admin". This can either be done directly when setting up WordPress, via the database, or (our recommendation) with the plugin All In One WP Security & Firewall. The plugin will also recommend additional settings to you for protecting your website, such as deactivating (spam) pingbacks and changing the database prefix. In addition, you should also change the login link so that malicious attacks cannot be started by adding /wp-login or /wp-admin to your domain.
  • Furthermore, you should either completely disable comments (this can be done very easily with the help of the plugin Disable Comments), or at least manually approve comments. Alternatively, you can also use the comments system Disqus, which is significantly better at protecting your website against spam, and in my opinion also more user-friendly, as you only need to log in with your Disqus, Google, and/or Facebook account, upon which you are immediately authorized to comment. This results in significantly less administrative effort for administrators.
  • Delete unneeded, deactivated plugins.

4. SSL encryption

Since Google's switch to encrypted connections and search queries which are transmitted in an encrypted fashion, the encryption of websites has become an increasingly important ranking factor for Google. Today, websites are encrypted using SSL. This is a certificate which contains an encryption and a decryption code and which is integrated into the website.

We recommend that only experienced WordPress users perform this switch to SSL encryption, as inexperienced users risk completely scrambling their website.

WordPress Domain Settings

First of all, you should backup your website and order an SSL certificate for your site. There are certificates with varying degrees of security which cost from a few euros a year to a few hundred euros. My personal recommendation is to spend the necessary cash here and to at least order your own SSL certificate. Unlike shared SSL, this certificate is issued for your own domain and significantly more professional. If you truly want your target group to trust your website, you should order a certificate which turns the URL bar in your browser green. Although this costs a few hundred euros a year, it is a good investment for a trustworthy image.

Subsequently, there are multiple options for configuring WordPress to use an encrypted connection. The easiest and most secure way is to change the domain, which begins with http, to https in the entire database. To do so, you will need to e.g. search all database content for and replace it with This can either be done via PhpMyAdmin, or even more easily with the plugin Better Search Replace. After making this change, you should test the site:

  1. In WordPress, go to Settings > General and see if the encrypted domain now appears there.
  2. Subsequently, go to our SEO plugin under SEO > Basic and scroll down to the URLs module. The option "Force secure connections" should be activated here.
  3. Empty the browser cache and then visit your site via the encrypted SSL domain on all popular browsers if possible. Check if all content is displayed correctly.
  4. Finally, use a tool to check the encryption. The SSL Server Test by GlobalSign is a good choice.

Sometimes, it is also necessary to change the URLs in your theme as well. Once everything works without a hitch and your website has passed the test, you should add the site with the encrypted URL as an additional website in Google Webmaster Tools so that it can now appear more quickly with the encrypted domain in the index.

If you do not want to use the method involving the database, you should perform steps 1 to 4. After the second step, it is then often necessary to make a large number of manual changes to the settings.

Naturally, we have also checked the SSL encryption for its performance: In my opinion, an encrypted connection does not noticeably slow down a website.

5. Performance

WordPress often becomes very slow as the number of plugins increases. You can test the speed of your website with Google's PageSpeed Insights. It should achieve at least 85 points. Furthermore, we also recommend a test with the tool, where your site should not require more than 5 seconds to load.

Hence, avoid all non-essential tools. Normal websites manage with less than 10 plugins. We have 22 plugins in use due to our license shop. If you are unsure of which plugin is slowing down your site, you can use the P3 (Plugin Performance Profiler) to identify what is bogging down your site. However, you will need to carefully consider the pros and cons here, as there are no viable alternatives available for certain slow plugins, such as WPML (for multilingual websites) and WooCommerce (for shops).

Apart from reducing the bloat to the essentials, we recommend that you limit the number of revisions to your blog posts (i.e. the backups for previous drafts/corrections) to what is truly necessary. WordPress itself recommends limiting the number of revisions to 3 in its example. You can do this by adding the following code in wp-config.php:

define( 'WP_POST_REVISIONS', 3 );

Hardcore users can also completely deactivate revisions. However, this is only recommended if you do not write your content directly in WordPress.

define( 'WP_POST_REVISIONS', false );

In addition, you should also minimize the number and size of the files for your WordPress website. You can do this by grouping similar topic-relevant files into a single file, such as e.g. combining multiple CSS stylesheets into one. Furthermore, you can also compress the codes yourself, such as with this tool. However, it is better to just use a good caching plugin which minimizes your files and number of access instances. My recommendation for this is either the plugin Wp Rocket (paid plugin, but very fast) or the plugin Wp Fastest Cache (also available as a free version; according to our tests, the premium version is not as fast as Wp Rocket).

You should also compress the images of your theme and your media library. There is often enormous potential here. There are a number of plugins which can take over this task, such as our SEO plugin. I can also recommend the program ImageOptim for Macs.

Finally, the performance of your WordPress page also depends on your server. If it is simply slow or uses an old version of PHP (we recommend at least PHP 5.5), you will only be able to achieve limited success by performing the optimizations previously mentioned.


The list of actions to take in order to correctly configure your WordPress installation may sound long, but it is definitely worth your while, and you will be able to learn it quickly: An experienced user who does not encounter any technical obstacles can complete a setup of this type in 1-2 hours.