SEO – 12 WordPress site settings that are critical to your SEO success

SEO - 12 WordPress site settings that are critical to your SEO success


WordPress is one of the most SEO-friendly content management systems today. If you have a WordPress website, there are many things you can do to improve your SEO. But if you’re not careful, you could also harm your site’s ranking without realizing it. 

In this post, you’ll discover 12 settings to consider if you want your WordPress website to reach its full SEO potential.

In SEO, security is an often overlooked but important consideration. Beyond general SEO settings, we’ll review some necessary security settings that can help prevent negative SEO attacks. 

SEO settings for WordPress

Below are simple settings that should be the foundation of all WordPress sites looking to improve their SEO efforts. 

1. Set up homepage and blog settings

Before you start building out the pages and posts, you must ensure that your homepage and blog pages are set up and ready to go. This may seem like a minor detail, but it’s essential. Your homepage is the first thing people will see when they visit your site, so you want to make sure it makes a good impression. 

Likewise, your blog is a great way to connect with your audience and build an engaged following. By setting up these essential pages before you start adding content, you’re more likely to end up with a successful website that people will enjoy visiting.

By default, WordPress has your latest posts page as the home page. You will need to select ‘A static page’ option and select which page is your home page and which is your blog page.

When you set up your blog, one of the first things you need to decide is how you want your URLs to be structured. 

A scalable URL taxonomy will make it much easier for search engines to crawl and index, and it will also be more user-friendly. As a result, it is worth taking the time to choose a permalink structure that will work well for your blog in the long run. There are a few different options, so take some time to experiment and find the one that works best for you and your blog.

You may choose whichever structure works best for your site, but I recommend using a custom structure and staying away from a date-based structure. A permalink structure that uses month and day or day and name can create a convoluted site architecture. 

WordPress permalink settings.

3. Dynamic sitemap

A dynamic sitemap is an essential tool for any website. It helps search engines index your site and makes it easier for users to find the information they are looking for. 

On the other hand, a static sitemap is a lot less effective, can be difficult to keep up to date, and doesn’t offer the same level of scalability. 

Plenty of plugins offer dynamic sitemap options with various customizations. So if you’re looking for the best way to improve your website’s SEO, a dynamic sitemap is the way to go. 

4. Set up an automated image optimizer

To maintain a fast WordPress site, you need to have optimized images. The SEO benefits of having optimized images are numerous, from increased website speed to better search engine rankings. The simplest way to optimize your images is to use a plugin. 

Many WordPress plugins will automatically optimize images as you upload them. While some are paid, many free options work just as well. 

5. Set up default title and meta descriptions

Many SEO plugins offer default settings for titles and meta descriptions, guaranteeing that all new pages are optimized for search. This is a lifesaver for large websites with many pages or teams unfamiliar with SEO best practices. By taking advantage of these tools, you can help to ensure that your website is visible and easily found by potential visitors.

In the screenshot below, I’m using Yoast to set defaults for my blog posts. In my title, I put a structured format to make it user-friendly. 

For meta descriptions, I’m pulling an excerpt from the beginning of the blog post. This is a simple default setting that anyone can deploy.

WordPress fallback titles and meta descriptions.

Protect your SEO with these WordPress security settings

SEO is starting to become a crucial element of website security. Website security has always been important, but it is becoming even more so as the web becomes more and more a part of our everyday lives. 

Websites are now being used for everything from online shopping to online banking, and if a website is not secure, the consequences can be serious. 

Google has penalties for websites infected with malware and those that may be practicing social engineering. If your website is not secure, you could be losing out on potential customers and rankings in Google’s search engine. Website security is, therefore an important element of SEO and should not be ignored. 

Here are some simple tips to better secure your WordPress website.


Get the daily newsletter search marketers rely on.


While the SEO value of comment sections has been debated, there is no doubt that they can be a security risk. 

Spammers often use comment sections to add links to their websites, which can contain malicious code. Hackers can also attempt SQL injections and XSS attacks through online forms. 

As a result, it is vital to be aware of the risks associated with comment sections. If you choose to use a comment section on your WordPress site, monitor it closely and delete any spam or suspicious comments. 

You should consider disabling the comment section if you are unwilling to put in the extra effort to keep it secure. Below is a screenshot that shows how to disable the content section.

WordPress Discussion Settings

7. Deactivate and remove XML-RPC

One of WordPress’s most common security vulnerabilities is brute force attacks on the XML-RPC file. By default, this file is activated and can be used to access the WordPress site remotely. 

However, it also provides a perfect target for hackers using automated tools to guess the username and password. Once they gain access, they can wreak havoc by deleting files, installing malware, or even taking over the entire site. 

An easy way to protect against these attacks is by deactivating the XML-RPC file. Doing so will prevent remote access to the site and disable some features such as pingbacks and trackbacks. 

SEO experts believe that the increased security outweighs the drawbacks. So if you’re concerned about brute force attacks on your WordPress site, deactivate the XML-RPC file.

There are three ways to deactivate the xmlrpc.php file on WordPress sites.

  • Use a plugin: Search the plugin directory for “remove xmlrpc”
  • Add this code to functions.php file:
    add_filter('xmlrpc_enabled', '__return_false');
  • Disable it in the .htaccess file:
    # Block WordPress xmlrpc.php requests
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    </Files>

8. Set user permissions

As a WordPress site manager, you must ensure that the site runs smoothly and that all stakeholders have the necessary access. That said, not all stakeholders need access to every aspect of the site. 

Setting user permissions allows you to give each stakeholder access to only the sections they need – keeping the site organized and preventing unauthorized changes from being made. 

In addition, you should review user permissions regularly to ensure that they are still accurate. 

WordPress provides an excellent summary of what each role can do.

9. Ensure all users have secure passwords with 2FA

Having secure passwords and enabling two-factor authentication (2FA) are effective ways to make a WordPress site more difficult to hack. 

Hackers attempting brute force login attacks use large password lists that contain millions of the most common passwords. Having a complex password can help render these password lists ineffective.

If a hacker were to get access to your password, having 2FA enabled can help act as another method to prevent hackers from gaining access to your site. 

Many security plugins offer 2FA settings.

10. Set up limit login attempts

A brute force attack happens when an attacker tries to guess a user’s password by repeatedly entering different combinations of characters. One way to prevent brute force attacks is to configure your WordPress site to limit login attempts. 

This security measure will block an attacker’s IP address after a certain number of unsuccessful login attempts, making it more difficult for them to gain access to your site. 

Limit Login Attempts.

11. Auto-update plugins

Unfortunately, many people don’t realize that their plugins can be a security risk. If a plugin is outdated, it may be vulnerable to known exploits. This is why it’s ideal to go with auto-updating plugins.

Plugin auto-updates

12. Set up recurring backups

You shouldn’t overlook a solid website security plan in today’s digital age. One of the best ways to protect your site is to ensure that you have daily backups taken. If your site is hacked or experiences any other security breach, you’ll have a recent copy of your site that you can restore. 

While many plugins offer this service, it’s often best to find a WordPress host to manage backups. This way, you can be sure that your backups are being taken care of regularly. 

Wrapping up

As your site gains more visitors, ensuring its foundation is strong will be increasingly important. Applying the settings mentioned in this article is essential to start SEO on WordPress. By following these tips, you are taking a vital step toward creating a scalable website that will grow with your business. 


Opinions expressed in this article are those of the guest author and not necessarily Search Engine Land. Staff authors are listed here.


New on Search Engine Land

About The Author

John McAlpin leads the SEO strategy for Cardinal Digital Marketing, an Atlanta SEO agency that focuses on serving enterprise healthcare companies across the United States. Currently located in Colorado Springs, McAlpin is deeply engaged in both the local and national SEO community and has a strong background in technical SEO, web development, and digital marketing strategy. McAlpin also provides freelance web development services for WordPress hosted sites.


Leave a Reply

Your email address will not be published.