Skip to Main Content

The Beginner's Guide to Tricking Out Your WordPress Blog


You took the leap and installed WordPress to host your own blog because you want complete control over how it looks and works. Now, it's time to power it up, lock it down, and make your blog completely yours.

UPDATE: We have a newer version of this guide here. Check it out!

What You're In For

With all the hype around cloud computing and no-configuration-required hosted services, you don't hear about the joys of running great software on your own server very much. The fact is, if you're just a casual user who doesn't know if you'll stick to blogging over the long haul, or if you don't want to spend a little time maintaining WordPress, you should sign up for a hosted blog at WordPress.com or Blogger or TypePad. (Also, this tutorial is not for you.)

But if you're willing to keep WordPress updated religiously, you get access to a whole world of WP plug-ins that add features to your site, the opportunity to create and tweak custom WordPress themes, and a huge sense of accomplishment. In the most recent version of WordPress, keeping your installation up-to-date is a matter of clicking a link when you get notified to do so.

Everything you need to know about installing WordPress is right here. Got it up and running? Let's get to customizing.

Initial configuration

The first thing you want to do on your WordPress blog is set up a new author with administrative access. Don't use the default "admin" user to write your posts; create your custom username and give it admin privileges. Then, log out of WordPress and back in as your new username. For security reasons, some folks like to delete the admin user completely (as some WordPress attacks have used it to do bad things to your blog). Once you've got your administrative account working, add other authors to the list of users who might be posting to your blog.

Now it's time to cruise through WP's settings area and configure things just how you like 'em. First, set up your post permalinks to look prettier for both humans and search bots. WordPress' default post permalink looks like http://example.com/?p=123. Instead, under Settings>Permalinks, select something like http://example.com/2009/09/welcome-to-my-blog.

Next up, configure how you want comments to work on your blog. Under Settings>Discussion, you can enable comments and set other advanced options, like whether or not users have to be logged into your site to comment, or if comments should automatically close on posts after a certain number of days, if user avatars show up, or what words in a comment should automatically mark it as spam.

Speaking of, spam comments is a ridiculously epic problem across the internet for all blogs, so how you set up comments will mean the difference between miserable hours spent gardening V14gRa and "check out my sexy webcam!!" comments or not. Coming from Lifehacker's "must register to post here" model, I checked off "Users must be registered and logged in to comment." If you don't want to put up the registration hurdle in front of your commenters, make sure you install the Akisment spam-killing plug-in (more on that below).

Must-have plug-ins

Just like you can extend Firefox with feature-adding extensions, WordPress also has a pluggable architecture and a whole world of plug-ins that can soup up your blog. When you're logged into WordPress, click on Plugins, and search for the name of the plug-in you want to install (which you can do without involving your FTP client). You can also just search on keyword, too—to find Twitter related plug-ins, just enter Twitter. The plug-ins that you use will depend on how you want your site to work and look, but here are a few that every WP user can benefit from.

WordPress Database Backup (Backup): Running your own server and database means that if things go wrong, it's up to you to have a backup. This plug-in can email a full backup of your WordPress database on a schedule to an address you specify. I've had great success building my WordPress site locally with the backup this plug-in created; however, the other resident WP expert here on staff, The How-To Geek, recommends using the old-school cron job for "mysqldump -uUser -pPassword databasename > filename.bak" approach. No matter how you do it, make sure you're backing up both your blog's database and files. It's worth consulting with your blog hosting provider about the best way for you to do this, too.

FD Feedburner Plug-in (Feeds): Google-owned FeedBurner is a must-use for anyone who publishes RSS feeds, like your blog does. FeedBurner saves you bandwidth costs by hosting your blog's feed and offers statistics about how many people are reading it; this plug-in will redirect your blog's feed to FeedBurner for you.

WordPress.com Stats (Stats): See what posts are most popular using this up-to-the-minute statistics plug-in, right inside your WordPress dashboard. WordPress.com stats doesn't count visits to your own blog, and unlike the richer Google Analytics service, there's no day-long delay to see what's happening on your site. To run this plug-in, you have to get a WordPress.com API key (it's free) and enter it into the plug-in's settings.

Search Meter (Stats): If you have a search box on your site, you'll want Search Meter, a plug-in which shows you what readers are looking for and finding (or not) on your site. Search meter also offers widgets you can add to your site which show readers what other readers are searching for.

WP SuperCache (Optimization): The first time a highly-trafficked site like Digg links to your blog, you'll wish you had installed this plug-in, which maintains high-speed, database-call free "cached" copies of your WordPress pages on your server. Your site will run faster and won't buckle under the strain of a lot of traffic if you're caching it with this excellent plug-in.

Akismet (Comments Spam killer): Because comment spam can get so bad, WordPress now ships with the Akismet spam filtering plug-in. Since I'm requiring user registration to leave comments on my WordPress blog, I don't have any experience with how good Akismet is (and haven't had any spam at all), but word on the street is it's absolutely essential for sites with open comments. Like WordPress.com stats, Akismet requires a WordPress.com API key.

Finally, to make your site as accessible to Google and other web search engines as possible, a few Search Engine Optimization SEO plug-ins help. I use All in One SEO Pack and Google XML Sitemaps.

Make Your WordPress Theme Yours

If you've got HTML and CSS chops, you can make your WordPress theme sing your tune. (For advanced stuff, some PHP skills come in handy, too.) First you want to start with a base theme. WordPress' default theme is ok, but if you google "free WordPress themes" or take note of what themes sites you like already use, you'll find an insane number of gorgeous and eye-catching site layouts. Picking your theme is one of the most fun (and most time-consuming) parts of setting up WordPress. It will be hard to choose!

Once you've installed the theme you want by downloading the .zip file and putting it in your WordPress themes folder, you can dig into the CSS and markup and make it your own. WordPress offers a theme editor in its interface which lets you update files on the fly (under Appearance>Editor). While this is convenient, it's also dangerous if you hit the wrong key, save the file, and don't have a backup. My recommendation is to set up WordPress and your theme of choice on your own computer, edit it in your favorite text editor, and upload it to your live server when it's perfect. I started my WordPress blog with Lucian Marin's Journalist theme, and made it mine by adding color to the header and tweaking how comments look.

If you've got patience and custom HTML you want to turn into a brand new WordPress theme, copy the default theme's files into a new folder and get to hacking. The WordPress Codex is an invaluable resource for both starter reading and reference as you go. That is, when you get to the part where you're thinking "WTF is wp_list_comments?", Google it and you'll find the function reference at the codex. It took me a full weekend of pretty intense theming work to get my first custom theme done and ready to go live, so give yourself some time, and most importantly, have fun with it. Here are some tips and links from my Twitter followers on creating a custom WordPress theme.

Sidebars and Widgets, Oh My!

The easiest way to customize your WordPress blog without digging into code or your FTP client is to do so with widgets. The latest versions of WordPress offer drag-and-drop custom modules you can add to and remove from your blog. When you're logged into WordPress' admin interface, under Appearance, click on "Widgets" to see what's available and add and remove what you want on your site's sidebar (or top bar or bottom bar, depending on where your theme puts it).

Advanced trickery

Here are a few more tips for advanced WordPress hackers who want to troubleshoot or try even more customization:

  • Use multiple custom sidebars: WordPress' sidebar and widgets feature is very powerful and customizable; in fact, you can create and customize multiple sidebars or site zones to show up on different pages. (For example, the sidebar that shows up on a post page can look different than the one on the front page.)

  • Troubleshoot slowness and other problems with Firebug: Every web developer knows that the Firebug Firefox extension is absolutely essential when developing any site, and it's true for WordPress, too. When my WP site went down because of multiple background 404's doing resource-sucking searches, Firebug revealed the problem and so I knew how to fix it.

  • Use tags to display content differently: You can use conditional tags to display different types of content on your blog in different ways, like a short link or big photograph. I use has_tag to display "quick links" with smaller inline headlines on my front page by assigning the tag "brief."

  • Set up a "staging" server: Once your blog's up and running and live, you don't want to make huge changes to it with the whole world watching. Set up WordPress on your local computer, hack away on your theme and/or plug-ins, then upload your changes when they're complete and ready.

This post only scratches the surface of WordPress customization possibilities. The good news is WordPress' open nature and huge community means that you can find the answer to almost any WP question hitting up Google—or in worst case, asking the forums. Special thanks to the author of this CSS Tricks post who also writes the excellent Digging into WordPress blog, which I referenced for this post.

What did I miss? What are your favorite WordPress tricks, hacks, themes, plug-ins, security measures, and widgets? Shout 'em out in the comments.

Gina Trapani, Lifehacker's founding editor, loves herself a little WordPress hacking. Her weekly feature, Smarterware, appears every Wednesday on Lifehacker. Subscribe to the Smarterware tag feed to get new installments in your newsreader.