WordPress reading settings.

12 WordPress Site Settings That Are Crucial to Your SEO Success

WordPress is one of the most SEO-friendly content management systems out there today. If you have a WordPress site, there are many things you can do to improve your SEO. However, if you’re not careful, you can also unknowingly hurt your site’s rankings.

In this article, you’ll discover 12 settings to consider if you want your WordPress site to reach its full SEO potential.

In SEO, security is an often overlooked but important consideration. In addition to general SEO settings, we’ll review some necessary security settings to help prevent negative SEO attacks.

WordPress SEO Settings

Below are some simple settings that should be the foundation of all WordPress sites looking to improve their SEO efforts.

1. Set homepage and blog settings

Before you start building pages and posts, you must make sure your homepage and blog pages are set up and ready to go. This may seem like a small detail, but it is essential. Your homepage is the first thing people see when they visit your website, so you want to make sure it makes a good impression.

Again, your blog is a great way to connect with your audience and build engagement. By setting up these basic pages before you start adding content, you’re more likely to end up with a successful website that people will love visiting.

By default, WordPress uses your latest posts page as the home page.you will need to choose ‘static page’ option and choose which page is your homepage and which is your blog page.

WordPress reading settings.

When setting up a blog, the first thing you need to decide is how you want your URLs to be structured.

Extensible URL categorization will make it easier for search engines to crawl and index, and it will also be more user-friendly. Therefore, it is worth taking the time to choose a permalink structure that will work for your blog in the long run. There are a few different options, so take some time to experiment and find what works best for you and your blog.

You can choose the structure that works best for your site, but I recommend using a custom structure and staying away from date-based structures. Using a permalink structure of month and day or date and name can create a complex site architecture.

WordPress permalink settings.WordPress permalink settings.

3. Dynamic Sitemaps

A dynamic sitemap is an essential tool for any website. It helps search engines index your website and makes it easier for users to find the information they are looking for.

Static sitemaps, on the other hand, are far less effective, can be difficult to keep up to date, and do not offer the same level of scalability.

Many plugins offer dynamic sitemap options with various customizations. So, if you’re looking for the best way to improve your website’s SEO, dynamic sitemaps are the way to go.

4. Set up automatic image optimizer

To maintain a fast WordPress site, you need to optimize your images. The SEO benefits of optimizing images are many, from increased website speed to better search engine rankings. The easiest way to optimize your images is to use a plugin.

Many WordPress plugins automatically optimize your images when you upload them. While some are paid, many free options work just as well.

5. Set default title and meta description

Many SEO plugins offer default settings for titles and meta descriptions, ensuring that all new pages are optimized for search. This is a lifesaver for large sites with many pages or teams unfamiliar with SEO best practices. By leveraging these tools, you can help ensure that potential visitors can see and easily find your website.

In the screenshot below, I’m using Yoast to set defaults for my blog post. In my header I put a structured format to make it user friendly.

For the meta description, I took an excerpt from the beginning of the blog post. This is a simple default that anyone can deploy.

WordPress fallback title and meta description.WordPress fallback title and meta description.

Protect your SEO with these WordPress security settings

SEO is starting to become a key element of website security. Website security has always been important, but it is becoming more and more important as the web becomes more and more part of our daily lives.

Websites are now used for everything from online shopping to online banking, and the consequences can be dire if the site is not secure.

Google penalizes malware-infected sites and sites that may engage in social engineering. If your website is not secure, you may lose potential customers and rankings in Google’s search engine. Therefore, website security is an important element of SEO and should not be overlooked.

Here are some simple tips to better protect your WordPress site.


Get the daily newsletter searches that marketers rely on.


While the SEO value of comment sections has been debated, there is no doubt that they can pose a security risk.

Spammers often use comment sections to add links to their websites, which may contain malicious code. Hackers can also try SQL injection and XSS attacks through online forms.

Therefore, it is crucial to understand the risks associated with the comments section. If you choose to use a comments section on your WordPress site, closely monitor and delete any spam or suspicious comments.

If you’re not willing to go the extra mile to keep the comments section secure, you should consider disabling the comments section. Below is a screenshot showing how to disable the content section.

WordPress discussion settingsWordPress discussion settings

7. Disable and remove XML-RPC

One of the most common security vulnerabilities in WordPress is a brute force attack on XML-RPC files. By default, this file is activated and can be used to access WordPress sites remotely.

However, it also provides a perfect target for hackers who use automated tools to guess usernames and passwords. Once they gain access, they can wreak havoc by deleting files, installing malware, or even taking over an entire site.

An easy way to prevent these attacks is to disable XML-RPC files. Doing so will prevent remote access to the site and disable certain features, such as pingbacks and trackbacks.

SEO experts believe that the added security outweighs the downside. Therefore, if you are concerned about brute force attacks on your WordPress site, disable XML-RPC files.

There are three ways to deactivate the xmlrpc.php file on your WordPress site.

  • Use plugin: Search for “remove xmlrpc” in the plugin directory
  • Add this code to the functions.php file:
    add_filter('xmlrpc_enabled', '__return_false');
  • Disable it in .htaccess file:
    # Block WordPress xmlrpc.php requests
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    </Files>

8. Set user permissions

As a WordPress site administrator, you must ensure that the site is running smoothly and that all stakeholders have the necessary access rights. That said, not all stakeholders need access to every aspect of a website.

By setting user permissions, you can give each stakeholder access to only the parts they need – keeping your site organized and preventing unauthorized changes.

Also, you should periodically check user permissions to make sure they are still accurate.

WordPress provides a good summary of what each role can do.

9. Make sure all users have a secure password for 2FA

Having a secure password and enabling two-factor authentication (2FA) are effective ways to make your WordPress site harder to hack.

Hackers who attempt brute force login attacks use large password lists containing millions of the most common passwords. Having complex passwords helps invalidate these password lists.

If hackers want access to your passwords, enabling 2FA can be another way to prevent hackers from accessing your website.

Many security plugins offer 2FA settings.

10. Set Limit Login Attempts

Brute-force attacks occur when an attacker attempts to guess a user’s password by repeatedly entering different combinations of characters. One way to prevent brute force attacks is to configure your WordPress site to limit login attempts.

This security measure will block attackers’ IP addresses after a certain number of unsuccessful login attempts, making it harder for them to access your site.

Limit login attempts.Limit login attempts.

11. Automatically update plugins

Unfortunately, many people are unaware that their plugins can be a security risk. If a plugin is outdated, it may be vulnerable to known vulnerabilities. This is why using an auto-update plugin is ideal.

Plugins are automatically updated Plugins are automatically updated

12. Set up regular backups

In today’s digital age, you shouldn’t ignore a solid website security plan. One of the best ways to protect your site is to make sure you make daily backups. If your website gets hacked or encounters any other security breach, you’ll have an up-to-date copy of your website that you can restore.

While many plugins offer this service, it’s usually best to find a WordPress host to manage backups. This way, you can ensure that your backups are processed regularly.

wrap up

As your website gets more visitors, making sure its foundation is solid will become increasingly important. Applying the settings mentioned in this article is essential to kickstart SEO on WordPress. By following these tips, you are taking an important step towards creating a scalable website that will grow with your business.


The views expressed in this article are those of the guest authors and not necessarily those of Search Engine Land. Staff authors are listed here.


What’s New in Search Engines

About the author

John McAlpin leads the SEO strategy for Cardinal Digital Marketing, an Atlanta-based SEO agency focused on serving corporate healthcare companies across the United States. Currently based in Colorado Springs, McAlpin is deeply involved in the local and national SEO community and has a strong background in technical SEO, web development and digital marketing strategy. McAlpin also provides freelance web development services for WordPress hosted sites.

Leave a Comment

Your email address will not be published.