WordPress installs with defaults that work, but several of them are wrong for serious blogs. Skipping the post-install settings check means publishing with the wrong permalink structure, exposing your site to comment spam, broadcasting your username, and several other small problems that add up.

This is the 15-minute checklist for new installs.

Short answer: Set permalinks to “Post name.” Set timezone. Configure reading settings. Set discussion / comment defaults. Change the default admin username. Set up Search Console verification. Configure privacy settings. Check writing settings. Done in 15 minutes.
WordPress settings dashboard showing the panels to configure on a new install

1. General settings (Settings → General)

Site title and tagline

Set your real blog name and tagline. These appear in search results and browser tabs.

Default tagline (“Just another WordPress site”) is the obvious giveaway of an unconfigured site.

WordPress address and site address

Should both be the same URL (HTTPS, with or without www — but consistent).

Administration email

The email WordPress uses for important notifications. Use one you actually check.

Timezone

Set to your timezone. WordPress uses this for post timestamps, scheduled posts, etc. Default UTC isn’t what most bloggers want.

Date format and time format

Pick what you want displayed on posts. The default usually works.

Week starts on

Mostly affects calendar widgets. Set to your local convention.

2. Writing settings (Settings → Writing)

Default post category

WordPress creates “Uncategorized” by default. Don’t leave posts in it.

Either:

  • Create your real categories first, then set the default to one of them.
  • Rename “Uncategorized” to your default catch-all category.

Default post format

“Standard” is usually right. Other formats (Aside, Quote, Image, etc.) are for specific theme features.

3. Reading settings (Settings → Reading)

Homepage displays

Choose whether the homepage shows your latest posts or a static page you’ve created.

For a typical blog: “Your latest posts.”

For a more curated landing page: “A static page” — and assign your custom homepage.

Blog pages show at most

How many posts appear on archive pages. Default 10. For most blogs, 10–12 is right. More if you have a magazine-style layout.

Search engine visibility

The “Discourage search engines from indexing this site” checkbox should be UNCHECKED for production sites.

Many new bloggers accidentally leave this checked from development. The result: Google can’t index your site. Always verify on launch.

4. Discussion settings (Settings → Discussion)

Default article settings

“Allow people to submit comments on new articles.” On or off depending on your blog’s policy. Covered in our comments post.

Other comment settings

  • Comment author must fill out name and email: on.
  • Users must be registered and logged in to comment: off for most blogs.
  • Automatically close comments on posts older than X days: on, 60 days recommended.
  • Enable threaded (nested) comments: on, depth 3.
  • Break comments into pages: off unless your posts get hundreds of comments.

Email me whenever

  • Anyone posts a comment: on initially. Disable once you’re getting many.
  • A comment is held for moderation: on.

Before a comment appears

  • Comment must be manually approved: off if you want returning commenters to post freely.
  • Comment author must have a previously approved comment: on. First-time commenters wait; returning don’t.

Avatars

Show or hide commenter avatars. Either’s fine.

WordPress discussion settings panel with recommended values configured

5. Media settings (Settings → Media)

Image sizes

WordPress generates multiple sizes of every uploaded image. Defaults are usually fine.

If your theme uses specific sizes, those are added on top.

Organize uploads into year/month folders

On. Default. Keeps your media library organized.

6. Permalinks (Settings → Permalinks)

The single most important setting. Set to “Post name.”

Covered in detail in our permalinks post.

Do this BEFORE publishing any posts. Changing later breaks every URL.

7. Privacy (Settings → Privacy)

WordPress provides a template privacy policy page. Customize it for your specific tools (analytics, email, etc.) and publish.

You need a privacy policy if you collect any visitor data (which every blog does — analytics, emails, comments).

8. Users → Profile (your own profile)

Display name publicly as

By default, WordPress shows your username as the post author byline. Username is the same value you use to log in.

Change to:

  • Your real first name + last name.
  • Just your first name.
  • A pen name.

Anything except your login username. Exposing login usernames helps brute-force attackers.

Biographical info

Fill in. This often appears in author bio boxes on posts.

Profile picture (Gravatar)

WordPress uses Gravatar (avatars linked to your email). Set up a Gravatar at gravatar.com with a real photo.

9. Users → All Users (the default admin account)

If WordPress installed with “admin” as the username, you have a security weakness. The “admin” username is the most-attacked credential in WordPress.

To fix:

  1. Create a new admin user with a different username.
  2. Log out, log in as the new user.
  3. Delete the “admin” user, attributing their posts to the new user.

If your install used a different username, skip this step.

10. Search Console verification

Before publishing, set up Google Search Console.

  1. Visit search.google.com/search-console.
  2. Add property using URL prefix.
  3. Verify ownership (Yoast SEO, Rank Math, or Site Kit can handle this; alternatively, add a DNS record).
  4. Submit your XML sitemap.

11. Initial plugins

Install the essential plugins before publishing:

  • SEO plugin (Yoast or Rank Math).
  • Caching (or use host’s built-in).
  • Security (Wordfence or Solid Security).
  • Backup (UpdraftPlus).
  • Akismet (anti-spam).
  • Contact form (Fluent Forms).

Configure each. Don’t activate them all at once — one at a time, verify, move on.

12. Initial pages

Create these pages:

  • About — who you are and what the blog covers.
  • Contact — with form.
  • Privacy Policy — generated from Settings → Privacy.
  • Affiliate Disclosure — if you’ll use affiliate links.

Add to your menus (primary or footer as appropriate).

13. The menu

Appearance → Menus.

Create a primary menu with: Blog, Categories (or category dropdown), About, Contact.

Create a footer menu with: Privacy Policy, Affiliate Disclosure, Contact (optional).

14. Theme settings

Each theme has its own settings panel. Configure:

  • Logo and favicon.
  • Header layout.
  • Color scheme.
  • Typography.
  • Footer content.

This varies wildly by theme. Skim the theme’s documentation.

15. Test posts

Write 1–2 test posts in different categories. Verify:

  • The post displays correctly.
  • Categories work.
  • Images upload and show.
  • The author byline shows your display name, not username.
  • The URL structure is what you expected.

If anything looks wrong, fix before publishing real content.

The honest summary

Defaults aren’t all right. Set permalinks to Post name. Set timezone. Fix discussion defaults. Change default admin username if “admin.” Set your display name. Submit sitemap to Search Console. Install essential plugins. Create About / Contact / Privacy pages. Build menus. Configure your theme. Write test posts. 15-minute checklist that prevents many “I should have set this up earlier” regrets.