A new year is here, and with it comes the determination to finally get started on the business or creative endeavor that you’ve been procrastinating about throughout 2013. If you want to sell something, to write, or to be creative in any other way, you’re going to need a website to show your work to the world.

Most of you are going to choose WordPress as the application on which to build your site. That’s an excellent choice, but there are some things I wish that I had known when I first started using WordPress. It’s always fun to find out how to do things as you go along, but sometimes life is easier if someone just tells you. So, here are the seven things I wish I had known when I was building my first WordPress site.

Choose Your Hosting Wisely

There are hundreds of hosting companies out there. Some of them are really good, some of them not so much. It’s possible to move a WordPress site from one hosting provider to another, but it’s a pain. It’s far better to choose well in the first place and establish a relationship with a hosting company you can trust to look after your interests and help your site grow.

You get what you pay for. Some shared hosting providers are so cheap as to be almost free. They may well provide awesome hosting and support, but you can’t know that without checking what their customers say. Don’t decide on price alone: putting in the time to do the research up-front will save you a lot of trouble down the line.

Get Themes And Plugins From Reputable Sources

If managed properly, WordPress is secure. The first part of the preceding sentence is the most important: if managed properly. Whenever you hear about a WordPress site being hacked, it a safe bet that it could have been avoided if the user had followed a few simple guidelines.

Much of WordPress’ flexibility comes in the form of themes to change the look and plugins to add new functionality. Both add code to your site, which means they can be used by malicious people to slip something in that you and your users definitely don’t want. Naturally, free themes and plugins are a great trojan horse for hackers.

Don’t just grab a free theme you found on Google. Get your theme from a reputable theme developer: you can find many excellent premium themes on ThemeForest or from independent developers, but if you’re going for a free theme, it’s safest to get it from the official repository of free themes. Plugins are also best sourced from reputable developers (check the reviews) and from the WordPress plugin repository

Change The Default Admin User

Another common source of security breaches is brute force attacks hitting WordPress login pages that use the default admin user with an insecure password. You can cut the chance of this happening to practically zero if you get rid of the default admin user and choose a secure password.

It’s not actually possible to change the Administrator username, so to get rid of it you’ll need to create a new user with admin privileges and a secure password, log in with the new user, and then delete the default user.

Keep An Eye On Updates

The third major cause of successful hacks of WordPress sites is outdated software in which vulnerabilities have been found. Vulnerabilities are fixed almost as quickly as they are discovered, but to get the fixes you’ll need to keep the site up-to-date. Version 3.7 and newer of WordPress — which is what any new site should be using — include automatic minor updates, so you’ll only have to worry about handling major updates and plugin/theme updates manually.

It’s easy to neglect this aspect of WordPress security, but have no doubt that your site is under active attack from automated bots and you will almost certainly be hacked eventually if you don’t update.

Use Caching To Speed Up Your Site

WordPress is a dynamic site generator, which means that it creates pages on-the-fly. That’s very powerful, but it can also be slow. In many cases it’s not necessary to create a page for every user, because nothing has changed. Caching stores the pages and sends the same version more than once, which can make the site much faster.

The best caching plugin for WordPress newbies is WP Super Cache which is powerful without having a complex set of options to tangle with.

Install An SEO Plugin

WordPress is well configured for SEO by default, but it there are some tweaks that should be made for it to conform to search engine optimization best practices. The best SEO plugin I’ve come across is Yoast’s WordPress SEO, which has a sane set of defaults and includes all the functionality you’ll need to help Google put your site where it belongs in the SERPS.

Back Up Your Site

Finally — and I really wish someone had told me this when I started with WordPress — keep backups! There’s nothing more disheartening than having to redo all the work you put into your site because you made a mistake in the configuration or deleted something you shouldn’t have.

There are various services for backing up a WordPress site. VaultPress is probably the easiest for someone who is new to WordPress.

Conclusion

Of course, there’s a lot more to running a successful WordPress site than I have the space to mention here, but, if you follow these simple guidelines, you’ll avoid all the most common pitfalls and be well on the way to having a fast and secure site that will stand up to anything the web can throw at it.