Fixing 'Site Health' issues with default WordPress install
Using WordPress Site Health Page
Hover over ‘Tools’ and select ‘Site Health’
Site Health after initial install
You should see a page like the one depicted.
You’ll noticed there are a few recommended security improvements.
Manage Warnings #1
Select ‘Only parts of you site are using HTTPS’.
Settings URLs to HTTPS
Select ‘Update your site addresses’
Assuming you created an SSL certificate for your site, replace the ‘http://’ in ‘WordPress Address (URL)’ and ‘Site Address (URL)’ with ‘https://’.
Select ‘Save Changes’
You will need to login again
Manage Warnings #2
Select ‘Tools|Site Health’ again.
You should now only see three recommended improvements.
Select ‘The authorisation header is missing’.
Select ‘Flush permalinks’.
Select your preferred permalink style (search engines won’t like you if you change it later).
Settings permalink structure
Manage Warnings #3
Once again, select ‘Tools|Site Health’
You should be down to two ‘recommended improvements’.
Select ‘You should remove inactive themes.’
Select ‘Manage your themes’.
For all themes you don’t want to use, select the theme’s thumbnail, then select ‘Delete’
For every theme you find interesting, select ‘Update now’, then select the theme.
Select ‘Enable auto-updates’.
Manage Warnings #4
Once more select ‘Tools|Site Health’.
Select ‘You should remove inactive plugins’.
Select ‘Manage your plugins’.
List of installed plugins
For the ‘Hello Dolly’ plugin, select ‘Delete’.
If you want to use the ‘Akismet Anti-Spam’ plugin, select ‘update now’, otherwise select ‘Delete’ for the plugin.
If you keep the ‘Akismet’ plugin, you will need to configure it (not covered in this presentation).
Site Health Verified
Verify that ‘Tools|Site Health’ shows a checkmark and ‘Great job! Everything is running smoothly here.’
If you view the actual site you should see something such as the following screenshot.
Additional Security Measures
If not using Akismet Anti-Spam plugin, go to ‘Settings|Discussion’ and make sure that under ‘Before a comment appears’, ‘Comment must be manually approved’ is checked.
While this means you have to moderate every comment, it is essential to avoid nasty spam appearing on your site.
By nasty I mean not only spam that promotes ‘the nasty’, but malware, conspiracy theories, comments in languages that you (and/or most of your readers) don’t know, and normal spam that will ruin your search engine rankings (such as they are).