5 Default WordPress Settings You Need to Change

5 Default WordPress Settings You Need to Change - Hero Image

Default WordPress settings are enabled to cater to most websites; however, because they are default, it’s better to change some of these for the security of your site.

In this article we will cover the default WordPress settings you should change after installation, and why, so you can continue building the website of your dream with peace of mind.

5 Default WordPress Settings You Need to Change

As the top Content Management System (CMS) in the world, WordPress developers have created settings that are applicable to a large number of websites. Because of this, though, it is easier for attackers to look for certain characteristics in WordPress installations as some of these settings are now well known.

In order to protect your website and data, we recommend you change the following five settings.

Login URL

WordPress websites all share the same login URL when first created.


This is a major security concern, as it is a well known page and malicious users will attempt to brute force attack your website via this page in order to get access. 

We recommend using a plugin to hide your login page by changing its url slug. By changing your login url to something only you know it will ensure attackers can’t access this page.

Plugin recommendation: WPS Hide Login

Admin Username

Although WordPress websites allow users to set their admin username upon installation, we would like to reiterate some tips on creating your login information.

  • Do not set your username to Admin or Administrator: Similarly to the default login page, the username “admin” is one of the top usernames set for administrators; however this also means it is commonly used by attackers to try to access your site.
  • Do not use your website name as your username: Any prominent information on your website can be used as a possible username, therefore making titles, abbreviations, and such easy ways to guess your username.
  • Try not to use your name or email as a username: If you are planning on writing content for your website or have a contact page with your email address displayed, these can be factors attackers can use on your login page to attempt to access your dashboard.

If your username does not meet this criteria we strongly recommend you change it.

Permalinks are the unique URL structure given to your pages, posts, and media.By default, WordPress has a “Plain” permalink structure for your posts, displayed below as per their documentation.


In order to make your website more user and SEO friendly, we recommend changing your permalink structure to something easier to remember, such as the “Post Name” style.


To change your Permalink structure follow the instructions below:

  1. In your Dashboard, navigate to Settings, then click on Permalinks
  2. Choose the Permalink Structure you would like to use
  3. Click on Save Changes

Time Zone

WordPress time zone is set to Coordinated Universal Time (UTC) by default. This means that any utilities or settings dependent on time will be affected by UTC. These may include:

  • Media Uploads
  • Comments
  • Sale Timeframes
  • Countdown Timers
  • Order Placement

While this may be okay for most site owners, if you would like for your settings to be synced to your current local time, you can update your timezone in WordPress.

  1. In your WordPress Dashboard, navigate to Settings, then click on General
  2. Under Timezone select the location closest to you
  3. Click on Save Changes

Just like with the Permalinks section above, we recommend clearing your cache to ensure you are seeing the latest updates on your website. 

Favicon and Tagline

While these settings may be more aesthetically centered, changing your Favicon and Tagline are still important things to change when you first create your website.

The favicon, or site icon, of a website is the small picture you see on the right side of your current tab.

Representation of a favicon in a web browser, like Google Chrome

By default all WordPress websites display a WordPress logo as their favicon. 

Your website tagline is a short description of your website, which appears next to your site title on Search Engine Result Pages (SERPs).

When your WordPress website is first created your tagline will be “Just Another WordPress Website”. 

These two default settings not only have the potential to appear unprofessional to certain users but also expose the fact that your website is running on WordPress as a CMS, which can raise security concerns for site owners.

With the introduction of the Site Editor and Block Themes, the instructions to change these settings will vary.

If you are not using the a Block Theme:

  1. In your Dashboard, navigate to Appearance, then click on Customize
  2. Click on Site Identity
  3. You can change both, your site Tagline and Favicon under this menu
    Where to update your Site Tagline and favicon in WordPress
  4. Click on Publish to save your changes

Updating a Website’s Tagline and Favicon Via the Site Editor

If you are using a Block Theme you will need to follow the next steps to change your Tagline and Favicon. 

To change your Tagline: 

  1. In your WordPress Dashboard, navigate to Appearance, then click on Editor
  2. Navigate to or add the Site Tagline Block and click on it to edit it or delete it
  3. Click on Save on the top right corner

To change your Favicon:

  1. In your WordPress Dashboard, navigate to Appearance, then click on Editor
  2. Navigate to or add the Site Logo Block and click on it
  3. In the Block Settings panel, you can choose whether you want to use your logo as your site icon, or use a different image as your site icon.
    Set your site icon in WordPress
  4. If you click on the Site Icon Settings link under this panel you will be taken to the Customize Site Identity Page where you can upload an image under the Site Icon section.
  5. Click on Publish to save your changes

Remember to clear out your cache once you have submitted your changes to review your website appearance.

Final Thoughts

Default WordPress settings are created with multiple users in mind, so changing the 5 settings above not only protects your website, but makes it stand out from the rest, kickstarting your journey as a site owner.

To learn more about WordPress, its themes, plugins, and other important settings, check out our WordPress education channel.

Improve the performance and security of your WordPress website with our WordPress VPS Hosting plans. Featuring blazing fast servers with advanced caching, 99.99% uptime, and a robust toolkit developed by WordPress experts.

check markImprove Core Web Vitals check markFree SSL & Dedicated IP check markAdvanced Server Caching check markUS & EU Data Centers

VPS for WordPress

Shay Bravo
Shay Bravo Digital Content Producer

Shay is a Digital Content Producer for InMotion Hosting with a passion for WordPress and Web Design. Her focus is making content for users to understand WordPress and Tech better, no matter their skill level.

More Articles by Shay

Was this article helpful? Join the conversation!