Okay – so you’ve finally decided to install your WordPress – but you’re an absolute beginner. What now? Because installing WordPress securely is just a little tricky, I decided to install a complete site from scratch, and document here exactly what I did. So let’s begin:
1. Buy a Domain Name: Now, if you’ve been reading BenHolmesOnline for any length of time, you know that I recommend that your first domain be your name: FirstnameLastname.com – or, if that is unavailable, simply add a word to the end of your name. I’ve chosen the word ‘Online’ – and you can use that, or be creative and pick a word yourself. I recommend adding the word at the end of your name – because for SEO purposes you will eventually want to rank your name in the search engines, and it’s easier to do if your domain begins with your name.
When purchasing a domain name – select a domain name company such as Godaddy or Namecheap, and type into Google something like “Godaddy Coupon” – you’ll almost always find one. Here, for example, is what I just purchased:
2. Buy Web Hosting: Now, some people want to scrimp here, and I can easily understand why, money can be tight. If you absolutely have to – you can go to Ebay and search for really cheap hosting. And in fact, that’s what I did for the purposes of this post… I wouldn’t want to run any websites on cheap hosting – but since I’m only going to use this hosting for the purposes of writing this post, I felt perfectly safe getting cheap hosting.
If you prefer good customer service, and reliable hosting – go to Hostgator and purchase either their ‘Hatchling’ or ‘Baby’ plan.
If you absolutely must buy cheap hosting, at least purchase it from a real hosting company – that means you do not buy it from your domain provider. Make sure it advertises that it uses a standard ‘cPanel’ – I’ve never had a good experience from any hosting company that didn’t use the standard cPanel.
You’ll receive an email from your hosting company – immediately copy it and put it away somewhere – you’ll refer to it many times in the future – trust me on this!
Now that you have your hosting – open the email from your hosting, and you should find something labeled ‘Nameserver‘… there should be at least two of them. If for some strange reason it’s not included in your email from your hosting company – then you’ll have to go to your hosting package cPanel to find it.
For future reference – try going to your new site and see what shows up … generally it’s going to be some sort of ‘landing page’ from your domain provider. Remember what it looks like, because in just a few minutes, you’ll never see it again…
3. Change Domain Name Servers: Now go back to your domain provider (I’m using Godaddy here) and click on your new domain, you should see something similar to this:
Click on the link to “Manage” your Nameservers, and in Godaddy’s case, it has a link to ‘Customize’ them – you need to change the nameservers to match what your hosting company has given you. Here on this graphic I’m zeroing in on the appropriate area you need to change:
Many years ago, a nameserver change used to take 24-48 hours to propagate and work – but in recent years, I’ve rarely seen it take longer than a few minutes.
Here you’ll see I’ve made my changes in Godaddy’s Domain Name Server to reflect my hosting package’s name servers… these are the Nameservers that I got from my hosting package email:
Now, be sure to double-check your spelling before you submit your new Name Server address. Your name servers tell your Domain Provider where to send anyone when they type in your domain name – it has to end up at your hosting company.
Once you’ve submitted your name servers – you might be able to see something like this when you type in your new domain name:Or you might still see the landing page from your Domain Provider if the name servers haven’t propagated yet … this is why I wanted you to see what it looked like before you changed the nameservers. You might see something different (such as a Hostgator Landing Page) depending on your hosting package that you purchased. Once you’ve seen that you’re going to the hosting company instead of your domain company – you’re ready for the next step!
4. Create Backup Directory: In my Users area on my Windows 7 desktop machine, I have a directory that is titled “Websites” – and under that directory I have subdirectories for each of my websites. I’m going to suggest that you do the same – and you’ll never regret it if your hosting company runs into problems – because you’ll have a complete backup.
When I make changes to my website – I first make them on my hard drive, then I upload the changes. Everytime I create an image, I put it first on my website directory, then I upload it to my WordPress media. So begin by creating a directory called ‘Websites’ – then in that directory, put another one labeled with the name of your new site. When you’ve done this, go to WordPress, and download the Zipped version of WordPress. Put it in your directory you’ve just created. It should look something like this:
Now, right-click and extract the zipped file. I personally am a big fan of 7-zip for all my file compressing & uncompressing needs, but Windows can do this without any additional software. You should now have a directory that looks like this:
You’ll notice that if you double click on the unzipped file folder, you’ll see another folder, like this:
Now we’re getting closer – but we’re not there yet. Double-click on the ‘wordpress’ folder, and you’ll see something that looks like this:
These are the actual files that we need… so use Control-A to select all these files – and then Control-C to copy them… move back to the directory that has the Zipped WordPress and unzipped WordPress folders in it – and press Control-V to copy them to this location… it should now look like this:
You can now delete the two ‘wordpress-3.5.1’ file and folder. Naturally, your folders may have a more updated version on them, so whichever the original zipped file from WordPress, and it’s unzipped counterpart – may both be removed, you don’t need them anymore. You now have most of the files you need for your website.
5. Download & Setup Filezilla: If you have a preference for another FTP software, by all means use what you like, but if you don’t have the software, Filezilla is, in my opinion, the best FTP transfers software out there. Download and change the local site directory to your new website’s backup directory. It should look like this:
Now press Control-S (or you can select File, Site Manager from the menu bar) – and you’ll see the Site Manager for Filezilla – it should look like this:
You’ll want to click ‘New Site’ and type in the name of your new website. Then set the ‘host’ – most of the time, simply sitename.com will work. Sometimes you must use ‘ftp:sitename.com’ instead… depends on your hosting package. Next, change the logon type to ‘Normal’ – and type in your User name and password that you should have from your hosting company email. Since Filezilla encrypts the password, I often put the password in the comment field as well. This is a security issue, depending on who has access to your computer – so it’s up to you. Here’s what it looks like now:
Now, by the way, before any would-be hackers get the bright idea of using this Username & Password – it was already changed before this tutorial was published, as were all the names & passwords given in this tutorial. I may be slow sometimes, but I’m rarely outright dumb!
Now you’re ready to copy the backup site to the hosting site. But first, a word of caution – some of you might be saying, ‘Hey – I’ll shortcircuit all this extra work and just use the pushbutton WordPress install script I see in my C-panel.‘
Well – I’ve been installing websites for many years now – and if you want people to hack your site, then go right ahead and take those shortcuts… who knows, you might get lucky and never have anyone break in. But for the more cautious of you – do it the long way – you’ll learn more about what’s happening, and you’ll be adding in quite a bit of security that cannot be done with the ‘pushbutton’ solutions.
Go ahead and ‘connect’ to your hosting package, this is what it should look like right now:
On the left is your local backup directory, and on the right is your hosting package’s home directory – NEVER PUT A WEBSITE IN THIS HOME DIRECTORY!
Now move your cursor over to the ‘public_html’ folder in the right side panel and double click it. This will drop you into the ‘public_html’ folder subdirectory. A website will always go in this directory. (If you have more than one website, they will be subdomains, and Subdomains will go in a subdirectory of the ‘public_html’ folder.) Never put your website in the home directory that Filezilla first opens up.
Now that you’re in the public_html folder… you’ve got the target set, it’s time to select what files you’re going to copy there…
So, on the local site (left bottom pane), put your cursor over there, and do a Control-A to select all files. Then right-click and select ‘Upload’ – and your Filezilla will begin uploading your site. Go get a cup of coffee, or relax for a bit. Even the fastest of Internet connections will take a little while to transfer everything over. At the bottom of your Filezilla screen, you’ll see something that looks like this:
Notice that I have three failed transfers so far… when the queue is finished, simply click the failed transfer tab – select all the files, right click and put them back in the ‘queue’ for transferring… then right click in the Queued Files, and restart the transfer to finish up any failed transfers. Now we’re ready for the next step.
6. Setup the MySQL Database in cPanel: Again referring to your email you received from your hosting company, log into your cPanel. It should look something like this:
Go ahead and click ‘No, I’m fine. Thanks!‘ button to clear that popup… then move down to the Database tab, which looks like this:
Now click on the first item, the ‘MySQL Database’ tab to open up the Database script… it will now look like this:
Now we’re going to open another window in the browser, and go to Random.org, and generate a total of 4 random passwords that are 7 characters long. It will look like this:
Then generate the numbers… it will now look like this:
These four numbers are going to be a major portion of your website security – go ahead and copy & paste the numbers on the browser to a notepad page. The third number you see… in this case the z9cvU9T – you’ll add at least three more characters to it. I just added a shifted 1,2,3 – so it now looks like z9cvU9T!@# – after you’ve changed the third number – save your notepad to your computer in your website directory… NOT – however, your backup directory. So if you use ‘User/Websites/SpecificWebsites’ directory structure as I did, put it in the ‘Website’ directory… you don’t want to ever accidently upload it to your website! I just called it PxzooSecurity.txt – save it, but keep the notepad open on your desktop – we’re going to use all those number now…
Copy the first random number, and go back to your cPanel where you should still have the MySQL Database page – paste your first random number into the new database entry field – it will look like this:
Don’t get confused – this is really a simple process – just match your cPanel with exactly what you see here – you’re creating a new database. After clicking the ‘Create Database’ button – you’ll end up at another screen that looks like this:
This is merely a confirmation page that let’s you know everything worked. So go ahead and click the ‘Go Back’ button – and you’re back at the MySql creation screen… The next task will be to create a user that is allowed to work with the database you’ve just created. This ‘user’ is going to be your WordPress site… but I don’t want to jump ahead…
What I do want to do is click on the link you’ll see in the right hand corner that says ‘↓ Jump to MySql Users‘ – this merely drops you down the page where you’ll take the next random number on your list and add it in the ‘Username’ box… (you should still have your notepad opened on the desktop somewhere). Now comes the third random number – the one that you added at least three more characters to… this will be your password.
The reason that we added more characters was because the password field can accept more characters than the database name or username field can – and we want the additional security.
When your screen looks like the one directly below, then go ahead and click ‘Create User‘.
Again you’ll see the ‘confirmation’ screen, just like you saw earlier when you created the database… it looks like this:
Go ahead and click the ‘Go Back‘ button… and look for that link on the right side top corner that says ‘↓ Jump to MySql Users‘ and click it again… this time, you’re going to look for the portion of the screen where you add a user to a database. Since your hosting package almost certainly allows more than one database, and many users, you need to tell your hosting just which user is allowed to use which database.
Your hosting package may have already prefilled in the boxes, if so – just click ‘Add‘. If you already have other websites, you’ll need to use the dropdown arrows to match which User you’re associating with which database. In years past, I used to use a name that would remind me of the website, and the username would also be identical – so if I had a dog training website, my database and username might be ‘dogtrain’ – or something like that. Unfortunately – it’s also quite easy to guess – so it’s a very insecure way of doing things.
It adds just a bit of complexity to putting up a WordPress site the way you’re seeing it done here – but it’s far more secure than the average site. And trust me, nothing is more irritating than to have someone hack into your site, and be losing money until you can get control of your site again!
When you click the ‘Add‘ button, you’ll come to another screen that will be asking you just what ‘privileges’ to grant this user when using the database. While there are some security issues with giving ‘All Privileges’ – it’s beyond the scope of this short article to best advise you on this issue. Much depends on what plugins you’re using, what features you might need on your site… so to avoid breaking the usability of your site, just click on the ‘All Privileges’ box to give your user all privileges listed here.
Later, when you understand more about the databases, you can Google articles online that will suggest that you restrict some privileges – but the important task right now is to get your site up and running – so we’ll accept a very slight security breach to ensure that everything works.
After clicking the ‘All Privileges‘ box – go ahead and click the ‘Make Changes‘ link, and you should be directed to the now familiar ‘confirmation’ page, like this:
You may click the ‘Go Back‘ box – but for now – we’re finished with the cPanel… you now have your User and Database set up and programmed.
The next step is to go to your website files on your drive – and look for the file that’s titled ‘wp-config-sample.php’. You’ll need to right-click, and open the file with notepad.
Now, a quick note here – I’m a big fan of Notepad++ – it’s a free open-source notepad replacement that you can use with HTML, PHP, and many other languages, and has features and plugins galore. When you use it on PHP, for example, it will color code and ‘check’ your coding grammar. I frequently use Notepad++ when I’m posting new articles – as I find it easier to do everything manually… I can code HTML more quickly and more accurately than any WYSIWYG editor – and it’s just the way I want it when I’m finished. Then I just paste the finished article into my website.
So if you want to run over and install Notepad++ first – go right ahead!
Now, opening the ‘wp-config-sample.php’ file, you’re going to look for this following section:
There are just three items you’re going to change… the Database name, the Username, and the Password. Notice that the database name (and username) are composed of two items … the first string of characters is your webhosting username – then comes an underscore – then the random number you assigned earlier. It should look like this when you’re finished:
Obviously, not EXACTLY the same – you’ll be using your database, username, and password. Now jump a little further down, until you see this:
Open a new tab on your browser, and go to https://api.wordpress.org/secret-key/1.1/salt/ (you can cut & paste this URL directly from the ‘wp-config-sample.php’ file – you should see it there!
When you go to this site – it will pop up with some new random keys… copy the entire block, and paste it over the same block in the ‘wp-config-sample.php’ file… when I did it, my block above turned into this:
Be sure that you’ve cut & paste directly over the identical section …
Now you’ll go a little further down in the ‘wp-config-sample.php’ file you have open – and look for the following bit of code:
This is one of the primary reasons that I build sites this way – instead of just clicking a button on some hosting installation script… if you do – you get the standard ‘wp_’ prefix that millions of WordPress sites have. This makes it a known quantity for hackers to be able to hack into your WordPress site… don’t give them that chance!
Take your fourth random number that you generated earlier, and put it here… so that it looks like this:
That’s all you need to change. Now we’re going to save this file with the name ‘wp-config.php’ – just stripping out the word ‘sample’. Save it in your website’s backup location… then we’re going to upload it to your hosting… but here’s where most WordPress sites make a major security mistake, they put this file in the wrong place.
Yes – it will work just fine if you put it among the rest of your WordPress files – right where you found the ‘wp-config-sample.php’ file. And if you do that, you’re opening yourself up for possible hacking. You see, everyone knows what the file is called – and it has a wealth of information – your database name, your webhosting username, your database password – you do not want this file in the hands of anyone else!
So instead of filing it in your hosting’s website directory like here:
You’re going to move UP one directory in your hosting package – and put your ‘wp-config.php’ file here using your Filezilla FTP program:
Here you’ll see my ‘wp-config.php’ file placed in the proper place – in top – or ‘root’ directory. It’s virtually impossible for anyone to get to this directory from your website – and WordPress will look here for the configuration file if it doesn’t find it in it’s own sub-directory. This is yet one more reason I don’t use installer scripts to install WordPress… yes, this is much more complicated than just pushing a button and having a complete WordPress install done for you… but it’s also far more secure.
Now it’s time to open your browser again, and type in the name of your new website… here we go:
I’m hoping that you will not see the above message… this means that your wp-config.php file doesn’t match your MySQL database… it’s an easy mistake to make with all these random characters – particularly if you weren’t careful with your ‘cut & paste’. Simply open up your wp-config.php file again, and your cPanel MySQL database information, and double-check and correct your configuration file. Then upload it again… Now you should see this:
Site title can be anything you want – you’ll be able to change it later in the admin panel of your WordPress site. This isn’t true of your Username – it’s difficult to change later – so be careful when selecting your Username.
Now – whatever you do – Don’t Use ‘Admin’ As The Username! Out of 60+ million WordPress sites, probably 50+ million of them are using the default ‘Admin’ as the administrator’s name. This means that you only have HALF of the security you should have – since any hacker will only need to guess your password, instead of your name and password. And since most hacking attempts are all automated with bots – you simply need to use anything OTHER than ‘Admin’ to freeze out most hacking attempts.
As for your password, you would be best served by going to PasswordMeter.com or any similar site, and doublecheck how strong your password is. It’s critical that you make a longer password, rather than a shorter one – as the time required to break your password grows quickly with each additional character:
Adding just three additional characters to the typical 6 character password can add close to a year to the time required to hack it…
For a real wake-up call – go to Kapersky Labs – and type in your favorite passwords…
Make sure you’ve typed in your correct email address, and leave the box checked to allow search engines to index your site… then click the ‘Install’ button. You should now see this:
Now you can log-in to your new website, and go to your new website’s admin dashboard. Here’s what your dashboard should look like:
There’s only one thing that needs to be done right away – before you do anything else – and that’s to change the ‘permalink’ settings. The default permalink would show the URL of post number 1 as ‘http://pxzoo.com/?p=1’ – this is completely unacceptable from an SEO point of view. You want the name of the post there, not some meaningless number! Search engines need to know what the post is all about – and the post name is critical here…
Just open ‘Settings‘ – then ‘Permalinks‘ – as in the below graphic, then simply check the ‘Post Name‘ button, and now you have a fully functioning website completely installed… and read for you to start adding content. It looks like this before you change the Permlink:
Now – this article on how to install WordPress is really finished – you now have a functional website… but before I go – I’d like to very briefly describe what do do next…
I generally add a number of plugins to my site right away… here’s a typical setup:
- Custom Contact Form
- Google Sitemap
- Google Analytics
- Pretty Link
- Social Share Buttons
- Smart Update Pinger
- TinyMCE Advanced
- WP Super Cache
- WordPress Backup
- Yet Another Related Posts
This is an area where it’s difficult to suggest specific plugins (even though there are some specific ones listed) because plugins are constantly being updated or dying off. You need to ensure that your plugins are those that do the job, and are being reasonably maintained.
The fewer plugins the better – each plugin adds a slight but real possibility of a security breach, and also adds to the time it takes your website to load. It’s easy to go overboard on plugins, but try to use as few as possible.
Then I go back to my cPanel – and setup a redirect for the following email addresses:
I redirect all of them to my regular email account, so that I see anything addressed to me via the website.
The next step is to select a good theme… there are literally thousands of them – but many, if not most of the free themes will have locked footers with links going back to the author – or conceivably even have trojans in them. If you want a powerful free theme, you can’t go wrong with either Suffusion or Atahualpa – both very powerful and yet completely free.
WordPress also comes with a built-in theme that you can begin with if you like.
Now back to the website, and I’ll add in the following pages… not posts, mind you; but pages:
- About Me
- Contact Us
- Earnings Disclaimer
Depending on what you’re doing with your website, you may require more or less of these sorts of pages… but it’s best to include the first three on any cite you put up.
The difference between pages and posts is widely documented online, but in general, pages don’t allow subscribers to comment on them, and don’t have tags or categories. Usually, a website will have few pages, and mostly posts.
After you’ve created your pages, I like to place them in the footer, where they’re linked and can easily be located, but don’t interfere with the rest of the website. Only two pages need to be easily accessible – your ‘About Me’ page, and your ‘Contact Me’ page.
You’ll probably want a nice header logo – so that’s probably on the list of things to do…
Then you simply starting posting…
All of this looks very complicated – but trust me, it’s actually quite simple when you do it step by step. And with WordPress – You’ll Never Run Into A Problem That Someone Else Hasn’t Already Solved.
So when you don’t know how to do something – just head over to Google and type in ‘WordPress – how to …’ – and the answer will be there. Want to know how to install a new theme? Just ask Google. Want to know how to change your header logo? Just ask Google.
Hope this has been helpful! If you have problems that haven’t been addressed here – please ask a question in the forum… someone will be happy to help you!
I realize full well how difficult it would be to leave this webpage open as you try to follow all these directions – so I’ve created an optional PDF file of this webpage that you can print out and follow…
- Getresponse & Email Series Secrets… - September 19, 2014
- Why You Don’t Earn Anything Online… - June 28, 2014
- Five Free Traffic Sources You Shouldn’t Be Without! - June 15, 2014
- Installing WordPress For The First Time - June 8, 2014
- Blogging For Money - May 26, 2014
- Start Here - May 25, 2014
- Blogging To The Bank – Turning Words Into Dollars - May 25, 2014
- Perfect Tools For Authority Blogging - May 24, 2014
- Finding The Perfect Domain Name - May 24, 2014
- Say Goodbye To Google! - May 18, 2014