WordPress: The Missing Manual (2014)
Part I. Starting Out with WordPress
Chapter 3. Installing WordPress on Your Web Host
There’s nothing wrong with WordPress.com—it’s cheap, relatively powerful, and has a thriving community of blogs. But the most serious WordPress fans aren’t satisfied unless they can run WordPress on their own web hosts.
This approach, called self-hosting, gives you a world of new opportunities. You can, for example, choose from a dizzying range of plug-ins to add new features to your site. You can put a WordPress blog in the same domain as your traditional website (for example, you can have a site atwww.HandMadePaintBrushes.com and a blog at www.HandMadePaintBrushes.com/news). You can slap ads on your blog, and—most usefully of all—create a site that doesn’t look like a blog at all.
This chapter assumes that you know, deep down in your heart, that you are a WordPress self-hoster. You aren’t willing to settle for a merely convenient WordPress.com blog when you can design exactly what you want with a self-hosted WordPress site. In the following pages, you’ll learn how to get started.
Preparing for WordPress
Before you dive into a self-hosted WordPress setup, you need to tick off a few requirements. The first is setting up an account with a web host. (If you’ve already done that, you can safely skip ahead to the next section, starting on Deciding Where to Put WordPress.)
If you’re just starting out, choosing a good web host may seem more daunting than it actually is. Technically, your host needs to meet two requirements to run WordPress: First, it needs to be able to run PHP (version 5.2.4 or greater) programs, which power WordPress. And second, it needs to recognize MySQL (version 5.0 or greater), which is the database that stores WordPress content.
Virtually every web host meets these requirements. In fact, choosing a WordPress-friendly host is hard simply because so many hosts offer essentially the same thing. Other selling points that hosts advertise—the amount of disk space or bandwidth you get, for example—are less important. Even popular WordPress sites are unlikely to approach anywhere near the web space and bandwidth limits most web hosts offer, unless you plan to host huge video files (and even then, you’ll probably find it far easier to host your videos with a video-hosting service like Vimeo or YouTube).
Disk space is useful for storing weekly or daily backup copies of your site. But with most web hosts offering gigabytes upon gigabytes of space, you’re unlikely to hit a limit, even with a discount-priced hosting plan.
Here’s the bottom line: WordPress has become so super-popular that virtually all web hosts embrace it, even in their cheapest web hosting plans. And because WordPress is so popular, many hosts specifically advertise “WordPress support” or “one-click WordPress installation,” which lets you set up WordPress with an autoinstaller (Installing WordPress with an Autoinstaller).
The most important considerations in choosing a host aren’t the amount of web space or bandwidth you get. Instead, they are reliability, security, and support—in other words, how often your website will be down due to technical troubles, how quickly you can get an answer to your questions, and whether your host will be in business several years into the future. These attributes are more difficult to assess, but before you sign up with a host, you should try contacting its support office (both by email and phone). Don’t trust website reviews (which are usually paid for), but do look up what other people say about the hosts you’re considering on the popular forum Web Hosting Talk (http://bit.ly/vQ7tkH). Hawk Host, StableHost, SpeedySparrow, and MDDHosting are just four examples of web hosts frequently praised on these boards.
You can also choose a WordPress-recommended host (see the short list at http://wordpress.org/hosting), but keep in mind that hosts pay to be on this exclusive list. They’re perfectly good hosts, but you can find equally excellent options on your own, and possibly save a few dollars.
To budget for WordPress, assume you’ll pay $5 to $10 a month for web hosting. Then add the cost of a custom domain name (that’s the web address that leads to your site), which you can typically find for a paltry $12 or so per year.
POWER USERS’ CLINIC: WEB HOSTS WITH PREMIUM PERFORMANCE
Although there are plenty of decent, cheap hosting options available for WordPress, they aren’t the equal of premium hosting plans that cost several times more. The key difference is performance. If your site is large, complex, and heavily trafficked, you might find that its pages become sluggish during busy times. This happens because WordPress must do a fair bit of work to assemble tailor-made content for every request.
The cheapest way to address this problem is with a caching plug-in, as described on Better Performance with Caching. Depending on the scale and popularity of your site, this may be a perfect solution. But if your visitors still find your site slow, you might need to consider switching web hosts or upgrading to a more expensive plan from the host you already have.
The next step up in the hosting world is semi-dedicated hosting or virtual private hosting. Either way, the idea is the same—to move your site off the heavily trafficked web servers that host hundreds or thousands of other people’s sites, and put it on a computer that hosts fewer sites. That way, the server can dedicate more resources to handling your site and serving your visitors. The drawback is cost. While basic WordPress hosting can be had for as little as $5 a month, virtual private hosting hovers around $20 a month and can climb far above that.
If you’re just starting with WordPress, you won’t yet know how well a particular web hosting plan will meet your needs. But if you pick a well-respected web host, you can start out with a cheap plan and upgrade to something with more muscle if you need it.
Deciding Where to Put WordPress
When you sign up for a web hosting account, you typically get a domain name (that’s the web address a visitor types into a browser to get to your site) and some space for your web pages. But before you can create your first WordPress site, you need to think a bit about how your web hosting account and your WordPress site will fit together.
You can choose one of three basic strategies for installing WordPress on your web hosting account:
§ Put WordPress in the root folder of your site. This is the best approach if you want to let WordPress run your entire site. For example, imagine you sign up for a site with the domain www.BananaRepublican.org and you put WordPress in the root folder of that site. Now, when visitors type that address into their browsers, they go straight to your WordPress home page.
§ Put WordPress in a subfolder of your site. This is the choice for you if your web presence will include both traditional web pages (for example, something you’ve handcrafted in a web editor like Dreamweaver) and a WordPress site. Often, people use this choice to add a WordPress blog to an existing website. For example, if you bought the domain www.BananaRepublican.org, you might direct blog readers to the subfolder www.BananaRepublican.org/blog to see your WordPress masterpiece. To set this up, you need to create a subfolder (in the web address above, it’s named blog) and put WordPress there.
§ Put WordPress in a subdomain of your site. This is another way to handle websites that have a WordPress section and a non-WordPress section. The difference is that instead of using a subfolder for the WordPress part of your site, you use a subdomain. To create a subdomain, you take your domain (say, www.BananaRepublican.org), remove the www part, if it has one (now you’ve got BananaRepublican.org), and then put a different bit of text at the front, separated by a period (as in social.BananaRepublican.org). For example, you could have a traditional website atwww.BananaRepublican.org and a news-style WordPress site with user feedback at social.BananaRepublican.org, just like the automotive giant Ford does (Business Sites).
To use either of the first two approaches, you don’t need to do anything extra before you start installing WordPress. The WordPress autoinstaller will take care of everything.
But if you take the third approach and install WordPress on a subdomain, you need to create the subdomain before you go any further. The following section explains how.
Creating a Subdomain (if You Need One)
If you’re planning to put WordPress in the root folder or in a subfolder of your website, skip this section—it doesn’t apply. But if you’re planning to host WordPress on a separate subdomain, you need to lay a bit of groundwork, so keep reading.
Creating a subdomain is a task that’s quick and relatively straightforward—once you know how to do it. Unfortunately, the process isn’t the same on all web hosts, so you may need to contact your host’s support department to get the specifics. If your host uses the popular cPanel administrative interface (and many do), the process goes like this:
1. Using your browser, log in to the control panel for your web host.
Look for the Subdomains icon (usually, you’ll find it in a box named “Domains”).
If you can’t find the Subdomains box, try searching with the cPanel’s Find box. Type in the first few characters (that’s “subd”) and it should appear at the top of the page.
2. When you find the Subdomains icon, click it.
This loads the Subdomains page (Figure 3-1).
3. Choose the domain you want from a list of all the domains you own.
Some people have a web hosting account with just one domain, but others own dozens.
4. In the Subdomain box, type in the prefix you want to use for the subdomain.
For example, if you want to create the subdomain blog.reboot-me.com on the domain reboot-me.com, you need to type blog in the Subdomain box.
Figure 3-1. Here’s how you fill in the information for a subdomain named blog.reboot-me.com. Just click Create to seal the deal. The list below the button shows that there are two other subdomains in this account: blog.prosetech.com and fds.reboot-me.com.
5. In the document Root box, pick the folder where you want to store the files for this domain.
Your web host will suggest something based on your subdomain (for example, it might be public_html/blog if you named the subdomain blog). You can use that if you’re not sure what you want, or you can edit it to something you like better.
6. Click the Create button to create your subdomain.
After a brief pause, you’ll be directed to a new page that tells you your subdomain has been created. Click Go Back to return to the Subdomains page.
You’ll see your new subdomain in the list on the Subdomains page. Right now, it has no web files, so there’s no point in typing the address into a browser. However, when you install WordPress, you’ll put its files in that subdomain.
After you finished admiring your work, look for a Home button to take you back to cPanel’s main page.
If you need to delete a subdomain, find it in the list and then click the Remove link. Now, if you try to access your site by typing the subdomain into a web browser, you’ll get an error message.
When you remove a subdomain, WordPress doesn’t delete the folder you created for it (see step 5 in the preceding list). You can either add a new subdomain that points to this folder, or use cPanel’s file management features to delete the folder (if you don’t need it anymore).
Understanding the Administrator Account
Before you install WordPress, you need to decide what user name and password you’ll use to manage your website. When you self-host, you’re responsible for every file and folder on the site, and you have the ability to do anything from adding new posts to deleting the entire site. You do all this through an all-powerful administrator account.
Hackers, spammers, and other shady characters are very interested in your WordPress administrator account. If they get hold of it, they’re likely to sully it with lurid ads (see Figure 3-2), phony software offers, or spyware.
Figure 3-2. If you don’t look twice, you could almost miss it. This church runs a WordPress blog that’s been hacked by spammers. In a Google search results page, the site title and description promotes cheap Viagra. Awkward.
Your best protection against these attacks is to follow two rules when you create your administrator account:
§ Make your user name non-obvious (that means you should prefer AngryUnicorn to admin, user, or wordpress).
§ Choose a strong, non-obvious password that includes a combination of letters and numbers (like bg8212beauty rather than bigbeauty). For guidelines on creating a secure password, see the box on A WordPress Password Is More Than a Formality.
Once you decide where you want to install WordPress and you pick a good user name and password for your administrator account, you’re ready to press on.
Installing WordPress with an Autoinstaller
The easiest way to install WordPress is to use an autoinstaller, a special tool that installs programs on your site. Most web hosts offer an autoinstaller as part of their services.
There are several autoinstallers in the world. Two of the most popular are Softaculous and Fantastico, both of which you’ll learn to use in this section. Other autoinstallers you might come across include Installatron and SimpleScripts.
In an effort to please everyone, some web hosts support more than one autoinstaller. If that’s the case for you, you can use either one. However, we prefer Softaculous, because it offers handy backup features that Fantastico doesn’t. Installing WordPress with Softaculous has the scoop on those.
All autoinstallers work in more or less the same way: You sign in to your web hosting account and click the autoinstaller icon to see a catalog of the add-on software your host offers. Look for WordPress, and then start the installation. You need to supply the same basic pieces of information during the installation—most significantly, the website folder where you want to install WordPress, and the user name and password you want to use for the WordPress administrator account (which your autoinstaller will create).
The following sections explain how to use Softaculous (first) and Fantastico (second). If your web host uses another autoinstaller, the steps are similar and you can follow along with a few adjustments.
Installing WordPress with Softaculous
How do you know if your host offers Softaculous? You could ask, but it’s probably quicker to look for yourself:
1. Log in to the control panel for your web host.
2. Look for a Softaculous icon.
Some control panels pile dozens of icons onto the same page. To look for Softaculous, you can use your browser’s Find feature. Just press Ctrl+F (Command+F on a Mac) and type in “Softaculous.” Figure 3-3 shows a successful search.
If you can’t find a Softaculous icon, you might luck out with one of the autoinstallers listed above. Try searching for a Fantastico, Installatron, or SimpleScripts icon. If you find Fantastico, you can use the steps on Installing WordPress with Fantastico. If you find another autoinstaller, try following the steps listed here—just mentally replace “Softaculous” with the name of your autoinstaller.
Figure 3-3. Here, the Google Chrome browser matches your search term by highlighting the Softaculous icon.
If you’re super-savvy, you may already know that some control panels have their own Find feature, which is even more convenient than your browser’s Find function. To use it, look for a Find box on the web page itself (not in your browser’s toolbar or menus). If you find one, type in the autoinstaller’s name (for example, “Softaculous”). And if you can’t find any autoinstaller, try typing in “WordPress.” Sometimes, this finds the autoinstaller’s setup script even if you don’t know the autoinstaller’s name.
3. Click the Softaculous icon.
Softaculous shows a large, colorful tab for each program it can install (Figure 3-4).
Figure 3-4. Along the left, Softaculous lists all the installation scripts it supports. But you won’t need to hunt for the script that installs WordPress, because it usually appears in the top position on the Softaculous home page, due to its popularity.
4. Hover over the WordPress box and click Install.
This takes you to an all-in-one installation page that collects all the information WordPress needs (Figure 3-5).
5. Pick a domain name and a directory.
You can choose from any of the domain names you registered with your web host or any subdomain you created within that domain (Creating a Subdomain (if You Need One)). This example uses prosetech.com.
If you want to put your WordPress installation at the root of the domain (or in an existing subdomain), then leave the directory box blank.
If you want to create a subdomain, then here’s where you fill in the name of the folder for Softaculous to create. This example uses a folder named magicteahouse, which means the WordPress site will be created at http://prosetech.com/magicteahouse. Remember, it doesn’t matter that the folder doesn’t exist yet, because Softaculous will create it.
Figure 3-5. Here’s the page of information Softaculous needs before it installs WordPress.
6. Optionally, change your database name and prefix.
The database name is the name of the MySQL database that stores all the content for your WordPress site. The actual name doesn’t matter much, as long as it’s different from any other database you’ve already created. You can name the database after your site (like magicteahousedb) or use the auto-generated name Softaculous suggests (like wp224).
The database prefix is a short bit of text that’s added to the beginning of the name of every table inside your database. Some people believe that by changing this prefix, you can get a little bit of extra security, because some WordPress attackers assume you’re using the standard wp_prefix. Other than that, it’s not important.
7. Choose a site name and description.
The site name is the title you want to give your WordPress site (like “Magic Tea Emporium”). It shows prominently on every page of your site.
The description should be a short, one-sentence profile of your site. It appears in smaller text, just underneath the title on every page of your site.
Don’t worry about the Multisite feature just yet—you’ll consider that in Chapter 12.
8. Choose a user name, password, and email address for your administrator account.
Remember, a good password is all that stands between you and a compromised WordPress site that’s showing banner ads for timeshares. Here, Softaculous’s neglect is nearly criminal. The default administrator name it plops in (admin) is a bad choice because it’s obvious and therefore open to attack, and the password it suggests (pass) is downright dangerous. Do yourself a favor and follow the rules set out in the box on A WordPress Password Is More Than a Formality to defend your site properly.
The administrator email address is your email address. When you finish the install, Softaculous emails you a page with all the important details, including the administrator user name and password you picked.
9. Optionally, switch on the Limit Login Attempts checkbox (that installs the Limit Login plug-in along with the WordPress software.
Limit Login Attempts is a security-conscious plug-in that temporarily closes down the administrative section of your site if it detects a potential intruder attempting to guess your user name and password. This plug-in is a good safeguard, but it’s not immediately necessary for a new site. You’ll learn more about the Limit Login Attempts plug-in on 4. Prevent Password-Guessing Attacks, as part of a basic WordPress security walkthrough.
10.Click the plus-sign () box next to Advanced Options.
This reveals a few Softaculous settings for managing updates and backups. The update settings aren’t of much use. You can tell Softaculous not to email you about new WordPress updates (Disable Update Notifications) or you can ask Softaculous to install updates automatically (Auto Upgrade). But you’re best to avoid both settings, because WordPress already has the built-in smarts to install important updates automatically (Keeping WordPress Up to Date), and you don’t want more drastic changes to take place without your supervision.
The backup settings (described next) are more useful. Switch them on, and Softaculous automatically backs up your WordPress site, without requiring any work from you. (Technically, Softaculous works its magic using cron, a scheduling tool that most web hosts support.)
11.If you want to use automatic backups, pick a backup frequency from the Automated Backups list, and then choose the number of old backups you want to keep from the Backup Rotation list.
Automated Backup tells Softaculous how often to perform backups (daily, weekly, or monthly).
Backup Rotation tells Softaculous how many old backed-up versions of your site to keep. For example, if you choose to keep four backups and you use a weekly backup schedule, then on the fifth week Softaculous will discard the oldest backup to make way for the next one. You can choose Unlimited to keep every backup you make, but be careful—Softaculous stores its backups on your web server, and daily backups of a large site can eventually chew up all your space.
A regular backup schedule is a must for any WordPress site. However, you don’t need to use Softaculous. Your web host may provide its own backup service, and there are plenty of WordPress plug-ins that can perform regular backups (as you’ll see on Backing Up with a Plug-In). If you need more time to think about your backup strategy, skip the Softaculous settings for now, and review your options in Chapter 9. You can always edit your Softaculous settings and switch on automatic backups afterward, as explained in the next section.
12.Click Install to finish the job.
Softaculous creates the folder you picked, copies the WordPress files there, and creates the MySQL database. After a few seconds, its work is done and you see a confirmation message (Figure 3-6).
Figure 3-6. When Softaculous finishes creating your WordPress site, it gives you its address and the address of its administration page—the latter is the address you type into your browser to get to the dashboard that controls your site. (You’ll explore the dashboard in Chapter 4.)
Managing a Softaculous-Installed Site
Softaculous keeps track of the WordPress sites it installs. You can return to Softaculous to review this information and perform some basic management tasks on your sites. Here’s how:
1. Log in to the control panel for your web host.
2. Find the Softaculous icon, and then click it.
This loads the familiar Softaculous page (Figure 3-4). This time, turn your attention to the menu that runs down the left side of the page.
3. Find the big WordPress icon. Click it, taking care not to click the Install or Demo buttons.
This brings you to the overview page shown in Figure 3-7.
If you accidentally click the Install button inside the Softaculous icon, the program assumes you want to install another WordPress site, and it opens the installation page. To get to the overview shown in Figure 3-7, you need to click the Overview button in the horizontal strip of buttons that appears just above the installation information.
Figure 3-7. On this web hosting account, Softaculous has helped install WordPress in three places. Next to each site are the icons that let you perform common tasks (such as updating, deleting, or backing up your site).
4. Next to your site, click one of the icons in the Options column to perform a management task:
o Clone creates an exact copy of your site, but in another folder. You could use this if you want to try out some extensive modifications before you make them a permanent part of your site.
o Backup lets you perform an immediate backup (rather than the more common scheduled backups, which Softaculous carries out automatically at a set time). When you click Backup, Softaculous asks you what you want to back up (Figure 3-8).
o Edit Settings lets you change several of the details you supplied when you created the site. Don’t change anything unless you know exactly what you’re doing—changing the database name or WordPress folder at this point can confuse WordPress and break your installation. However, the Edit Settings page is useful if you want to alter the automatic backup settings you specified when you installed WordPress (see step 11 on Installing WordPress with Softaculous).
o Remove deletes your site. This removes all the WordPress files, the subfolder (if you installed WordPress in a subfolder), and the WordPress databases. Once you take this step and confirm your choice, there’s no going back.
Figure 3-8. A WordPress site stores its text content in a database and stashes other supporting resources (like picture files) in the website directory. So a proper full backup includes a copy of both your database and your website directory. Make sure to select both checkboxes before you click Backup Installation.
Backups take place on your web host’s web server, in the background. That means you can leave Softaculous and close your browser, and the program still makes scheduled backups. Softaculous will send you an email when it finishes a backup (using the administrative email address you supplied when you first installed the WordPress site).
5. Optionally, you can browse directly to your site by clicking its URL.
Or click the head-and-torso Admin icon to visit the WordPress dashboard—the administrative back end that controls your site. This interface (which is part of WordPress, not Softaculous) is where you manage your content, style your site, and take care of many more fine-grained configuration tasks. As with all WordPress sites, the administration page is your WordPress site’s address with /wpm2_admin tacked onto the end (for example, www.reboot-me.com/blog/wpm2_admin).
Once your site is established, you probably won’t visit Softaculous very often. But if you want to practice installing WordPress, fiddle with different installation choices, or just make a quick backup, it’s a handy place to be.
Managing Softaculous Backups
Like every good web administrator, you need to regularly back up your site so you can recover from unexpected catastrophes (like the sudden bankruptcy of your web hosting company, or a spammer who defaces your site).
As you’ve already learned, Softaculous offers two backup options. You can set up scheduled backups, which take a snapshot of your site every day, week, or month. It’s no exaggeration to say that every site should have a scheduled backup plan in place (if you don’t want to use Softaculous, consider one of the plug-ins described on Backing Up with a Plug-In). Immediate backups are a complementary tool. They let you grab a quick snapshot of your site at an important juncture—say, before you install a new version of WordPress.
Either way, Softaculous stores the backed-up data for your site in a single large .gz file (which is a type of compressed file format often used on the Linux operating system). The filename includes the backup date (like wp.1.2014-08-20_05-30-16.tarr.gz). Softaculous stores backup files in a separate, private section of your web hosting account. Usually, it’s in a folder named softaculous_backups.
For extra protection, you should periodically download your latest backup to your computer. This ensures that your site can survive a more extensive catastrophe that claims your entire web hosting account.
Although you can browse for your backups on your web host using an FTP program, the easiest way to find them is to head back to Softaculous. Then click the large backup icon in the top-right corner of the page (Figure 3-9), which takes you to the Softaculous backup page (Figure 3-10).
An FTP program is a tool that can talk to a computer and exchange files with it over the Internet. Using an FTP program, you can browse the files on your website and download them to your computer.
Figure 3-9. Click here to see all the backups Softaculous has made at your behest.
Figure 3-10. If you’re the prostech.com administrator, there’s one back-up file waiting for you. You should download it to your computer for safekeeping.
If you asked Softaculous to keep an unlimited number of backups (Installing WordPress with Softaculous), you will eventually need to delete some of your oldest backups to free up more space. Otherwise, there’s no reason to worry about the modest amount of space that a few WordPress backups will occupy.
If disaster strikes, you can restore your site using the backup. From the Softaculous backups section, find the most recent backup, and then click the restore icon that appears next to it, which looks like a curved, up-pointing arrow (see Figure 3-10).
You can also restore your site on a new web server—one that has Softaculous, but doesn’t have your backup file. First, upload your backup file to the softaculous_backups folder using an FTP program. (Ask your web hosting company if you have trouble finding that folder.) Then, when you launch Softaculous and go to the backups section, you’ll see your backup file waiting there, ready to be restored.
Installing WordPress with Fantastico
Fantastico is another popular autoinstaller. Like Softaculous, it replaces the aggravating manual installation process WordPress users once had to endure (in the brutish dark ages of a few years back) with a painless click-click-done setup wizard. Here’s how to use it:
1. Log in to the control panel for your web host.
2. Look for a Fantastico icon.
Remember, many control panels have a search feature that lets you type in the name of the program you want, rather than forcing you to hunt through dozens of icons (as shown in Figure 3-3).
3. Click the Fantastico icon.
Fantastico’s menu page appears, with a list of all the software it can install. Usually, you’ll find WordPress near the top of the list, along with other site-building tools (Figure 3-11).
Figure 3-11. WordPress is just one of many programs an autoinstaller like Fantastico can install.
4. Click WordPress.
Fantastico displays basic information about WordPress, including the version you’re about to install and the space it will take up. Autoinstallers always use the latest stable version of WordPress, so you don’t need to worry about these details.
5. Click the New Installation link.
Now Fantastico starts a three-step installation process.
6. Pick a domain name and a directory (Figure 3-12).
This is where you decide where to put WordPress and all its files. As you learned earlier (Deciding Where to Put WordPress), you have three basic options:
Make WordPress run your entire website, you must install it in the root folder of your web hosting account. To do that, choose the domain name you registered for your website (in the first box) and leave the directory box blank.
Install WordPress in a subfolder, choose your domain name in the first box, and then fill in the name of the subfolder. The example in Figure 3-12 uses the domain reboot-me.com and a folder named blog. Remember, the autoinstaller will automatically create the folder you specify here. (And if there’s already a WordPress site in that folder, you’ll overwrite the old site with the new one.)
Install WordPress in a subdomain, you must have already created the subdomain (by following the steps on Creating a Subdomain (if You Need One)). If you have, you can choose the subdomain name from the first box, and leave the directory box blank.
Figure 3-12. Fantastico lets you fill in all the key details about your WordPress site-to-be on a single page.
7. Choose a user name and password for your administrator account.
Pick a name that’s not obvious and a password that’s difficult to crack (Creating Your WordPress.com Account). Doing otherwise invites spammers to hijack your blog.
8. Fill in the remaining details in the “Base configuration” section.
The administrator nickname is the name that WordPress displays at the end of all the posts and comments you write. You can change it later if you like.
The administrator email address is your email address, which becomes part of your WordPress user profile. It’s also the email address you’ll use for administration—for example, if you forget your administrator password and you need WordPress to email you a password reset link.
The site name is the title you want to give to your WordPress site (“Wasted Minutes” per Figure 3-12). It shows prominently on every page of your site.
The description is a short, one-sentence summary of your site. WordPress displays it in smaller text just underneath the title on every page of your site.
9. Click the Install WordPress button.
The next screen summarizes the information you just typed in (Figure 3-13). For example, it displays the exact location of your new site and the name of the MySQL database that will hold all its content. You might want to double-check this info for accuracy, and then write down the details for safekeeping.
Figure 3-13. Here, Fantastico tells you what it’s about to do. To hold all the data for this WordPress site, Fantastico will create a MySQL database named rebootme_wrdp1 (the name is based on the domain name www.reboot-me.com), and it will create the site at www.reboot-me.com/blog.
10.Click “Finish installation” to move to the final step.
Now Fantastico does its job—creating the folder you picked (in this case, blog), copying the WordPress files to it, and creating the MySQL database. When it finishes, you’ll see a confirmation message. It reminds you of the administrator user name and password you supplied, and lists the administration URL—the address you type into your browser to get to the dashboard that controls your site. As with all WordPress sites, the administration page is your WordPress site’s address with /wpm2_admin tacked onto the end (for example, www.reboot-me.com/blog/wpm2_admin).
You can return to Fantastico to manage your WordPress installations anytime. However, Fantastico doesn’t have the management features of Softaculous. Fantastico offers no way to modify, clone, or back up an existing WordPress site. Instead, it provides two links for each WordPress site you install: “Visit site” (which takes you there) and Remove (which deletes the site permanently).
UP TO SPEED: MULTIPLY THE FUN WITH MULTIPLE WORDPRESS SITES
Most of the time, you’ll install WordPress once. But you don’t need to stop there. You can create multiple WordPress websites that live side-by-side, sharing your web hosting account.
The most logical way to do this is to buy additional web domains. For example, when you first sign up with a web hosting company, you might buy the domain www.patricks-tattoos.com to advertise your tattoo parlor. You would then install WordPress in the root folder on that domain. Sometime later, you might buy a second domain, www.patrickmahoney.me, through the same web hosting account. Now you can install WordPress for that domain, too. (It’s easy—as you’ll see when you install WordPress, it asks you what domain you want to use.) By the end of this process, you’ll have two distinct WordPress websites, two yearly domain name charges, but only one monthly web hosting fee.
Interestingly, you don’t actually need to have two domains to have two WordPress sites. You could install separate WordPress sites in separate folders on the same domain. For example, you could have a WordPress site at www.patrickmahoney.me/blog and another at www.patrickmahoney.me/tattoos. This is a relatively uncommon setup (unless you’re creating a bunch of WordPress test sites, like we do for this book at http://prosetech.com/wordpress). However, it is possible, and there’s no limit. That means no one is stopping you if you decide to create several dozen WordPress websites, all on the same domain. But if that’s what you want, you should consider the WordPress multisite feature, which lets you set up a network of WordPress sites that share a common home but have separate settings (and can even be run by different people). Creating a Network of Sites explains how that feature works.
Installing WordPress by Hand
If you don’t have the help of an autoinstaller like Fantastico or Softaculous, don’t panic. Before these tools were widespread, WordPress was known for a relatively easy installation process. In fact, WordPress promoted it—heavily—as the “famous 5-minute install.” And while that’s wildly optimistic (unless you’re a seasoned webmaster, it’ll take far longer), WordPress is still known for being easier to set up than most other blog software and content-management systems.
Here’s an overview of what you need to do to get WordPress up and running the old-fashioned way:
1. Create a MySQL database for WordPress to use.
2. Upload the WordPress files to your web host.
3. Run the installation script to get everything set up.
In the following sections, you’ll tackle each of these tasks.
Before you go down the WordPress self-installation route, make sure that it’s truly necessary. The overwhelming majority of web hosts now provide some sort of WordPress installation feature that you can use instead. And although installing WordPress by hand isn’t a Mensa-level challenge, it’s an unnecessary slog if your web host provides an easier approach.
Creating a MySQL Database
As you learned on WordPress Behind the Scenes, WordPress stores all the details of your website—from your posts to your comments—in a database. MySQL is the name of the database software that manages your WordPress content, storing and fetching it. In fact, before you can install WordPress, you need to have a blank MySQL database waiting for it. Here’s how to create one:
1. Use your browser to log in to the control panel for your web host.
2. Look for an icon that has something to do with databases or MySQL. Examples include “MySQL Administration,” “MySQL Databases,” or “Database Manager.” When you find it, click it.
You’ll see a new page with information about all the MySQL databases currently stored on your site, if any. Figure 3-14 shows an example.
Figure 3-14. If your web host uses the cPanel interface, you’ll manage databases on a page like this. It’s divided into several sections. For a WordPress installation, the three important ones are Create New Database (shown here at the top), Add New User (near the bottom), and, not shown, Add User to Database (it’s all the way at the bottom of the page).
3. Create a new database.
You need to choose an appropriate name for your database. It should consist of lowercase letters and numbers, with no special characters in it. In Figure 3-14, you’re about to create a new database named wordpress (one named wrdp1 already exists).
The full database name has two parts: the site login (the user name you use to log into your web hosting account) and the database name you picked. For example, the full names for the databases in Figure 3-14 are rebootme_wordpress and rebootme_wrdp1.
Make a note of the full two-part name of the database (like rebootme_wordpress), because you’ll need to tell WordPress about it when you install WordPress.
Once you type in a name, click a button that’s named something like Create Database or New. If your web host runs the standardized cPanel control panel, the next step is to click the Go Back button to return to the database management page. (If your host uses a different control panel, look for similarly named commands.)
4. Add a new database user.
Right now, no one has control over your database. To be able to use it, you need to appoint yourself its administrator by creating an administrator account. You do that by adding a new user (you) and giving yourself across-the-board permission to manage the database. That way, you can log into the database and have free rein to store and retrieve information.
To add a new user in cPanel, scroll down the page to the Add New User section and type in a user name and password for yourself. Click the Create User button to make it official. Then click Go Back to return to the database management page.
5. Register your user name with the database.
Although it may sound strange, you, as the new database user, can’t do anything yet, because you haven’t given yourself permission to use the database. To fix this, you need to give yourself access to the WordPress database you created in step 3.
In a cPanel control panel, scroll to the bottom of the page, to the “Add User to Database” section, which contains two drop-down lists. In the first one, pick the user name you just added; in the second, pick the name of the database you created. Then click Add to seal the deal.
This is also the point where you tell the database exactly what this user is allowed to do. Because you’re the uber-powerful database administrator, this account should be able to do everything, from adding and deleting tables of information to searching and changing the data inside them. To make that happen, pick All Privileges and then click Make Changes (Figure 3-15). Now you can have your way with your brand-new database.
Figure 3-15. Here, the user rebootme_user is linked to the rebootme_wordpress database (top). After clicking Add, you need to set the user’s security privileges. Checking the topmost All Privileges box is a quick way to check all the boxes.
Uploading the WordPress Files
Now you have a perfectly configured MySQL database waiting for someone to come along and use it. But before you can get WordPress up and running, you need to transfer the program to your website. This is a two-step process: First you download the latest version of WordPress, and then you upload it to your site. Here’s how:
1. In your browser, go to http://wordpress.org/download, and then click the Download WordPress button.
This downloads the latest version of WordPress as a compressed ZIP file, which virtually all computers support. (If you look closely, you’ll see an alternate link for downloading WordPress as a compressed .tar.gz file, but you don’t need that.)
2. Inside the ZIP file is a folder named “wordpress.” You need to extract that folder to a convenient place on your hard drive, like the desktop.
For example, on a Windows computer you can drag the wordpress folder out of the ZIP file and onto the desktop, automatically unzipping its contents in the process. (You don’t need much free space. Altogether, the WordPress files take up only a few megabytes of storage.) On Mac OS X, double-click the ZIP file to extract its contents.
Using either method, you end up with a folder named wordpress, which will have several subfolders and several dozen files in it, but you don’t need to worry about those.
No matter where you put the wordpress folder, it will be a temporary storage location. After all, the WordPress files can’t do much trapped on your computer. Your ultimate goal is to upload all these files to your web host, where they can work their magic. Once you do that, you can delete the WordPress files from your desktop.
3. Figure out the FTP address you need to use.
You could ask your web host, but the address is almost always ftp:// followed by your domain name, as in ftp://reboot-me.com. The initial ftp:// is critical—it indicates that you’re making a connection for transferring files, not visiting a website (in which case you’d use an address starting with http://).
4. Load your FTP program and navigate to your site.
FTP is a standard that lets computers pass files from one to the other. You’ll use it to upload the WordPress files to your website.
In the old days of the Web, uploaders used specialized FTP programs to transfer files. Many people still use dedicated FTP programs, and you can, too. However, the latest versions of Windows and Mac OS X have built-in FTP functionality, so you don’t need a separate program.
Depending on your web host, you may be able to upload files from your browser using your site’s control panel. However, browser-based file management is usually awkward and can trigger a triple-Tylenol headache if you need to upload a large batch of files, like the contents of the wordpress folder and its subfolders. FTP is easier.
To open an FTP connection in any modern version of Windows, start by firing up the Windows Explorer file manager. (Right-click the Start button, and click a menu command that has a name like Open Windows Explorer.) Then, type the FTP address into the Windows Explorer address bar.
To open an FTP connection in Mac OS X, start out at the desktop and hit Command+K to launch the Connect to Server window. Then, type in the FTP address and click Connect.
5. When your FTP program asks, enter your user name and password in the boxes provided.
This is the same user name and password you use to connect to your host’s control panel to manage your website.
Having trouble keeping track of all the different login identities you need to self-host WordPress? There are three altogether: one for your web host’s control panel, one for your database, and one for your WordPress administrator account.
Once you log in through the FTP panel, you’ll see your site’s folders and files—the ones on your web server—listed; you can copy, delete, rename, and move them in much the same way you can for local folders and files.
6. Browse to the root folder of your website.
This is the heart of your site—the place people go when they type in your web address. It may be a folder named public_html or webroot. Or, you may start off in the right place when you log in. If you already have a traditional website on your domain, you’ll know you’re in the root folder when you see your web pages there. And if you’re still in doubt, it may be worth a quick call to your web host’s support center to make sure you’re in the right spot.
7. Open another file-browsing window to view the wordpress folder on your computer.
This is the place where you unzipped the WordPress files in step 2.
8. Copy the files from the wordpress folder to your website.
There are two ways to do this. If you want WordPress to take over your entire site (see Installing WordPress with an Autoinstaller), you must select all the files in the wordpress folder (including subfolders). Then, copy all these files over to your root web folder. This is the strategy to use if you want people to go straight to your WordPress content when they type in your domain name (like www.reboot-me.com).
If you’re putting WordPress in your root web folder, make sure you don’t have another default page there. A default page is the page your website sends to a visitor when he types in your domain name (for example, www.reboot-me.com) rather than specifying a site page (like www.reboot-me.com/mypage.html). WordPress has its own default page, index.php, but you don’t want another default page trying to take over. Possible default pages include anything that starts with “index” (index.html, index.shtml, index.html) and “default” (default.asp, default.aspx).
If you want to create a subfolder on your website for WordPress, you follow a slightly different procedure. First, rename the wordpress folder on your computer to the name of the folder you want to create on your website. For example, if you want to create a subfolder named blog, rename the wordpress folder blog. Now you need to select and copy a single item—the blog folder that holds all the WordPress files.
Either way, you upload the files in the same way you copy them on your computer. For example, you can drag the selected files from your computer and drop them on the FTP window (Figure 3-16). Or you can copy the selected files (that’s Ctrl+C on Windows and Command+C on a Mac), switch to the FTP window, and then paste them (with Ctrl+V or Command+V).
Figure 3-16. Here, the folder named “blog” sits on your desktop and contains all the WordPress files (bottom image). A quick drag of the mouse transfers WordPress to your website (top image).
At this point, all the WordPress scripts and templates should be on your web server, although they aren’t actually switched on yet. Before you continue to the final step, it’s a good idea to make sure you uploaded the software successfully. To do that, try requesting WordPress’sreadme.html file, which should be in the folder you just uploaded. For example, if you put WordPress at www.reboot-me.com/blog you can request www.reboot-me.com/blog/readme.html. When you do, you’ll see a WordPress page with some very basic information about the setup process. If you get a “webpage not found” error, you’ve accidentally uploaded your files to a different location, so you need to take some time to sort it all out.
Running the Install Script
This is the final set of steps. Think of it as activating the WordPress site you just created.
1. To start the installation, type the web address where you installed WordPress into your browser, and then add /wpm2_admin/install.php to the end.
So if you installed WordPress at www.reboot-me.com/blog, you would request www.reboot-me.com/blog/wpm2_admin/install.php. At this point, WordPress warns you that it can’t find a configuration file (Figure 3-17). Don’t worry; you’ll create one.
Figure 3-17. There’s no configuration file for WordPress, so you need to create one and provide all the configuration details.
2. Click “Create a Configuration File.”
On the next page, WordPress reminds you about the information you’ll need to complete this process (that’s the database details from the previous section).
3. Once you work up your confidence, click the “Let’s go” button.
WordPress displays a page requesting your database information (Figure 3-18).
4. Fill in your database details.
First, you need to supply the database name (which you created on Creating a MySQL Database), and the user name and password for the database administrator (which you picked on Creating a MySQL Database).
You also need to supply the location of the database. Ordinarily, that’s localhost, which indicates that the database is on the same server as the WordPress installation file, which is almost always what you want. (If not, you need to contact your web host to get the correct database location.)
Lastly, you need to pick a table prefix—a few characters that WordPress will add to the name of every table it creates in the database. The standard prefix, wp_, is perfectly fine, but you may get marginally better security by choosing something less common.
Figure 3-18. WordPress needs to know where your database is, and what user name and password it should use to access it. You need to fill in the information for Database Name, User Name, and Password. You can leave the other settings (Database Host and Table Prefix) with their standard values.
5. Once you enter all these details, click Submit.
If WordPress manages to contact your database, it gives you a virtual thumbs-up and offers to start the installation.
6. Click “Run the install” to start the WordPress installation.
The next page collects some essential information about your WordPress site.
7. Fill in your site’s particulars (Figure 3-19).
The site title is the heading that crowns your WordPress site.
The user name and password are what you use to log in to the WordPress dashboard, configure things, and write new posts. Choose a not-so-obvious user name and a crack-resistant password (Creating Your WordPress.com Account).
The email address you type in will appear in your WordPress profile, and WordPress uses it if you forget your password and need to reset it.
Leave the “Allow my site to appear in search engines” checkbox turned on, unless you’re trying to keep a low profile. (But keep in mind that even if your site isn’t listed in a Google search, there are still plenty of ways for people to stumble across it. The only way to keep out strangers is to create a private site, as discussed on Creating a Private Site.)
Figure 3-19. This WordPress site is named Wasted Minutes. The administrator’s user name, angry_unicorn, is far less predictable than common (but less secure) choices like admin, user, wp, wp_admin, and so on.
8. Click Install WordPress to finish the job.
This is the point where the WordPress installation script really gets to work, configuring your database and loading it up with its first bits of WordPress content. When the process is finished, you’ll see a confirmation page (Figure 3-20).
Before you close the page, why not visit your site and verify that it’s working? As always, you can add /wpm2_admin to the end of your site address to get to the administration dashboard.
Figure 3-20. WordPress has finished installing your site. This confirmation screen reminds you of the user name you picked as the administrator, but it doesn’t repeat your password. Click Log In to go to the dashboard and start managing your site.
Keeping WordPress Up to Date
No WordPress website should be left unprotected. If your site doesn’t have the latest WordPress updates, it can become a target for hackers and spammers looking to show their ads or otherwise tamper with your site.
Fortunately, WordPress’s creators are aware of the threat that outdated software can pose, and they designed the program for quick and painless upgrades. WordPress installs minor updates automatically, and it’s quick to notify you about major updates so you can install them yourself. The following sections explain how these two updating mechanisms work.
Since version 3.7, WordPress has included an autoupdate feature that downloads and installs new security patches as soon as they become available. So if you install WordPress 4.0 and the folks at WordPress.org release version 4.0.1, your site will grab the new fix and update itself automatically.
The autoupdate feature is a fantastic safety net for every WordPress site. However, it has an intentional limitation. It performs only minor updates, which are usually security enhancements or bug fixes. It doesn’t attempt to install major releases—you need to do that yourself.
To spot the difference between a minor update and a major one, you need to look at the WordPress version number. Major releases change one of the first two digits in the version number (for example, 4.0.8 to 4.1.0 is a major update). Minor releases change the minor version number, which is the digit after the second decimal point (for example, 4.0.8 to 4.0.9).
A major update is a WordPress release that adds new features. Typically, WordPress puts out a major release every four months. You can find a list of recent and upcoming major releases at http://wordpress.org/news/category/releases.
You don’t need to go out of your way to keep track of WordPress releases. Whenever you travel to the dashboard—the administrative interface described in the next chapter—WordPress checks for new versions of the program and lets you know if it finds one.
To get to the dashboard, take your WordPress site address (like http://prosetech.com/magicteahouse and add /wpm2_admin to the end (as in http://prosetech.com/magicteahouse/wpm2_admin). Initially, you start at the dashboard home page. If WordPress detects that there’s a newer version available, it tries to grab your attention by adding a notification box to the top of this page (Figure 3-21).
Figure 3-21. There’s a new version of WordPress available, and your site isn’t using it. To get the latest new features, click the “Please update now” link. This takes you to the Updates section of the dashboard (Figure 3-22).
The Updates page is an all-in-one glance at everything that’s potentially old and out of date on your site, including two types of WordPress extensions that you’ll learn about later in this book: themes and plug-ins. Usually, the Updates page simply tells you that all is well. But when updates are available, you’ll see something else. First, WordPress adds a black number-in-a-circle icon to the Updates command in the dashboard menu. The actual number reflects the number of website components that need updating. In Figure 3-22 that number is 3, because you need to update WordPress and two themes.
Themes and plug-ins are two ways you can enhance and extend your site. But if they contain flaws, hackers can use those flaws to attack your site. You’ll learn more about themes in Chapter 5 and plug-ins in Chapter 9.
To install an update, use the buttons on the Updates page. If there’s a new WordPress update, then click the Update WordPress button. If there’s a newer theme or plug-in, then turn on the checkbox next to that theme or plug-in, and then click Update Themes or Update Plugins.
Figure 3-22. The Update page explains that two components need updating: the WordPress software and the P2 theme you installed on your site.
WordPress updates are impressively easy. There’s no need to enter more information or suffer through a long wait. Instead, you’ll see a brief summary that tells you what happened (Figure 3-23). Your site will carry on functioning exactly as it did before.
Figure 3-23. Breathe easy: WordPress is up to date once more.
Despite the rapid pace of new releases, WordPress’s essential details rarely change. New versions may add new frills and change WordPress’s administrative tools, but they don’t alter the fundamental way that WordPress works.