WordPress Setup and Install

Wordpress is an incredibly popular CMS. It makes building websites really easy. We’re going to show you how to install and setup WordPress. Wordpress isn’t for everybody. We’re also going to help you decide what is right for you.

Pros:

easy
point and click once you have it setup
supported by most hosting providers
widely use
loads of nice plug-ins

Cons:

can be insecure if you aren't careful
slow
includes a database as an extra level of complexity
more effort to backup

Alternative:

Managed WordPress hosting (free and paid):
- wordpress.com
- Liquid Web
- Kinsta
Try an alternate CMS instead ( Jekyl, typesetter cms, blogger )

Prerequisites Before Installing Wordpress

For this guide we’re assuming the following:

Linx distro: Ubuntu
Username is: user1
This group exists: www-data
Install Linux ( or another OS, Linux for this tutorial )
- See our Linux install guides for
  - Ubuntu
  - CentOS
  - Debian
  - Fedora
  - Arch
Install a LAMP stack ( see our guide here )
Make sure you setup SSL

Actual Setup

Setup Database for WordPress:


mysql -u root -p

CREATE DATABASE WordPress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
GRANT ALL ON WordPress.* TO 'WordPressuser'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EXIT;

Install extra PHP extensions that WordPress uses:


sudo apt-get update
sudo apt-get install php-curl php-gd php-mbstring php-mcrypt php-xml php-xmlrpc
sudo systemctl restart apache2

Enable .htaccess overrides:


sudo vi /etc/apache2/apache2.conf

<Directory /var/www/html/>
    AllowOverride All
</Directory>

Enable mod_rewrite so that WordPress permalinks will work:


sudo a2enmod rewrite
sudo apache2ctl configtest

Download latest WordPress:


cd /tmp
curl -O https://WordPress.org/latest.tar.gz
tar xzvf latest.tar.gz

Place holder .htaccess:


touch /tmp/WordPress/.htaccess
chmod 660 /tmp/WordPress/.htaccess

Copy over sample config:


cp /tmp/WordPress/wp-config-sample.php /tmp/WordPress/wp-config.php

So WordPress doesn’t run into trouble doing this itself later on when it tries to upgrade:


mkdir /tmp/WordPress/wp-content/upgrade

Copy to web root, include hidden files, preserve permissions:


sudo cp -a /tmp/WordPress/. /var/www/html
sudo chown -R user1:www-data /var/www/html

Set the setgid bit so that files created in these dirs will in inherit their group ownership and not just use the current users group:


sudo find /var/www/html -type d -exec chmod g+s {} \;

Group Write access for theme and plugin changes:


sudo chmod g+w /var/www/html/wp-content
sudo chmod -R g+w /var/www/html/wp-content/themes
sudo chmod -R g+w /var/www/html/wp-content/plugins

Generate secret keys:


curl -s https://api.WordPress.org/secret-key/1.1/salt/

Copy and paste these keys inside your WordPress config file:


vi /var/www/html/wp-config.php

The existing/placeholder keys you need to replace look like this:


define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

Add our DB settings to the config file and configure WordPress to write the the FS directly:


vi /var/www/html/wp-config.php


define('DB_NAME', 'WordPress');
define('DB_USER', 'WordPressuser');
define('DB_PASSWORD', 'password');
define('FS_METHOD', 'direct');

http://YOUR-IP-OR-DOMAIN

select your language and continue
fill in all of the fields
- don’t use a common user name ( ex: don’t use ‘admin’ )
- use a strong password

WARNING - People will be scanning your site for WordPress vulnerabilies before WordPress is even installed. As soon as you have your webserver running, people will start scanning.

You might want to configure how permalinks work or install a theme:

Settings > Permalinks
Appearance > Themes

Upgrades:

The upgrads aren’t too bad. We just have a couple extra steps to make things more secure.

Add some temporary permissions:


sudo chown -R www-data /var/www/html

Run the upgrade from the WordPress administration panel.
Remove those permissions:


sudo chown -R sammy /var/www/html

That is pretty much it. WordPress is installed and you are ready to start creating content. How to actually use WordPress after installation is another story.

Your Done!

but not really… keep reading…

We strongly recommend that you secure your WordPress site. WordPress is notorious for getting hacked. Don’t ruin all your hard work by becoming a statistic. Keep reading.

WordPress Security

WARNING - People will be scanning your site for WordPress vulnerabilities before WordPress is even installed. As soon as you have your webserver running, people will start scanning.

Why Security is Important

If your site is hacked:
- Your site could be shut down / deleted.
- It may be difficult to recover even if you have a backup.
- Your site can be used by hackers to store malware.
- Google can de-index your site and blacklist your domain for containing malware.
- Any potential customer data can be stolen.
- Other things hosted on the server can be compromised.
“Google blacklists around 10,000+ websites every day for malware and around 50,000 for phishing every week.”

We’re going to build an entire new section of this guide focused on security. For now just follow this guide.

Affiliate Disclosure statement We receive compensation for promoting many of these hosting services.