How To Install WordPress- The Manual Approach

One-click WordPress installation seems to have become the norm. And why not? I mean, pit a single click installation against a circuitous, technical, laborious, ‘multi-click’ (the horror!) installation and we have a no-brainer, right?

But what if I were to tell you that sites installed using Fantastico/ Fantasico De luxe etc. are soft targets for hackers? And what if I were to tell you that the manual installation isn’t as hard as it’s made out to be. And that it’s just a one-time inconvenience?

Hmmm, the choice isn’t that obvious now, is it? So, if your site’s security trumps convenience, read on and install WordPress the right way – the manual way!

Here’s what we are going to do –

  • Download WordPress at http://wordpress.org/download/. Unzip the file.
  • Rename the ‘wp-config-sample’ file to wp-config
  • Open wp-config in a text editor- (a) Insert unique keys and salts (b) Change the default database table prefix
  • Create a database, database user and password from the cPanel
  • Again go back to wp-config and insert the database details
  • FTP the WordPress files to the webserver using FileZilla
  • Run the Install Script & fill in details of your website
  • Done!

The changes made to the default values in wp-config beef up your WordPress website against hacker attacks.

And here are the steps in detail –

PART 1 – Download The WordPress Zip File

(1) Go to http://wordpress.org/download/ and click on the ‘Download’ button. This will download the wordpress zip file to your computer. Please note that the version might vary.

WordPress Zip Download

 

(2) Navigate to the WordPress zip file on your computer, copy and paste it into its own folder (to keep things nice & neat). Then right click on the zip file and choose “Extract Here”. Doing so will create a a ‘wordpress’ folder. We will be uploading the contents of this folder to your website (or web server) using an FTP client a bit down the line.

WordPress Zip File

(3) Open up the unzipped ‘wordpress’ folder – look for the file named ‘wp-config-sample’ and rename it to ‘wp-config’. Next, we need to open the ‘wp-config’ file with a text editor such as Notepad, Notepad++ (do not use Word!). In wp-config, scroll down till you reach the chunk of code that looks like:

define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

Pretty, eh? In a moment, it’s going to get prettier. Now here’s the important bit, so listen close: we need to replace the keys and salts in the above code (i.e. the 8 rows that start with “define”) with a bunch of randomly generated secret keys. For that, we will make use of the WordPress.org secret-key service. It’s all very scotland yard, I know!

To do that, simply go to –

https://api.wordpress.org/secret-key/1.1/salt/

and refresh the browser. Then, copy and paste the automatically generated values into wp-config, instead of the code in the snippet above, so that it looks something like –

 

define('AUTH_KEY',         'o_[inOz8Rs<4`(q|)eJi`wKbhk+]`CA%)[.<0;WE`T~OZGClLv!+kXFyjrrCBYy5'); 
define('SECURE_AUTH_KEY',  '+DI>K307]oU3u;|9CRt-wnE2u+OJm*z_C>u^n1<W/E5=5{|EPp(ILU[M5<v!DG0M');
define('LOGGED_IN_KEY',    'z:72BMyzU4FuFM7;kHI^l!s9lCF-&;}%NoENhrwMUWU<v1o[p+vIA1{8K|zA_Nb@');
define('NONCE_KEY',        '~UlpG|;}(s&bx4[^S +hk;x+E-1SmRwh~CM(c@Dpa1:4tmS[L<-)s>:(e&,ho Px');
define('AUTH_SALT',        'RVg>;508j2zDcH?#qke-*aP>MFa.Ly!g:jad=VI_h2i~.Dll5)O,8IX|TlgtGhuj');
define('SECURE_AUTH_SALT', 'KS#,xx+`f&zn$+J=#Y+c)2Z3?@kPBvL<!)uU,kUB:(+OkDa&U[zW+Sj`?sXS>&ei');
define('LOGGED_IN_SALT',   'eBise:>Ca u6>@ceppK4+Ds<z*b3Vx+j{pW`No/w|lH:J>NW|mcjg1!0gFFltu0C');
define('NONCE_SALT',       'W%>Ezw[GF H?H8;/SR^SUqTg&0*/-B#320R/HZ *q!i./,`a|9EML,ZyTnz>]{V|');

 

IMPORTANT! The automatically/randomly generated values that you get will be different from those in the code above! The code snippet is merely an example.

TIP: Make sure you paste ALL the 8 rows starting with define.

(4) Now, scroll down a little more in wp-config (that’s open in a text editor) till you find –

$table_prefix  = 'wp_';

“wp_” is the default database table prefix. Simply rename it to anything other than “wp_”. The prefix can be a mix of numbers, alphabets and underscore. While not necessary, try to end the name with an underscore. Here’s an example-

$table_prefix  = 'cklsj_wp_';

(5) Please save the changes to wp-config, we will be revisiting it shortly -so you can leave it open.

Part 2 – Create WordPress Database & Database User

(1) Log into your hosting account’s cPanel and scroll down to ‘Databases’, then click on ‘MySQl Database Wizard’ –

HostGator MySQL Database

(2) Create A Database: In the next screen, give your database a name and then click on the ‘Next Step’ button-

HostGator Database

(3) Add a Database User: Give a username/password for the user and click on ‘Create User’. Please do keep a note of the database name we created in the previous step and the username/password created in this step.

MySQL Database Wizard cPanel

 

(4) In the next screen, check the ‘ALL PRIVILEGES’ box and go to the next step.

Database Privileges

 

(5) The next should will inform you that you have created a database and added a user to it –

 

cPanel Database User

 

(6) Again, in the ‘wordpress’ folder on your system, open up the wp-config file in a text editor and add in the database related information i.e. the database name, username and password. Save.

define('DB_NAME', 'database_name_here');
 
/** MySQL database username */
define('DB_USER', 'username_here');
 
/** MySQL database password */
define('DB_PASSWORD', 'password_here');

WP Config Database

Part 3 – Installing FTP

(1) FTP stands for File Transfer Protocol and an FTP client such as FileZilla allows you to access the files and folders on your website. Using FileZilla, you can upload files from your local machine to your site, download files from your website on to your computer, delete web files etc. I’ll be using FileZilla for this tutorial although you’re free to use any FTP client. You can download FileZilla for FREE here –

https://filezilla-project.org/

(2) Make sure you download FileZilla Client and then choose the appropriate download link depending on your operating system – Windows/Mac etc. Once the download and installation are done, move on to the next step.FileZilla Client Download

 

(3) Fire up FileZilla and use the information on the following page to log into it –

http://support.hostgator.com/articles/specialized-help/ftp/how-to-configure-filezilla

 

FileZilla Login

 

Once you have successfully logged into FileZilla, it’ll look like the image below –

FileZilla Client Interface

The interface comprises 4 quadrants, as marked in the image. Quadrant 1 will display the folders on your computer. When you single-click a folder in quad 1, its contents will appear in quad 2. Similarly quadrant 3, shows the folders in the web hosting account. And when you select a folder in #3, you’ll be able to see its contents in #4.

Tip: Click on the “+” to open a folder further.

To Transfer Files From Your Computer To Your Website:

-Locate the right folder in your computer, in pane #1

-Then select the destination folder in #3

– Select the files in #2 that you need to transfer. To select multiple files, use ‘ctrl’.

– Right-click on the selected files in #2 and choose ‘Upload’. This should transfer the files to #4.

Part 4 – Upload WordPress Files To Your Website

(1) In this step, we will upload the WordPress files we downloaded in step 1 to the website, using FileZilla. So, log into FileZilla. What you need to do is to navigate to the unzipped WordPress folder in quadrant 1 and click on it. As soon as you do this, quadrant 2 should get populated with the contents of the WordPress folder. Now, in quadrant 3 – locate and click on the ‘public_html’ folder. When you do this quadrant 4 will display the files and folders of the ‘public_html’ folder. See how the client works?

(2) Select all the contents of the ‘wordpress’ folder in quadrant 2 (you could do a ctrl+A to select all), right click and choose “Upload”. This will transfer all the wordpress files into the public_html folder. The transfer process will take a couple of minutes.You can check the status bar at the lower left corner.

Part 5 – Run The Install Script

(1)When the transfer is complete,  go to http://yourdomain.com/wp-admin/install.php (please replace ‘yoursdomain’ with your actual domain) and you should see a page with the “Information Needed” form –

WordPress Username Login Information

  •  Site Title – You can give your site’s name here (for now). The site title can be edited later.
  • Username – For security reasons, give a username other than ‘admin’. This will be your WordPress username, that you’ll use to log into the WordPress account.
  • Password – This is your WordPress login password. Please choose a strong, complex password
  • Email – Enter the email where you would like to receive website related information
  • Privacy – You can uncheck it for now.

Using a username other than ‘admin’ and a strong password are a must to protect your website from brute force attacks.

Click ‘Install WordPress’.

(2) That’s it! Once you get the success message, your WordPress website is ready.

WordPress Dashboard Login

(3) Go to www.yourdomain.com and see for yourself! Your website should show up with the “Twenty Thirteen” theme.

(4) To log into the administration area of your WordPress website, go to www.yourdomain.com/wp-admin and key in the WordPress username/password.

Image Credit: teamstickergiant

 

Comments

  1. Shannon says

    Hi Reeta, I have your book Stoked About WordPress, and I was following along with these directions and doing great until I got to the “select public_html” folder from quadrant three. I can see some folders in there, but there is no public_html folder on my screen. Last night I couldn’t see any folders, today I can see some (.cpanel and subfolders and .pki and subfolders). Is it just a matter of waiting for all the folders to appear? I only transferred my domain to hostgator last night. Thanks.

    • Reeta says

      Hi Shannon,

      What do you see when you go to http://www.yourdomain.com? Do you see a hostgator banner?

      Wait it out a bit more and if you need more help, get back to me with your domain 🙂

      On another note, The domain that you set up name servers for, is that the only domain attached to your hosting account? Or did you already have another domain name hooked to your hosting account?

      Also, HostGator has live chat support and usually are great with this sort of stuff (although the wait can get a bit frustrating at times!).

  2. Shannon says

    Thanks Reeta. I did end up doing two phone calls with the host gator folks, once because they had to redo my cpanel so that I could see it in filezilla, and once because although I thought I had linked the database user to the database apparently it didn’t “take” and they had to do it again for me. I’ve also had to re-download the wordpress files two additional times and re-install certain folders/files because of particular errors I was getting while trying to log in to wordpress, but it worked! I just logged into the wordpress dashboard for the first time with this site. Thank you!!!!!

  3. Shannon says

    Oh, and by the way, your directions for installing wordpress manually were great, and I’m very “stoked” that I was able to do this. I am not experienced in the details of technology and code that I was working with, and your directions were very clear. If I hadn’t gotten as far as I had I doubt I’d have hung in there with the help desk and finished it. The issues I had didn’t seem to have anything to do with your instructions – they were kind of weird fluke things (or inexperienced user error!), plus I was continually disconnected from the server while in filezilla trying to upload the files, which I think accounted for having the issues with particular files being missing/corrupted when I was trying to log in. So far I really love your book!

    • Reeta says

      Hey Shannon!
      Thank you for the kind words about the book 🙂

      Sorry to hear you had to go through all that but yay! that your site is up and running. And guess what? That was the hardest part. Why, I still cringe just a tiny bit even now, when I have to use Filezilla. It is a great tool, but somewhat unwieldy. No more Filezilla in the book from here on, by the way! If you’ve managed to install WordPress manually, the rest should be a breeze. But do feel free to come back here in case you get stuck!

      P.S. Transferring this thread to the “Stoked About WordPress” page, in case others have similar problems.

  4. Tom says

    Hi Reeta,

    I’m currently working through your WordPress book. I really like it so far! As suggested, I’m considering a manual install, but still have some questions about this:

    Part 2, Step (2)
    – Is it important to choose database name that cannot be guessed?

    Part 2, Step (3)
    – Is it important to choose a secure password here?

    Part 2, Step (6)
    – It seems that the password is stored in a non-encrypted way – is this okay?

    Part 2, Step (3) vs. Part 5, Step (1)
    – How do the username/password generated in those two steps relate? Or, put differently, what exactly do I need the username/password from Part 2 for? (Apart from actually creating the database.)
    – Should the usernames/passwords be different?

    Your help would be greatly appreciated!

    Tom

    • Reeta says

      Hi Tom,

      I know at this stage it probably seems like we are creating many usernames, passwords, accounts and what not.To give you a bit of context – the content of a WordPress website(page,post,comments etc.) is stored in a database. I should add here that the content is added to the database automatically, behind the scenes. So, in Part 2 using the cPanel all we are doing is creating a database for the website (and a username/password for the database) and then storing that information in the wp-config file. In all probability, this is the only time that you will need the database related information -name, username and password. Unless one is an advanced user of course.

      Okay now to answer your questions directly. Yes! Please do choose a hard-to-guess username and password for the the database.

      In Part 2 step 6, its okay if the password is not encrypted.

      Finally, the username/password generated in Part 2 step 3 is the for the database that you associate with the WordPress website. Like I said before you will probably not need it frequently, but do make a note of it nevertheless (although you could always look up this information in the wp-config file since we paste it in there).

      On the other hand, the username/password in Part 5 step 1 is to log into your WordPress website’s dashboard. You will need this login information often i.e. whenever you want to add a page, post, change the design ..in short make any kind of change(s) to your website. So make a note of it for sure and memorize it by heart!

      Yes,I would choose different login details for the database and the WordPress dashboard.

      And most important – at the cost of repetition – make sure that the username in Part 5 Step 1 is *not* admin.

      Hope that helps. Any more questions, let me know!

      Thanks!
      Reeta

      • Tom says

        Hi Reeta,

        Thank you for your helpful reply! One minor thing: In my question about Part 2, Step (2), I was referring to the name of the database, not the username/password. So, should also the database name be hard to guess?

        Thank you again,
        Tom

        • Reeta says

          Oh an oversight on my part! So, the answer to that question is – yes the database name should be hard to guess. If one were to use Fantastico for the installation, the default name of the database would be ‘wrdp1’ for the first database created, ‘wrdp2’ for the second and so on. And this is a known fact!

          So do choose a secure alphanumeric database name that’s different from the above. Hope that clears it up?!

          Manual installation can get a bit tricky, I hope it goes smoothly for you 🙂

  5. Sriram says

    Hi Reeta,
    Thanks for your ebook, its simply great.

    I am hosting my website on bluehost.

    Followed your instructions for manual installation of wp and transferred thru FTP (which was successful). Now when i go to http://xxxxxx.com/wp-admin/install.php (with my domain name), i am getting “404 Error File Not Found” error. Please guide me. Thanks, Sriram

    • Reeta says

      Hi Sriram,

      Sorry you’re having trouble with the installation!

      Hmm.. if I had to hazard a guess I’d say to check the database details that you entered in the wp-config file. Do keep in mind that a prefix is automatically added to the name (for the database and user) that you manually type in.

      So, for example, say you named the database “mydatabase”, the full name (that you need to enter in the wp-config) should be “prefix_mydatabase”. Replace prefix with the actual prefix assigned by the database creator. In all likelihood it will be the login id to your hosting account, but just to be sure you can confirm this by going to “MySQl databases” through your cPanel.

      And you will need to add the full name for both, the database and the username in the wp-config file.

      If something else is the problem, let me know!

Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *