The most secure way to install WordPress is manually. (Find in-depth instructions here: http://codex.wordpress.org/Installing_WordPress). It takes about 10 – 20 minutes depending on how fast your internet connection can upload files. Many people think the extra time is worthwhile because it allows you to add more security measures.
There are five parts to the way I install WordPress manually:
1. Download and unzip WordPress to your desktop.
2. Set up your database in Hostgator’s cPanel.
3. Set up free Filezilla FTP software (here’s a step-by-step tutorial)
4. Upload WordPress via FTP
5. Configure & Install WordPress
1. Download and unzip WordPress to your desktop.
Get the most recent version of WordPress here: http://wordpress.org/download/.
Unzip the WordPress file. Extract the contents of the .zip file onto your computer.
Rename the “wp-config-sample” file to “wp-config.php”.
2. Set up your database in Hostgator’s cPanel.
Log into your cPanel dashboard.
Locate MySQL Database Wizard.
Create a new database. (Hostgator automatically assigns the first few characters and underscore (xxxx_). You choose the rest of the name. For example, xxxx_qkz4.
Make a note of the user name, database name and password you choose. You will need them in a few minutes.
Create a new user and strong password. Click on ‘Create user’.
Since you are the database administrator, assign full privileges to that user for that database. Click on ‘Next Step’.
Your database is set up. Remember to record your information – you’ll need it to configure WordPress. Click on the ‘Return Home’ link to return to the cPanel dashboard.
3. Set Up free Filezilla FTP software
Download Filezilla from http://sourceforge.net/projects/filezilla/.
Save it to your hard drive, right click and select ‘Run as’…
Then follow the installation instructions.
After it’s installed, open the Filezilla software, click on’File’ and select ‘Site Manager’.
Select ‘MySites’ and click on ‘New Site’.
Add ‘Host’ name, change ‘Logon Type’ to ‘Normal’. Add ‘User’ and ‘Password’ that Hostgator emailed to you when you opened your hosting account. Click on ‘OK’ to save your settings.
4. Connect with your hosting account via FTP & Upload WordPress
Click on connect.
You’ll see ‘Status: directory listing successful’ in the top window (green oval). Your local hard drive is on the left (red ovals). Your host’s server (the internet) is on the right (blue ovals.)
On the right side of Filezilla (internet) click on the folder to expand its contents.Then locate the ‘public_html’ folder and click to expand its contents.
Locate and select (left click) the domain (folder) you want for your WordPress installation.
Using the ‘Local Site’ window (on the left), locate the unzipped ‘ wordpress’ folder on your hard drive, and left click on it. You’ll see the contents in the ‘Filename’ window below.
Select ALL of the folders and files in the ‘Flename’ window. Drag them to your domain’s folder on the server (right side of Filezilla) and drop them ALL into the folder. (This can take as little as a couple minutes on a fast connection, or as long as 30 minutes on a slow or wifi connection.)
You can see the upload progress at the bottom of Filzilla. When ‘Queued files’ reaches zero (0) — and ALL files can be seen in the ‘Successful transfers’ tab — your file transfer is complete.
5. Configure & Install WordPress
Locate and right-click on wp-config.php in the ‘Filename’ window on the right side (internet) of Filezilla. Left-click on ‘View/Edit’. The file will open up in Notepad (Windows) so you can the edit PHP code. (You can also associate your own choice of text editor. The examples below are shown using EditPlus from http://www.editplus.com/.)
When Notepad – or your choice of text editor — opens, look for:
• /** The name of the database for WordPress */
define(‘DB_NAME’, ‘evol_qkz4’);
• /** MySQL database username */
define(‘DB_USER’, ‘evol_qkz4’);
• /** MySQL database password */
define(‘DB_PASSWORD’, ‘O%e+(hrmRse2’);
Paste your database information between the single quote marks.
Examples:
o Replace ‘database_name_here’ with your database name: ‘xxxx_qkz4’
o Replace ‘user_name_here’ with your database name: ‘xxxx_qkz4’
o Replace ‘password_here’ with your password: ‘O%e+(hrmRse2’
For Hostgator, DO NOT replace ‘localhost’, ‘utf8’, and DO NOT make any changes to ‘DB_COLLATE’.
If you’re not using Hostgator, check with your host to find out about these settings.
The next few steps will improve your WordPress security. It’s worth the extra few minutes to complete them.
Locate the “Authentication Unique Keys and Salts”in your wp-config.php file. Copy the URL in the narrow red oval and paste it into your browser. It will take you to a site that will give you randomly generated security keys to paste into the Authentication Key section (large red oval).
Copy ALL lines (security keys) from https://api.wordpress.org/secret-key/1.1/salt/.
Paste into the Authentication Key section (large red oval) into your wp-config.php file.
Just below the Authentication Keys you pasted, look for ‘ WordPress Database Table prefix.’
Replace the ‘wp_’ data table prefix with different letters or numbers.
Example:
Replace wp_ with xk_
To learn more about wp-config.php visit: http://codex.wordpress.org/Editing_wp-config.php
You’ve completed the WordPress secure installation!
Now visit your domain (refresh the page if needed). Your WordPress site is almost ready.
You still have to enter the Site Name, strong Admin name, strong Password, Email – and check the box that allows search engines to find your site. Then click ‘Install WordPress’
Now you get the Success! Message that means you can log into your new site. Copy down the password (randomly generated, but you an change it once you’re inside your site if you wish).
Click on ‘Log In’ and you’ll go to the famous WordPress Login page.
And now you can login and start customizing your site!
