WordPress is one of the most popular blog publishing applications around today. WordPress is really more of a platform than an application, as it includes a templating, plugin, and widget system, wrapped around its search engine friendly structured core. WordPress offers ‘free’ hosted blogging with basic features enabled, supported by in-page ads, and also offers optional paid features, if a blog starts getting a decent amount of traffic, or if extreme customization is required WordPress free hosting won’t cut it. This tutorial explains how to deploy a WordPress blog on your own web server for maximum power, performance, and versatility.
NYISI recommends GoDaddy Virtual Dedicated Servers for small businesses seeking a hosting solution, running the WordPress content publishing platform. This tutorial explains how to configure WordPress on a GoDaddy Virtual Dedicated Server. The GoDaddy Virtual Dedicated Server is a good compromise between the convenience and low cost of managed hosting and the independence, power, and security of dedicated hosting. This tutorial assumes that the virtual server is running Linux with the Plesk control panel software installed.
NYISI consultants can also help develop and manage a custom WordPress hosting solution that’s right for you and your small business.
Configure domain name servers
First, you’ll need to configure the name servers with your domain name registrar. This tells other name servers how to find “yourdomain.com”. This tutorial assumes that you’re using GoDaddy as a registrar and a host, but for other registrars, the procedure should be similar.
- Log in to the domain manager
- Select the domain name you want to configure
- Click “Total DNS Control and MX Records”
- Edit the “A” record, or the “@” record
- Input the IP address of the virtual server provided by email once the server was deployed
- Save the changes and log out.
Note that after this step, it may take some time, usually not more than an hour but sometimes as long as 24 hours, for the changes to take effect. After completing this step, take a coffee break, and familiarize yourself with the rest of the directions here before proceeding.
Configure domain on hosting server
Next we’ll configure the server to host the domain. If you’re using cPanel instead of Plesk, the steps will be very different, but you should still be able to follow.
- Log into the virtual server’s control panel. For GoDaddy virtual servers with Plesk, the location is: http://yourdomain.com:8443 (replace “yourdomain.com” with… your domain [.com]), the user name is ‘admin’ and the password is the password selected during the virtual server setup. Note that you may encounter browser security warnings, like the one pictured here. It is safe to click through and ignore any warnings.
- Select “Domains”
- Click “Add New Domain”
- Select the default client, if prompted to select a client
- Enter “yourdomain.com” as the new domain, ensuring that the IP address selected matches the IP address entered in the first step, then click OK
- Select “Physical hosting” and click OK
- Enter an FTP login and password combination of your choice, and make a note of this for future reference
- Set the option “Shell access to server with FTP user’s credentials” to “/bin/sh”, and click OK to accept the warnings. This will allow us to install WordPress via the command shell later.
- Enable “PHP support” and leave “safe mode” on
- If desired, select a “Web statistics” option
- Click “OK” to complete domain configuration.
Instead of storing pages in files like a traditional web site, WordPress uses a database to store and retrieve content data. Now we’ll create a database to store WordPress.
- At the Plesk page for your domain, click “Databases”
- Click “Add New Database”
- Select a database name of your choice, optionally including “wp_” to denote that it is a WordPress database, e.g., enter “wp_yourdomain”
- Click “Add New Database User”
- Enter a username of your choice, e.g., “wp_yourdomain” once again. You can enter any password you like here. You will only need to enter this password once when configuring WordPress later. Click “OK” to finish configuring the database.
Install WordPress via command line
WordPress can be uploaded via FTP for simple hosting setups, but one of the best reasons to use a virtual server is the independence to have safe SSH access. To access the command shell, use a program like PuTTY.
- Connect to “yourdomain.com” with a program like PuTTY, then log in with the FTP user name and password you created when configuring your domain
- Switch to the web root directory, by default: cd httpdocs
- First clean up the unneeded files and folders that are deployed by default through Plesk
rm -rf ./css/ ./img/ ./picture_library/ ./test/ index.html
- Run the following commands to install the WordPress core files. Note that the version of WordPress may change, requiring you to change some of the file version numbers noted here, but the jist is the same each time:
wget http://wordpress.org/latest.zip unzip wordpress-2.6.2.zip cp -rpf ./wordpress/* . rm -rf ./wordpress/ wordpress-2.6.2.zip
Once this has been completed, the WordPress platform will be installed.
Install WordPress themes via command line
WordPress allows users to easily activate and deactivate “themes” for their sites, but also comes with a highly recognizable albeit plain default template. You’ll probably want to select a template from the WordPress theme directory.
- After selecting a theme, right-click that theme’s “Download” link, and copy the link to the clipboard.
- From the web root directory, switch to the WordPress theme directory:
- Download the theme with wget, pasting the address for the download link, then unzip the theme, and clean-up by removing the zip.
wget http://wordpress.org/extend/themes/download/aeros.1.0.4.zip unzip aeros.1.0.4.zip rm -f aeros.1.0.4.zip
- Switch back to the web root directory when complete:
Install WordPress plug-ins via command line
In addition to the variety of themes available for WordPress, there are also a large number of plug-ins that can extend all kinds of interesting functionality to WordPress. The procedure for installing a plug-in is nearly the same as installing a theme, but in a separate plug-in directory.
- From the web root directory, switch to the WordPress plug-in directory:
- Right-click the plug-in’s “Download” link, and copy the link to the clipboard.
- Download the plug-ins with wget, pasting the address for the download link, then unzip the plug-in, and clean-up by removing the zip.
wget http://downloads.wordpress.org/plugin/google-sitemap-generator.22.214.171.124.zip unzip google-sitemap-generator.126.96.36.199.zip rm -f google-sitemap-generator.188.8.131.52.zip
- Repeat steps 2 and 3 for each plug-in you wish to install. Switch back to the web root directory when complete:
Recommended WordPress plug-ins
NYISI recommends the plug-ins below based on what we would consider generally accepted good practice, but the variety of plugins is really representative of the diverse needs of webmasters that use WordPress. No two WordPress blogs need be alike, so the plug-ins below may or may not be suited for you.
- Akismet (by Akismet) – Stops comment spam in its tracks. Note that there is no need to download or install this plugin since it is included free with WordPress (however, it is not free for commercial use). Alternatively, some blogs do not require or desire support for anonymous comments, and for those blogs comments can be disabled. However, for comment-enabled blogs where open discussion is desired or encouraged, this plug-in is a must.
- All in One SEO Pack (by Semper Fi Web Design) – This plug-in is designed to help implement best practices for WordPress SEO (search engine optimization). While it offers many options, the defaults reflect the recommended settings, so virtually no effort is required once activated.
- Google XML Sitemaps (by Arne Brachhold) – This plugin will create a standards compliant XML-Sitemap for your WordPress blog. This plug-in is highly recommended, and in fact, WordPress itself will include this functionality in an upcoming release. But for now, it is not a default part of WordPress, and should be installed as a plug-in.
- WP Security Scan (by Semper Fi Web Design) – Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
Key WordPress settings are stored in the wp-config.php file in the web root directory. This file contains database connectivity and crypto settings that allow the WordPress PHP files to store and retrieve content.
This tutorial assumes that you understand how to perform basic file operations on the virtual server, such as uploading, editing, and renaming files. It doesn’t matter whether you do this via command shell (e.g. in vi), the Plesk interface, or FTP using ftp://yourdomain.com/. NYISI technicians professionally deploy and centrally manage virtually hosted WordPress installations, and can set up and maintain interactive content platforms like WordPress for your business.
- Rename the sample file, wp-config-sample.php, to wp-config.php
- Open the wp-config.php file for editing.
- Input the database name, database user name, and database password used earlier when creating the database.
- Change the values for AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY to any random, long, complicated string. Seriously, it doesn’t matter what you pick, just make it something unique. Find anything with three sentences and use those three sentences. It is important to change these values because they help keep stored passwords and other user data secure.
- Change the table prefix value from ‘wp_’ to something slightly different, e.g., ‘wp_yourdomain_’. This is usually used to support multiple WordPress installations on the same database, which is not necessary with a GoDaddy virtual dedicated server since unlimited databases can be provisioned. However, it’s a good idea to change this for security reasons.
- Save and/or upload the file to the web root directory.
- Using the command shell opened earlier in PuTTY, in the web root directory, create some temporary blank files needed later, and set the permissions for installation. Note that it is important to perform the final steps after install since this step makes critical files potentially open to editing.
touch robots.txt sitemap.xml sitemap.xml.gz .htaccess ./wp-admin/.htaccess chmod 777 robots.txt sitemap.xml sitemap.xml.gz .htaccess ./wp-admin/.htaccess mkdir ./wp-content/uploads/
- Set the permissions of the wp-content folder to enable theme editing and plug-in upgrading.
chmod 777 ./wp-content/ -R chmod 755 ./wp-content/ ./wp-content/plugins/ ./wp-content/themes/
Can you taste that? You’re almost done setting up a WordPress blog.
Install WordPress via web
The WordPress core is installed, and the back-end is all configured now, so it’s time to run WordPress for the first time.
- Point your web browser to the installation page, http://yourdomain.com/wp-admin/install.php. Note that if you just visit “yourdomain.com”, it should automatically redirect you to the installation page.
- Fill in the title of your new blog, and the email address you will use to receive notifications about the status of your blog (e.g., new comments awaiting moderation).
- Leave “Allow my blog to appear in search engines like Google and Technorati” checked, unless you don’t want anyone to find your blog, in which case you should ask yourself why you want a blog at all.
- Click “Install WordPress” to complete the installation. As WordPress says, “Were you expecting more steps? Sorry to disappoint.” But don’t jump the gun yet — you’ll want to configure WordPress before you start publishing, so read on.
- Copy the password generated by WordPress onto your clipboard. There is no need to note this password since we will create an administrator account in the next step.
Configure WordPress via web
Log in to the new WordPress blog using the admin password that was provided. That password is a nightmare to remember, and using “admin” as the default user name might be a bad idea, so first we’ll create a new user account.
Create an alternate administrator account
Using “admin” as the default user name is a bad idea, since this is easily guessable (it is after all the default). Create a new administrator user, and delete the old administrator user, by doing the following:
- In the WordPress dashboard, click “Users”
- Under the “Add new user” heading, fill in the form after selecting a user name of your choice. You can use the same email address you used for the default ‘admin’ account.
- Set the “Role” of the new user to “Administrator”
- Click “Add User” to finish adding the new user
- Now click “Log out”, which will return you to the login screen. Sign in with the new user name you created in the last step.
- At the WordPress dashboard, click “Users”
- Check the box next to the “admin” user name and click “Delete”
- At the next screen, you can select “Delete all posts and links” to remove the default links, which you’ll likely do anyway. However, if you want, you can select to attribute posts to your new username. Then click “Confirm Deletion” to complete the process.
The plug-ins installed in the earlier step must now be activated. Each plug-in recommended earlier will be activated and configured in this step and the next step.
- In the WordPress dashboard, click “Plugins”
- Click “Activate” for each of the plug-ins except Akismet, and then finally click “Activate” for Akismet
- Akismet should prompt you that “You must enter your WordPress.com API key for it to work”, click this
- You can get an API key from WordPress.com by creating a login, and then checking for it in your profile
- Copy and paste the API key from WordPress.com into the Akismet configuration page
- Click “Update Options” to complete plug-in activation
All the plug-ins are now installed, but like WordPress, they will require some additional settings changes, explained in the next step.
Edit settings for optimal performance
In the settings section of the Dashboard, you will find a plethora of options to customize your blog. In the WordPress dashboard, click “Settings”. This will start you on the “General Settings” page.
- Change the tagline to a catch phrase of your choice
- If you wish to change your “www.” preferences, now is the best time. Check the address in your dashboard: if the address is “www.yourdomain.com”, visitors will always be redirected to “www.yourdomain.com” if they visit “yourdomain.com” directly. Otherwise, if the address is “yourdomain.com”, visitors that enter “www.yourdomain.com” will be redirected to “yourdomain.com”. There is some controversy on whether or not to use “www.” anymore, but despite the controversy, we recommend using “www.” anyway unless you have a specific reason not to.
- Click “Save Changes”
Customize Permalink Structure
- Click “Permalinks” to access the permalinks settings page
- Selecting a permalink structure other than “default” is highly recommended since it makes your page structure more accessible to both robots and humans. Search engines use terms in URLs to index content, and humans can see words in the address and likewise understand what they are clicking. NYISI recommends permalink solutions for clients and can develop a custom permalink structure appropriate to your content if you need assistance. Contact NYISI for more information.
- Click “Save Changes”
- Click “Miscellaneous” to switch to the miscellaneous settings page
- Ensure that the “Store uploads in this folder” setting is set to “wp-content/uploads”. Even though this is the default, occasionally, the default setting isn’t applied by default, and “wp-content” is used instead.
- Optionally check “Organize my uploads into month- and year-based folders” to help keep things organized if you plan on uploading a lot of files
- Click “Save Changes”
All in One SEO Plugin Options
- If you didn’t install the recommended plug-ins, the next sets of steps can be skipped as appropriate. Otherwise click “All in One SEO” to go to the All in One SEO plug-in settings page.
- Enter a brief “Home Title” up to 5 words, and a “Home Description” up to 2 sentences. Avoid “fluff” words and be factual. Since search engine ranking is such an important consideration for websites, appropriate (and legitimate) SEO is the best long-term strategy for building search traffic. NYISI helps businesses develop effective search engine strategies developed to meet their specific needs.
- Click “Save Changes”
XML Sitemap Generator Settings
- Click “XML-Sitemap” to go to the XML sitemap plug-in settings page
- The plug-in will automatically let search engines know when your sitemap is updated, except Yahoo. You will need a Yahoo API key in order for WordPress to instantly notify Yahoo about updates. Optionally follow the directions to obtain a Yahoo API key, enter the API key on the page, and check the box “Notify YAHOO about updates of your Blog”.
- Check the box “Modify or create robots.txt file…”
- It is strongly recommended that you adjust your page priorities to appropriate values based on how you will use the blog. This is another crucial element in effective search strategy that NYISI assists managed clients with.
- Click “Update Options”
This completes the recommended WordPress settings changes. There are just a few more steps before the blog is fully up-and-running…
It’s hard to believe, but the site is almost completely configured. We still need to activate the theme that was selected and installed earlier.
- Click “Design” to go to the theme settings
- Click the name or the image of the desired design
- Click “Activate …” to activate the new theme
Finalize installation and clean up
Almost there… some of the settings used during the setup process conflict with generally accepted best practices, so we’re going to change things back to how they should be. Return to the PuTTY window with the SSH session, and from the web root, run:
chmod 755 . chmod 644 .htaccess rm -f ./wp-content/plugins/hello.php
The PuTTY window can now be closed. Just do one last check using the WP Security plug-in that was installed earlier:
- In the WordPress dashboard, click “Security” to load the WP Security plug-in page
- Check the “Security” and “Scanner” pages for any warnings (highlighted in red). If any warnings appear, correct them as advised to. These directions should yield no warnings based on our testing.
- The WP Scanner plug-in can optionally be deactivated at this time, since it has served its function. Click “Plugins” to find the “Deactivate” link.
Congratulations! Your WordPress blog is fully set-up. There were many steps along the way, but the journey isn’t over, because now the blog will need content. That part is up to you! WordPress can be extensively customized with themes and plug-ins. Making new themes and plug-ins is outside the scope of this tutorial, but if there is no theme or plug-in to do what you need, NYISI may be able to customize themes and plug-ins to suit your unique needs. Learn more about NYISI IS/IT solutions for businesses.
Thanks for viewing!