Tutorial: Installing WordPress
You probably already know that WordPress is one of the most streamlined and affordable content management systems available for running small publications, blogs, directories, FAQs and handbooks, or just about any site that can be described as “publication-like.”
This tutorial isn’t about using WordPress — we have other tutorials for that. This one’s all about getting ready to rumble – how to get WordPress installed and set up on a web host. It also covers the “first steps” you should take before doing anything else on a new WordPress site.
Finally, we’ll lead you through the process of setting up a second WordPress installation for development and testing purposes.
Note: This tutorial is almost but not quite complete – a few embedded links may point to pages that don’t exist yet. Thanks for your patience.
Self-Install vs. Hosted
You can get a free WordPress site at wordpress.com, but if you’re doing serious work on the web, that’s probably not the way you want to go. Sure, it’s super-easy, but because the folks at WordPress control your installation, you’ll find that your options are limited. Want to install a cool theme you found somewhere online? You can’t do that. Want to enhance the functionality of your site with a plugin someone recommended? You can’t do that. Want to modify and tweak your site’s design? You’ll have limited options. WordPress.com “owns” your installation, and you’ll need to play by their rules.
If you want to run a professional web site, you’ll need to install WordPress software on your own domain, in a proper web hosting account that’s fully owned and controlled by you.
The WordPress software you’re allowed to download and install on your own server is available at wordpress.org (not .com). Same organization, two different domains, two different use cases.
Fortunately, most web hosts make it trivially easy to install the software available from wordpress.org directly into your hosting account with a few clicks.
The first thing you need to do is to purchase a standard web hosting account. There are literally thousands of choices out there, but take note: Not all web hosts are created equal! They may look similar on the surface, but there’s more to choosing a web host than comparing prices and features – service and support, security, backup systems, and system monitoring really do matter!
Most people will only ever use a tiny fraction of the features offered by a web host, so don’t let things like “unlimited email addresses” or “unlimited bandwidth” be your main criteria. Instead, do a search for “web hosts compared” or “recommended web hosts.” As with most things in life, you’ll probably be sorry if you choose the cheapest host you find. In our experience, people have the best experience with mid-priced hosts that use the cPanel hosting system. We like bluehost.com and justhost.com, though cPanel is used very widely.
The rest of this tutorial assumes that you’re set up with a decent web host and that your domain resolves in a web browser.
Using a WordPress Installer
There are two primary ways to install WordPress. Most hosts provide a simple WordPress “Installer,” which is by far the easiest. If an installer is not available, you can install WordPress “manually.” We’ll cover both situations here.
Your web host should provide some kind of back-end “control panel” that lets you create email addresses and databases, configure your spam controls, manage backups, etc. In most cases, the control panel is accessible after logging into the host’s homepage. Alternatively, you may need to access a special URL, which is often:
Check your host’s FAQs or documentation if you’re not sure where to find it. If the screenshots and instructions here don’t look identical to the ones you see in your own control panel, don’t worry – the concepts will be similar even if the details differ.
Once you’ve logged into your control panel, look for a button or link that says “Software” or “Blog” or “WordPress” or possibly “Fantastico”:
Within that section you should see an option to install WordPress itself:
Click that WordPress icon or link and you may end up at a screen that looks something like this:
Again, installers look different from one host to another – your host’s installer will likely look somewhat different from what you see here, but the concepts will be the same. You want to click through the installer until you get to a screen that asks what URL and path you want to install into. Watch carefully now!
In this case, the installer is asking in step 1 which of the user’s several domains to install to.
Next, it’s suggesting that wordpress be installed in a folder called “wordpress,” which would result in it being accessible at the URL
http://shacker.net/wordpress. It’s suggesting that URL to be conservative – in case you’ve already put files at the root of your domain, it doesn’t want to overwrite them. But that’s probably not what you want – you want your main site to be available at your base domain – in this case,
shacker.net. So remove the word “wordpress” or “wp” or whatever it shows here, and the URL should automatically update itself to reflect the change.
Next, the installer may ask you which version of WordPress to install. In most cases, you’ll want to take the most recent version available.
The installer may ask you to accept the open source WordPress license agreement. Do so.
The installer may ask whether you want to set up a database manually, or let the installer do it for you. Most people should let the installer take care of this.
Finally, the installer will ask what username to use for the main administrator account. If it suggests the username “admin,” change it! Because “admin” is such a commonly used name for the primary account, this only makes it easier for bad guys to guess their way in to your Dashboard. Change this to a username you can remember, along with a good strong password.
Take a moment to make sure you know your username and password!
Optionally give the site a title and select a language (you can always change these later).
When installation is complete, the installer will summarize the process and provide a link to your shiny new WordPress site.
Click the link to your site, look for the Login link in the sidebar, and make sure you can get in. You should now skip to the First Steps section of this tutorial.
Installation the Hard Way
If you got your WordPress site up and running in the previous step, congratulations! You can skip this page.
If your web host doesn’t provide an automatic installer, you can still install WordPress “the old way.” In fact, even before the advent of installers, WordPress prided itself on its “Famous 5-minute installations.” However, you might want to consider finding a more modern web host.
- Download a copy of the WordPress .zip file from wordpress.org and expand it to a folder on your Desktop.
- Log into your hosting control panel, find the Databases section, and create a new database. Take note of the database name, and the username and password needed to access it. These are not your WordPress username and password – they’re database credentials. You’ll need them during setup, then never again – make them strong!
- In the WordPress folder you downloaded from wordpress.org, find the file called wp-config-sample.php. Make a copy of this file as wp-config.php, then open that copy in a text editor such as Notepad or TextEdit. Find the lines that reference the database credentials and edit them to match the credentials you set up at your host.
- Using FTP, upload the entire folder to the right location on your web host. If you need help with FTP, see our FTP Tutorial. If you want the blog to be on your main domain, upload the contents of the WordPress folder into your public_html directory. If you want the blog to be in a subdirectory, such as example.com/blog, then upload the WordPress folder itself into public_html, then rename the wordpress folder to “blog”.
- Access the blog’s URL (such as example.com/blog) in a web browser and WordPress will install the required tables into your blank database, then create a username and password for an administrative user. Copy this generated password to your clipboard, then click the “Log in” button.
- Immediately after successfully logging in, click your name at the top right and change the password to something you can remember.
That’s it! You’re up and running.
Need more help? Detailed installation instructions are available here.
Once your site is up and running, there are a few things you should take care of right away.
Password and Byline
Before doing anything, make sure you’ve got your new username and password memorized or stored securely. If the password was generated for you, change it immediately to something you can remember. You’ll also need to enter your full name into the system so that your stories will have complete bylines. We cover these steps in our WordPress for Writers tutorial: Set Your Byline and Password.
Like every page on the internet, each story on your site will have a unique URL. By default, this URL looks something like this on most WordPress installations:
That “?p=123” portion doesn’t provide any useful information to humans or search engines, and you’ll want to replace that with something more elegant before you start publishing. See the Settings section of our Advanced WordPress tutorial for more on this.
It won’t take long for the spambots to find your site and start trying to attach spammy comments to your stories. Nip this in the bud by installing spam controls now! See the Comments and Spam section of our Advanced WordPress tutorial for more on this.
There’s a lot more to running (or writing for) a WordPress site than first meets the eye. See our WordPress Basics tutorial for a detailed first look at the system.
Development and Testing
All web software gets occasional updates and upgrades – some for security reasons, others to add new features. Whether you’re using WordPress, Drupal, Django, or any other CMS, it’s important to keep your software up to date, both for security reasons and so you don’t miss out on important new features.
Unfortunately, it’s not uncommon for updates to conflict with plugins and themes your site is depending on in production. But you can’t risk breaking your live/production site when you update the core software!
You also may want to make changes to your site’s theme, but it would be unprofessional to do this kind of development work on your live site.
Therefore it’s critical to have a “staging” site where you can test out new updates or plugins before putting them into production.
There are two ways to go about this. You can set up your laptop or desktop as a “development” machine by installing PHP, Apache, and MySQL. But that can be a lot of work for the uninitiated (software like WAMP or MAMP can make this a lot easier).
The other way is to set up a second WordPress installation at your web host, parallel to the first, for the sole purpose of theme development, plugin testing, and upgrade testing. This second site can be hidden from public view so that no one but you can access it.
While you could certainly install WordPress in a subdirectory, like
http://example.com/dev, you probably don’t want to do that, for reasons having to with relative paths (see our HTML 101 tutorial for more on that). It’s much better to set up your staging site on a subdomain, such as
So: Return to your web host’s control panel and find the section labeled “Subdomains.”
Click to create a new subdomain and fill in the fields as shown:
After clicking Create or OK, check the new URL (which should be something like
dev.example.com) in a browser to make sure it resolves. Now return to the WordPress installer and run it again, just like you did before. But this time, when it asks where you want to install WordPress, select your subdomain from the drop-down list.
Once your second WordPress installation is up and running, configure it the same way as your primary one – install the same theme and the same plugins, give it the same URL structure, etc.
Note: You don’t need to copy all of the databased content and uploaded media over from the primary installation to your staging site. You can if you want to, but for the purposes of development and testing, it’s generally sufficient to have maybe a dozen pieces of test content in the system, or at least enough to make sure all of the navigation menus, tags and categories, etc. are working. Your dev site is for testing plugin compatibility and for making changes to your site design. It’s generally not important to keep all of the actual content in the site duplicated.
If you do decide you want to copy over the content, the easiest way is this:
- In the Dashboard of the production site, go to Tools | Export. Select “All Content” and click “Download.”
- In the Dashboard of the staging site, go to Tools | Import, and select WordPress format.
- Your site will probably prompt you to install the WordPress Importer plugin – do so.
- Continue with the Importer wizard, and select the file you downloaded in step #1.
- Follow the prompts in the Importer wizard and let it run to completion.
You don’t want Google or Bing indexing your test content, and you don’t want users seeing you try out experiments. Therefore, the final step is to keep unwanted visitors away from your staging site. To fix this situation, install the plugin Registered Users Only and activate. Now your staging site will become fully inaccessible to anyone lacking Dashboard login credentials.
You’re ready to rumble!
About this Tutorial
This tutorial was written by Berkeley Advanced Media Institute webmaster Scot Hacker for students at the UC Berkeley Graduate School of Journalism, and for fellows of Berkeley Advanced Media Institute’s digital media training programs.
This content may not be republished in print or digital form without express written permission from Berkeley Advanced Media Institute. Please see our Content Redistribution Policy at multimedia.journalism.berkeley.edu/content_redistribution/.