How to Install WordPress Properly & Secure It

I will explain how to install WordPress the right way and how to make your WP installation secure right from the beginning as well. Some web hosts make it easy to install WordPress with just one-click. They have such features, especially in cPanel (it used to be called Fantastico or Softaculous). However, I do not recommend these one-click installers, because they automatically add plugins to your WP install that you even don’t need. And they neither let you set your admin username, but leave it default as “admin” and that’s not good for security. So because of this I always prefer to install WordPress manually.

If you don’t have a web hosting account for your WordPress website yet, you can check which one I recommend and why in this article. Also, if you are new to WordPress and want to learn something more about it, you can check my other article that explains what is WordPress used for.

So let’s start. The first thing that we’re going to do is to create a MySQL database with its user. You can do this in your hosting account control panel in the “Database” section or in phpMyAdmin. Just create a database, create a database user with strong password and assign this user to the database.

The next step is to download WordPress right from the official WP website wordpress.org. Then extract the .zip file that you’ve downloaded and upload it via FTP to the root folder of your domain (this folder is usually called public_html). For the FTP upload I use FileZilla. One tip that I can give you here is to not upload all the files by one time, but upload the wp-admin folder first, then the wp-content folder and so on. I always do it this way to ensure that all files are uploaded correctly, as FTP is usually quite slow (at least on my end).

 

 

After you have successfully uploaded all WordPress files to your web hosting account, navigate to your domain name in your web browser. Now you need to run the WordPress installation. Choose your language and click “Continue”. Fill in all the details. You will need to enter your database name, database username and password, database host and table prefix. Database host should be “localhost” (if this doesn’t work, try to find this info in your hosting control panel or contact your web host) and the table prefix is your MySQL database prefix. It is recommended to change this from the default wp_ to something else, e.g. mxm_ (just don’t forget to add an underscore at its end). When you enter all the information, click the “Submit” button. If you entered everything correctly you should see a “Run the install” button, so just click on it.

 

 

Then fill in all the details: your site title (you will be able to change this later), your username (don’t use “admin” as username) and password, your email and if you want your website to be indexed by Google, do not tick the “Search Engine Visibility” checkbox. When you fill in all the details, click “Install WordPress” and you are ready. You can now log into your new WP website.

Now that your new WordPress install is ready, you might like to install a theme like e.g. Divi. To find out how to do it check my tutorial on how to install the Divi theme.

There is also a more detailed tutorial on how to install WordPress. You might like to check it out. It explains everything more thoroughly.

And if you are a web developer and need to set up many WordPress installations regularly, I recommend you to create a starting installation backup package with your basic WordPress settings. You will then just upload the backup’s .ZIP file to the server and restore the settings. You can achieve this using a plugin like e.g. Duplicator (it’s a free plugin).