Installing WordPress – Do’s and Don’ts
One of the big mistakes people use when installing WordPress is to use Fantastico. I love easy but there are a couple security risks using them.
First – It is often not up to date. I just checked three different hosting accounts and right now all of them are a version behind. As it has been almost two weeks since the last upgrade from 2.8.4 to 2.8.5 this would put you behind the eight ball security wise from the start.
It is very easy and quick to use Fantastico but the very first thing you would need to do after the install is upgrade your blog. Where is the savings in time now?
Next Fantastico uses the same data base naming structure and that will leave you more vulnerable if anyone gets into your server. Fantastico uses a default name wrdp1 or what ever number the blog is making it easier for hackers to get in. It is a shame that people will spend their time trying to ruin things for others but it is a fact of internet life so the more secure the better.
The installation of a blog manually is not that much harder and you can avoid these two problems easily. You will need to be able to ftp files but that is something you should know anyhow. FTP programs like Filezilla are free so there is no added expense but you will need to learn a necessary skill.
With the new versions of WordPress everything else you need to add after the blog is installed can be done from the dashboard. You can add new themes and plugins that way easily. This can be a bit time consuming.
If you don’t want to spend the time or learn how to ftp I do recommend Alex Syseof’s Expert WordPress. If you upgrade his blog installer will do a Fantastico type install but with the plugins and themes added and the security holes plugged. It also sets most of the plugin settings for you so it is the fastest way to get a blog up and prepped.
Want to do it your self here are the steps.
1. Download and extract the latest version of WordPress on your computer.
2, Create a data base on your server with user that has access.
3. Edit the wp-config-sample.php and save as wp-config.php with the data base information
4. Place the WordPress files in the folder you want the blog to reside.
5. Run the WordPress installation script.
For detailed instructions on each of these steps go to the WordPress Codex for installing WordPress
About the author
|
Mike Paetzold got started blogging in 2003 and has become an expert on using WordPress. He has become known as The WordPress Guy. After being an under ground niche marketer using his blogs he has surfaced to share some of the ways he uses blogs to enter various niches profitably. |
Related posts
Like this post? Subscribe to my RSS feed and get loads more!
Disclaimer: Some of the links mentioned within this post or posts it may lead to are my affiliate links and in such case I will get compensated for recommending those products. However, I will never recommend something that I don’t personally believe in and I welcome your questions and feedback.
9 comments
Gareth C Thomas on November 1, 2009 at 6:13 am
Hi Mike,
You’re right about this. It is a trade-off between quick and easy but with potential security issues or a little longer to install and modify but with far more security.
Have you got a list of plugins that you’d upload and activate to the new install with a short explanation of the reasons why you’d recommend those particular plugins?
Do you do this yourself or prefer to use Alex’s paid service?
Or perhaps it would be better for us to download and keep all the required basic WP plugins in a single folder on our hard drive and then ftp them up in one go to the WP installation for activation.
In other words, we can do what Alex’s service does but obviously cheaper (just our time). This is especially important if we’re creating lots of blogs (it could get pretty expensive otherwise).
Your thoughts please.
Gareth
.-= Gareth C Thomas´s last blog ..Word on the street: Rent the Killers’ party house =-.
CarltonsEnt on November 1, 2009 at 12:15 pm
Hey Mike,
Thanks for the great info again.
I have a few blog installs scheduled and will definitely be using the manual process.
My biggest concern is security. There is nothing worse than installing a blog for a client only to find out later that it was hacked due to a hole not being plugged.
Do you have any recommendations for making a blog bullet proof?
Your thoughts are greatly appreciated?
High Regards,
CarltonsEnt
Doug Champigny on November 1, 2009 at 9:22 pm
I couldn’t agree more, Mike – while Fantastico was a great solution before the hackers cottoned on to it, Alex’s free Expert WordPress gets my nod too. It’s a simple solution for people to set up their blogs securely, and the included SEO plugins are a bonus. Short of sing your paid blog service, I’d say Alex’s EWP is the best of it’s kind out there today.
.-= Doug Champigny´s last blog ..Powerful Internet Marketing Training Available For Free… =-.
Walter on November 1, 2009 at 10:40 pm
I did not know that about Fantastico, good thing I have installed mine using Filezilla. This would be a big help to newbies.
Joel Osborne on November 1, 2009 at 10:45 pm
Great advice Mike. I use to use Fantastico all of the time, but thanks to you I have learned better now. It doesn’t take much longer to install it yourself. Do a few and it will start taking just minutes.
.-= Joel Osborne´s last blog ..Blog World Tour – Become A Blog Star! =-.
Fred Lotgering on November 2, 2009 at 8:56 pm
I’m just struggling with this subject. Fantastico is so easy and being on or 2 updates behind doesn’t really matter as Wordpress now updates to latest version within seconds. So egat are all this security updates from Wordpress about. Are they covering the limitations of Fantastico? But should be a generated password not be security enough (of course some of us, like me, might use same password all over again to make access easy). But if you use the generated passwords? Seems hard to crack to me! I have just used some EWP installations. Seems secure, so much that plugin which require remote access doesn’t work. I expect that most hackers just go after the config file where all the info is listed….
More comments?
.-= Fred Lotgering´s last blog ..Move an OFFline business ONline =-.
Lonnie Minton on November 3, 2009 at 12:28 am
I agree with you on the timeliness of Fantastico. Apparently it does not keep up with the WordPress up dates or my hosting company does not. I installed my last blog manually because Fantastico was not up to the latest version. Was not aware of the other security issues you mentioned.
.-= Lonnie Minton´s last blog ..Getting Started in Affiliate Marketing Requires Action =-.
Luca Di Nicola on November 5, 2009 at 10:04 am
I’m hearing more and more about security issues with WordPress so this is great advice. It may seem a little difficult at first but it’s worth it.
.-= Luca Di Nicola´s last blog ..How To Increase Blog Traffic By Using A Twitter Retweet Plugin =-.
Earl Netwal on November 6, 2009 at 6:01 pm
Is it possible to go back and redo a blog once its set up in Fantastico? Or is the deed done at that point?
.-= Earl Netwal´s last blog ..How Article Marketing Benefits Your Business =-.