Before I explain why I like to install WordPress (WP) manually, I wanted to remind anyone that does not have a WP, you can try it out for free now. Just go to WordPress.com and sign up . You can see all the features and test out if the framework will work for you. Go nuts and break it to your heart’s content. Even if you are planning on building your own site, you should still sign up for a free website. Unless you want to spend time setting up PHP and SQL on your local computer as your development (dev) machine, the free account can be your dev site to test most things before it goes live. We’ve all made changes to our website and unknowingly broke something. The dev site gives you a chance to look at it before any of your readers see it. The free site does not allow paid ads.
Okay, back to installing WP. This step is mostly following walkthroughs but I’m going to explain why it is a good idea to use an custom install directory.
If you did what I suggested before, you should now be the proud owner of space on a computer hooked up to the Internet just waiting for your next bestseller. No? Well, you should have a host account. If the host company offers to install WP for you, only do it if you can set the directory for it (or follow the option at the end for moving your installation). For security reasons, I recommend never installing in the base directory. Why? Because WP is made up of PHP scripts, a language that will communicate with the database holding the text content of your website, like your story chapters or links to your artwork. You don’t want people to mess with your database outside the normal querying and storing of usernames, passwords, etc., if your site has website usernames (ThePenintheStone.com does not, for now). If you have a premium section, you will want that but for simplicity, I keep it hidden.
As with any big service, people are always looking to exploit holes in it. Nothing is full-proof but when you install in the base directory, you are allowing hackers easier access to find buggy PHP scripts. They are all located in the same location of WP package because WP extracts into the same directory structure for every site.
Hypothetically, in one of the releases, there is a buggy PHP script called BadScript.php in the /wp-includes directory. The script can be tested on multiple servers /wp-includes/BadScript.php. The domain name string will be a variable that will be run over and over with different domain names. It is all automated. Since most people install in the base directory, the hacker will find a lot of good hits.
If we do a few simple steps when we install WP, we can make it more difficult. Now, the structure is hidden and can be anything you want. You install the WP files in a directory name /myWordPress/, so now, the bad script is located at /myWordPress/wp-includes/BadScript.php. Remember, the directory can be anything you want. See the difference? Now, someone running a hack script will need a variable for the domain names, plus a second variable to guess your WP directory. Is it 100% hacker-resistant? No, but it makes it a lot harder.
There are a couple of walkthroughs you need to look at:
Just remember to create the WordPress folder first and install the files in there. Also, when the instructions say go to /wp-admin/install.php, it now means /myWordPress/wp-admin/install.php and your admin area will be /myWordPress/wp-admin.
With that all said, you can use the automatic installer that puts the WP installation in the base directory. If you do or you already have WordPress installed, you can still move your files to another directory. Go to:
This is a lot to take in. If you have any question, feel free to comment and ask.
Next time, I’ll discuss the structure of the site and my permalinks settings for serial stores. This needs to be resolved before you start your stories. It will break links to your pages if you do it at a later date.