Learn how to build your WordPress website. Build your very own website with this Complete WordPress Guide – no experience, programming, or coding necessary.
The first thing that you need to do in order to create a WordPress website is to buy a domain name and web hosting. A domain is the name of your website. Web hosting is where your files are stored.
In this tutorial, we will cover everything you need to know about WordPress.
- What is WordPress
- Get Started with WordPress
- Get Domain Name
- Get Hosting for WordPress
- Download & Install WordPress
- Access WordPress Dashboard
- Do Some Basic Settings
- Things To Know
- Optimize Your WordPress Site
- Secure Your WordPress Website
- WordPress Import & Export
- Backup Your WordPress Site
- Moving Your WordPress Site
What is WordPress
WordPress is open source software you can use to create a beautiful website, blog, or app.
Official Website – WordPress.org
Learn More
WordPress vs. wordpress.com
People are often confused about the differences between WordPress and WordPress.com. WordPress is a free, Open Source web publishing software project, owned by no one individual or company. WordPress.com is a hosted blogging service run by a company called Automattic.
Matt Mullenweg is both CEO of Automattic and co-founder of WordPress. Matt is involved with both WordPress and WordPress.com. Some WordPress contributors are also employees of Automattic. There are many more WordPress contributors, most of which have no connection with WordPress.com.
Get Started with WordPress
- Get your best domain name.
- Get a web host that supports WordPress.
- Download & Install WordPress on the web host.
- Access your WordPress dashboard.
- Do some basic WordPress settings.
- Things you should know.
1. Get Domain Name
Get your best domain name for your WordPress site.
Best Domain Registrar
- Namecheap
- Google Domain
Learn – How to choose a domain name
2. Web Hosting for WordPress
There are hundreds of thousands of web hosts out there, the vast majority of which meet the WordPress minimum requirements, and choosing one from the crowd can be a chore.
To run WordPress, it is recommend that your host supports:
- PHP version 7.4 or greater.
- MySQL version 5.6 or greater OR MariaDB version 10.1 or greater.
- HTTPS support
WordPress recommends Apache or Nginx as the most robust and featureful server for running WordPress, but any server that supports PHP and MySQL will do.
Best Web Hosting for WordPress
- SiteGround – for shared hosting
- Cloudways – for cloud hosting
Learn – How to choose web hosting plan
Server Environment for WordPress
Although WordPress can work in almost any environment. Here are some minimum recommendations of the environment in which it would work most effectively.
Web Server
The web server is the software dedicated to run the files of the website and where users come to consult them, mainly through the Web.
There are many web servers and, generally, any that support the execution of PHP files should be able to work with WordPress.
When it comes to the server, web, WordPress officially supports:
Also, checked or used by hosting companies and developers:
PHP
PHP is a programming language on which WordPress code is based. This language runs on the server and it is important to keep it up to date, both for security and functionality.
WordPress supports many versions of PHP, some even obsolete, but as a general rule, you should use only those with security or stable support.
Officially the WordPress core supports from PHP 5.6.20 to PHP 8.0. However, not all themes or plugins are supported.
When it comes to PHP, WordPress works best with the following versions:
PHP Extensions
WordPress core makes use of PHP extensions. If the preferred extension is missing WordPress will either have to do more work to do the task the module helps with or, in the worst case, will remove functionality. Therefore the PHP extensions listed below are recommended.
- curl – Performs remote request operations.
- dom – Used to validate Text Widget content and to automatically configure IIS7+.
- exif – Works with metadata stored in images.
- fileinfo – Used to detect mimetype of file uploads.
- hash – Used for hashing, including passwords and update packages.
- imagick – Provides better image quality for media uploads. Smarter image resizing (for smaller images) and PDF thumbnail support, when Ghost Script is also available.
- json – Used for communications with other servers.
- mbstring – Used to properly handle UTF8 text.
- mysqli – Connects to MySQL for database interactions.
- openssl – Permits SSL-based connections to other hosts.
- pcre – Increases performance of pattern matching in code searches.
- sodium – Validates Signatures and provides securely random bytes.
- xml – Used for XML parsing, such as from a third-party site.
- zip – Used for decompressing Plugins, Themes, and WordPress update packages.
For the sake of completeness, below is a list of the remaining PHP modules WordPress may use in certain situations or if other modules are unavailable. These are fallbacks or optional and not necessarily needed in an optimal environment, but installing them won’t hurt.
- bcmath – For arbitrary precision mathematics, which supports numbers of any size and precision up to 2147483647 decimal digits.
- filter – Used for securely filtering user input.
- gd – If Imagick isn’t installed, the GD Graphics Library is used as a functionally limited fallback for image manipulation.
- iconv – Used to convert between character sets.
- intl – Enable to perform locale-aware operations including but not limited to formatting, transliteration, encoding conversion, calendar operations, conformant collation, locating text boundaries and working with locale identifiers, timezones and graphemes.
- mcrypt – Generates random bytes when libsodium and /dev/urandom aren’t available.
- simplexml – Used for XML parsing.
- xmlreader – Used for XML parsing.
- zlib – Gzip compression and decompression.
These extensions are used for file changes, such as updates and plugin/theme installation, when files aren’t writeable on the server.
- ssh2 – Provide access to resources (shell, remote exec, tunneling, file transfer) on a remote machine using a secure cryptographic transport.
- ftp – Implement client access to files servers speaking the File Transfer Protocol (FTP).
- sockets – Implements a low-level interface to the socket communication functions based on the popular BSD sockets.
The priority of the transports are Direct file IO, SSH2, FTP PHP Extension, FTP implemented with Sockets, and FTP implemented through PHP alone.
System Packages
- ImageMagick – Required by Imagick extension
- Ghost Script – Enables Imagick/ImageMagick to generate PDF thumbnails for the media library.
Database
For data storage, WordPress uses systems compatible with MySQL.
Officially supported by WordPress:
Checked or used by hosting companies and developers:
The use of these latest versions is recommended, both for performance and security reasons, although previous versions usually work without problems.
MySQL and MariaDB are extremely fast. It is also the most widely available database server in the world. Open-source and free, MySQL and MariaDB are supported by thousands of low-cost Linux (and Windows) hosts, which means a very low barrier to entry for anyone wanting to start a WordPress (or database-driven) website.
Users are able to directly manipulate MySQL and MariaDB with phpMyAdmin.
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL/MariaDB over the Web.
3. Download & Install WordPress
The easiest way to get WordPress is through a hosting provider, but sometimes tech-savvy folks prefer to download and install it themselves.
There are mainly two ways you can choose to install WordPress – Automatically or Manually.
Install WordPress Automatically
Many web hosts offer tools to automatically install WordPress for you. The most popular auto-installers are APS, Fantastico, Installatron, and Softaculous.
If you prefer a manual installation you can take a look at the Installation Guide below.
Install WordPress Manually
Step 1 : Download the WordPress
Download the WordPress package from WordPress.org.
Step 2 : Create the Database and a User
Create database and user, and assign user to database with all privileges.
Note: It is not essential to create a new database for each WordPress installation. If you have only one database and it is already in use, you can install WordPress in it – just make sure to have a distinctive prefix for your tables to avoid over-writing any existing database tables. Take care to edit the wp-config.php file ensuring that each installation has a unique database prefix.
Step 3: Set up wp-config.php
The wp-config.php file is one of the most important files of your website. It’s located in the root of your WordPress installation and contains most of the website’s configuration details, such as database connection information. Editing this file can be done in any plain-text editor. Usually this isn’t necessary unless you’re installing WordPress manually.
When you first download WordPress, the wp-config.php file isn’t included. The WordPress setup process will create a wp-config.php file for you based on the information you provide.
You can manually create a wp-config.php file by locating the sample file named wp-config-sample.php (located in the root install-directory), editing it as required, and then saving it as wp-config.php.
Locate the file wp-config-sample.php in the base directory of your WordPress directory and open in a text editor, add your database information, then save it.
To change the wp-config.php file for your installation, you will need this information:
- Database Name – Database Name used by WordPress
- Database Username – Username used to access Database
- Database Password – Password used by Username to access Database
- Database Host – The hostname of your Database Server. Replace ‘localhost’, with the name of your database host, e.g. MyDatabaseHost. A port number or Unix socket file path may be needed as well.
Note: There is a good chance you will NOT have to change it. If you are unsure, try installing with the default value of ‘localhost’ and see if it works. If the install fails, contact your web hosting provider.
Default wp-config-sample.php
Note: This is an example of a default wp-config-sample.php. The values here are examples to show you what to do.
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );
/** MySQL database username */
define( 'DB_USER', 'username_here' );
/** MySQL database password */
define( 'DB_PASSWORD', 'password_here' );
/** MySQL hostname */
define( 'DB_HOST', 'localhost' );
Note: Text inside /* */ are comments, for information purposes only.
Learn More : The complete official guide to edit wp-config.php file
Step 4: Upload the WordPress files
Upload WordPress files to your public_html or root folder using File Manager or FTP.
Upload the WordPress files to the desired location on your web server:
- In the root directory of your website. (For example, http://example.com/)
- In a subdirectory (blog) of your website. (For example, http://example.com/blog/)
Step 5: Run the Install Script
Run the WordPress installation script by accessing the URL in a web browser.
- If you placed the WordPress files in the root directory, you should visit: http://example.com/wp-admin/install.php
- If you placed the WordPress files in a subdirectory called blog, for example, you should visit: http://example.com/blog/wp-admin/install.php
Setup configuration file and finish installation. If you successfully install WordPress, the login prompt will be displayed.
4. Access WordPress Dashboard
WordPress Admin Login URL :
https://yourdomain.com/wp-login.php
WordPress Admin Dashboard URL :
https://yourdomain.com/wp-admin
Understanding the Admin Screens
The WordPress Admin Screen provides access to the control features of your WordPress installation.
Learn More – Admin Screen
5. Do Some Basic Settings
Configuration Settings
- General Settings – Choose site title and tagline, WordPress and Site URL, Time, Date, and Language;
- Writing Settings – Set default post category and format, configure post via email;
- Reading Settings – Set homepage and blog page;
- Discussion Settings – Manage engagement on your site;
- Media Settings – Set image size;
- Permalink Settings – Set permalink structure;
Install your favorite theme and some important plugins.
6. Things To Know
Theme
A Theme is the overall design of a site and encompasses color, graphics, and text.
Learn More
Plugins
Plugins allow you to add new features to your WordPress blog that don’t come standard with the default installation.
Learn More
Post vs Page
Posts are entries listed in reverse chronological order on your site. Think of them as articles or updates that you share to offer up new content to your readers.
Pages are static and are not affected by date. Think of them as more permanent fixtures of your site – an About page, a Contact page, and a Home page are great examples of this. You may also have a Blog page which is used to display your posts.
Learn More
Categories vs Tags
Categories and tags are very similar. They both allow you to organize content that can then be used in a variety of ways. However, there are a few differences.
Categories are best used for broad groupings of topics. For example, if you’re creating a site that reviews media, you might use categories such as Books or Film or TV.
Tags are much more specific topics that you want to use to associate related content. For example if you were creating a site that reviews media, you might want to use tags such as science fiction or horror or action adventure.
Learn More
Updating WordPress
You can update to the latest version of WordPress, as well as update your themes, plugins, and translations from the WordPress.org repositories. If an update is available, you᾿ll see a notification appear in the Toolbar and navigation menu. Keeping your site updated is important for security. It also makes the internet a safer place for you and your readers.
Tips: In most cases, WordPress will automatically apply maintenance and security updates in the background for you.
Editing WordPres Files
There are times when you will need to edit WordPress files, especially if you want to make changes in your WordPress Theme. WordPress features a built-in editor that allows you to edit files online, using any internet browser. You can also edit files copied or stored on your computer, and then upload them to your site using an FTP client.
Learn More – Editing Files in WordPress
Official Learning Resources
Optimize Your WordPress Site
You should always optimize your WordPress site and your server to run as efficiently as possible.
First, let’s understand – What Affects Performance and How Do You Measure Performance.
Performance Factors
Several factors can affect the performance of your WordPress blog (or website). Those factors include, but are not limited to –
- Hosting environment,
- Software versions,
- WordPress configuration,
- No. of images and their sizes.
1. Hosting environment
Hosting Setup
- Shared Hosting
- Virtual Hosting (VPS)
- Dedicated Servers
Number of Servers
The WordPress database can be easily moved to a different server and only requires a small change to the config file. Likewise images and other static files can be moved to alternative servers.
Hardware Performance
Your hardware capability will have a huge impact on your site performance. The number of processors, the processor speed, the amount of available memory and disk space as well as the disk storage medium are important factors. Hosting providers generally offer higher performance for a higher price.
Geographical Distance
The distance between your server and your website visitors also has an impact on performance. A Content Delivery Network or CDN can mirror static files (like images) across various geographic regions so that all your site visitors have optimal performance.
Server Load
The amount of traffic on your server and how it’s configured to handle the load will have a huge impact as well.
If configured properly, most hosting solutions can handle very high traffic amounts. Offloading traffic to other servers can also reduce server load.
Abusive traffic such as login Brute Force attacks, image hotlinking (other sites linking to your image files from high traffic pages), or DoS attacks can also increase server load. Identifying and blocking these attacks is very important.
2. Software version
Making sure you are using the latest software is also important, as software upgrades often fix bugs and enhance performance. Making sure you’re running the latest version of Linux (or Windows), Apache, MySQL/MariaDB, and PHP is very important.
3. WordPress configuration
WordPress Core: Keeping up with WordPress upgrades is important.
Theme: Your theme will have a huge impact on the performance of your site. A fast, lightweight theme will perform much more efficiently than a heavy graphic-laden inefficient one.
Plugins: The number of plugins and their performance will also have a huge impact on your site’s performance. Deactivating and deleting unnecessary plugins is a very important way to improve performance.
4. Image Optimization
Making sure the images in your posts are optimized for the web can save time, bandwidth and increase your search engine ranking.
Performance Testing Tools
- Webpagetest – This tool is for testing real-life website performance from different locations, browsers, and connection speeds.
- Google PageSpeed Insights – It is a way to measure your WordPress site’s performance and receive clear, specific feedback on how to make improvements.
- The built-in browser developer tools (ie. Firefox or Chrome) all have performance measurement tools.
How to improve performance in WordPress … ???
Performance can be increase by optimizing your WordPress website.
Optimizing Your WordPress Website
- Upgrade your hosting – Choose quality hosting
- Use fast and lightweight theme
- Minimize the use of plugins
- Delete unused plugins and themes
- Clean up your media library
- Clean up your database
- Implement caching
- Remove Render-Blocking Javascript and CSS
- Minify CSS, HTML, and JavaScript
- Optimize Images
- Minimize HTTP Requests
- Use a Content Delivery Network (CDN)
WordPress Performance Plugins
Best plugins for WordPress performance
- W3 Total Cache
- WP Rocket
Secure Your WordPress Website
WordPress itself is very secure as long as security best practices are followed. The main cause of WordPress sites being compromised is out-of-date plugins.
WordPress security is a never-ending job. There’s no way to eliminate threats.
Website security and cybersecurity in general – is about reducing risk as much as possible. That means deploying multiple security methods and precautions to keep threats at bay.
The goal of a hacker is to gain unauthorized access to your WordPress site on an administrator level, either from the frontend (your WordPress Dashboard) or on the server-side (by inserting scripts or malicious files).
Let’s understand some common WordPress security issues.
Common Security Risks
1. Brute Force Attacks
Unauthorized logins are typically performed by “brute-force”.
Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.
Due to the nature of these attacks, you may find your server’s memory goes through the roof, causing performance problems. This is because the number of http requests (that is the number of times someone visits your site) is so high that servers run out of memory.
3. Software Vulnerabilities
Software vulnerabilities are often caused by a glitch, flaw, or weakness present in the software.
WordPress sites are vulnerable because of using outdated plugins, themes, and WordPress core software.
Never miss security updates. Outdated software leaves sites vulnerable because updates are usually designed to address critical security issues.
4. SQL Injection
Attackers most often use SQL injections through visitor-facing submission forms, like contact forms, payment info fields, and lead forms. When hackers enter information in these forms, they’re not hoping to use your content offer — they’re submitting code that will run and make changes from within.
SQL injections occur when an attacker gains access to your WordPress database and to all of your website data.
During an SQL injection, a hacker gains the ability to directly view and modify your site’s database. Attackers can use SQL to make new accounts on your site, add unauthorized links and content, and leak, edit, and delete data.
5. File Inclusion Exploits
A WordPress website’s PHP code is the next most popular security issue that is exploited by attackers. PHP is the server-side programming language WordPress is built on.
File inclusion exploits happen when vulnerable PHP code is used to load remote files that are in the server.
File inclusion exploits are one of the most common ways an attacker can gain access to wp-config.php which is in fact the WordPress configuration file.
WordPress Security Best Practices
- Don’t use the ‘admin’ username – The majority of attacks assume people are using the username ‘admin’ due to the fact that early versions of WordPress defaulted to this.
- Use strong password – The goal with your password is to make it hard for other people to guess and hard for a brute force attack to succeed.
- Use Two-Factor Authentication – To further increase the strength of your password, you can enable Two-Step Authentication to further protect your website.
- Limit login attempts
- Limit access to wp-login.php by IP
- Keep WordPress, themes, and plugins updated
- Do not get plugins and/or themes from untrusted sources. Restrict yourself to the WordPress.org repository or well-known companies.
- Review WordPress themes and plugins regularly
- WordPress security keys and salts
- Deny access to no referrer requests
- Use SSL Certificate
- Protect wp-config.php file – Your WordPress wp-config.php file, which resides in your WordPress root directory, contains your database username and password. It also tells anyone reading that file which machine your database runs on. With these three pieces of information, a hacker can connect to your website database and steal your data or make any changes they like.
- Protect .htaccess file
- Prevent directory browsing
- Protect wp-includes directory
- Check files and folder access permission
- Change the prefix of database table
- Don’t use default database name
- Quality hosting is important because web hosting affects security. Qualities of a trusted web host might include:
- Readily discusses your security concerns and which security features and processes they offer with their hosting.
- Provides the most recent stable versions of all server software.
- Provides reliable methods for backup and recovery.
- Use .htaccess file to increase security –
- Backing up your website regularly
- Use SFTP when connecting to your server – Using SFTP is the same as FTP, except your password and other data is encrypted as it is transmitted between your computer and your website.
- Always keep your operating system and the software on it, especially your web browser, up to date to protect you from security vulnerabilities. If you are browsing untrusted sites, we also recommend using tools like no-script (or disabling javascript/flash/java) in your browser.
- Protecting your WordPress site with a Firewall
Best Plugins for WordPress Security
- itheme security
- sucuri
WordPress Import & Export
WordPress Import Tool
A WordPress Import tool is used to migrate content from an already existing WordPress site to another. You can also use this tool to move a site from your local host to an online server. This also allows you to import from other blogging platforms as well.
Using the WordPress Import tool, you can import content into your site from another WordPress site, or from another publishing system.
WordPress Export Tool
WordPress Export will create an XML file for you to save to your computer.
This format, which is called a WordPress eXtended RSS or WXR file, will contain your posts, pages, custom post types, comments, custom fields, categories, tags, custom taxonomies, and users.
Exporting your WordPress data is sometimes necessary and useful. If you are moving to a new host or just want a backup of your site data, then Exporting your site is the answer.
Once the export file is created, import function in another WordPress installation, you can upload the file into that site.
Learn More
Backup Your WordPress Site
A backup is simply a copy of your site that you can restore if something goes wrong.
There are two parts to backing up your WordPress site: Database and Files. You need to back up the entire site, and you need to back up your WordPress database.
When it comes to backing up a WordPress site, one can do so through these two options.
- Backup WordPress Manually
- Backup Your WordPress Files Manually
- Backup via File Manager on Hosting Control Panel – cPanel
- Backup via FTP Clients – Filezilla
- Backup Your WordPress Database Manually
- Backup Your WordPress Files Manually
- Backup WordPress Automatically with Plugins
Backup WordPress Manually
- Download WordPress files (public_html folder) using cPanel or Filezilla.
- Export WordPress database using phpMyAdmin.
Backup WordPress Automatically
Note: Some managed hosting providers offer automatic daily backups for all your WordPress files and databases. Plus, you can initiate your own backup at any time. Download your own backup (zip file) and keep them on your hard drive.
Best WordPress Backup Plugins
- Jetpack Backup
- BackupBuddy
- UpdraftPlus
Learn More
Moving Your WordPress Site
Whether you are moving WordPress to a new server or to a different location on your server, you don’t need to reinstall. WordPress is flexible enough to handle all of these situations.
Moving WordPress – Scenario
- Moving to a New Server
- Keeping Your Domain Name and URLs
- Changing Your Domain Name and URLs
- Moving Directories on your Existing Server – Changing its URL
Learn more about the Moving WordPress from the official guide.
Move WordPress Site to a New Host
It is very easy to move your WordPress site from one host to another without changing the domain name and URLs. This can be done by moving WordPress Files and the Database.
There are mainly two ways to move WordPress websites:
- Migrate WordPress Manually
- Migrate WordPress with Plugin
Migrate WordPress Manually
Steps
- Download WordPress files – Download the public_html folder.
- Export WordPress database using phpMyAdmin tool.
- Create WordPress database on new host – Create user and add user to database with all privileges.
- Import WordPress database on new host using phpMyAdmin tool.
- Upload WordPress files to new host – Upload the public_html folder.
- Edit wp-config.php file to point to a new database.
- Configure DNS to point domain name to new host.
Migrate WordPress with Plugin
Best WordPress Migration Plugins
- All-In-One WP Migration
- Duplicator
Key Points To Note
- Migration should be carried out when your website is receiving the least number of traffic. You can use Google Analytics to figure that out.
- Keep in mind that large websites can be more prone to errors when using migration plugins. In those cases, manual migration is the better approach. If you follow the instructions carefully, you shouldn’t run into any problems.
- WordPress files can be downloaded in two ways.
- Through File Manager on Hosting Control Panel – cPanel
- Through an FTP client – Filezilla
- Unfortunately, you can’t download the public_html folder in File Manager without first compressing it. I always go with a ZIP archive.
- Before uploading the WordPress files, i.e. public_html folder, you need to ensure that there is no public_html folder already present in your File Manager.
- DNS changes can take up to 48 hours to fully propagate.
Note – Some hosting providers offer free migration services. They will migrate the site for you free of cost.