WordPress is famous for having a 5-minute installation, and they aren’t kidding - it only takes 5 minutes to install the thing. While their guide is pretty good, there are a few things it doesn’t discuss, and I will cover them here:
Where To Install It
Generally speaking WordPress should always be installed in a separate directory. It helps with SEO (plus you can see how much of just your blog is indexed and how many links point to it if you have other junk on your site) and you never know what you’re going to do with your domain 10 years from now.
A tip I would highly recommend is never change the “site URL” in the WordPress options panel, always leave it where it is actually installed. On this blog I have it installed at /blog, which comes in handy for SEO reasons and it helps keep everything more organized.
Make Your Homepage The Blog
I don’t think this is really covered anywhere, but a surprising number of blogs do it. Goto the nusuni.com homepage, then goto the /blog page. Look the same, right? I did this by create a file in my website’s root directory called index.php that contains this code:
<?php
define('WP_USE_THEMES', true);
if(!include(dirname(__FILE__) . '/blog/wp-blog-header.php')) {
die("Sorry, couldn't load the <a href='http://www.nusuni.com/blog/'>blog</a>!");
}
?>All that code does is load in the blog header located in the /blog directory (that is there my WordPress is installed, change it if you need to), and if it doesn’t include it correctly a little error message will pop up. That message should never come up.
I am pretty sure this can cause some SEO issues and such, but I’m not too worried about it. If you are truly paranoid you can always hack together a regular homepage.
What Is The Most Secure Way To Run It
The best way to make your WordPress install as secure as possible is to:
- Use a unique MySQL user for the WordPress database, don’t use a user that has access to all databases.
- Keep it up to date
- Use a secure password
- Make sure your file permissions are all set correctly.
- Only use plugins from trustworthy sites (don’t download wordpress plugins from gambling sites, for example)
- Don’t give users more powerful permissions unless you really trust them
- And finally, make sure your server software is up to date. A sign of a bad web host is if they refuse to upgrade without a good reason.
Well, that’s it. Stay tuned for even more Back To The Basics posts!
Please subscribe, or else I will cry. Do you really want to make a programmer cry?
September 13th, 2007 at 3:08 pm
[…] Day 4: Installing WordPress […]
September 14th, 2007 at 5:00 am
Hi Jeremy - I stalked you from Shoemoney’s site!
I wish you’d written this before I installed wordpress. It took me weeks. In the end I had to switch to a host that had fantastico.
Do you have any posts on how to install your own header in wordpress?
September 14th, 2007 at 10:02 am
If by header you’re talking about the theme header, then I don’t have any posts currently, but I am writing a post about theme building for this series which will be released in a few days.