Installing and Upgrading WordPress Software
Getting It Done for You: Hosted WordPress
You've made the decision to get WordPress running on your own website. You want access to the full power of the software and its attendant community to help you communicate with the world, or at least your little corner of it.
Previous chapters covered functionality that's common between WordPress.com and WordPress software. Starting with this chapter, we're going to help you make the most of WordPress entirely outside the cozy environment of WordPress.com. This chapter covers the two ways of setting up WordPress on your own:
- Through an external provider, such as your Internet service provider (ISP) or a web hosting company (the choice for most people)
- On your own computer
Chances are pretty good that you don't want, or need, to have the headache of operating your own web server, connected to the Internet and available 24 hours a day, seven days a week. You just want some space on the Web to blog when the spirit moves you. Despite the shorthand term "self-hosted WordPress," the vast majority of WordPress.org software users run their blogs on someone else's server. If you want to be brave, though, and do it yourself, WordPress is there for you.
In this section, we want to help you find a good host for your site and get WordPress up and running.
Finding a Blog-Friendly Host
When looking at possible hosts for your blog, you'll need to make several decisions ahead of time. Some of these options are covered in Chapter 2, "Starting Your Blog Right":
- Do you want to have your own domain name, and how do you plan to register that name?
- How much time are you willing to commit to installing, updating, and administering your blog?
- Are you planning to include a lot of images, or stream audio or video from your blog?
- What are you willing to pay for blog hosting?
As with most things WordPress, you've got options when considering where to host your blog:
- ISPs offer free or low-cost websites to their users.
- WordPress.org recommends a few select WordPress-friendly hosts at http://wordpress.org/hosting. (These hosts pay Automattic a small fee for the listing.) These hosts offer one-click WordPress installations, access to multiple databases (good for running several blogs simultaneously), and financial support to WordPress to keep the WordPress websites and support forums up and functional. Some of these hosts come pretty cheap, too.
- Some hosting companies offer a range of support options for your WordPress blog. Look for the support you need.
Shopping for a web host generally involves obtaining enough disk space, bandwidth, and support for third-party software like MySQL databases and WordPress.
The amount of disk space available at a web host is similar to the amount of disk space available on your own computer. If a web host offers 10GB of space on its hard drives with your account, when you bump up against that limit, you can't save any more there.
Fortunately, simple text-based blogs have files measured in kilobytes (KB), and you could have many hundreds of posts before you even come close to hitting a 1GB space limit. Add a small image to each post, or the occasional video clip, and an allocation of 3GB or more should last you through your first hosting contract.
Bandwidth is the size of the pipe that brings data to and from your site. Your bandwidth use depends on two things: the size of your files and the popularity of your site. If you use your blog to keep 10 invited guests current on your daily life via text-mostly postings, bandwidth limitations are essentially meaningless to you. If you are a pop music star hosting a daily hour-long video blog designed to keep your millions of fans current on your daily life, you should get the biggest pipe available.
Web hosting companies generally give you a monthly bandwidth limit in the 25GB–75GB range. This is plenty for a standard website with a WordPress blog. Some hosts offer unlimited bandwidth, but you should ask them how they handle major traffic spikes and search the Web for customer complaints. (You don't want the best day for your blog traffic to be the worst day for your bank account!)
While shopping, make sure the host supports the minimum requirements to install WordPress (more about why you need this in the next section):
- PHP version 4.3 (or later)
- MySQL version 4.0 (or later)
You'd be hard pressed to find a host that doesn't support these minimums. Run away quickly if it doesn't! This means that host probably doesn't keep other software tools updated either.
Some hosts make it one-click easy to install and run WordPress on their systems, and others let you get as hands-on and customized with your installation as you want. At the very least, the hosts should have a Frequently Asked Questions (FAQ) page and basic information on how to install WordPress on your site. Better hosts allow you to use more than one MySQL database for multiple blogs, provide help installing plug-ins, and provide help with WordPress software updates (or handle updates themselves).
Ask as many questions of would-be hosts as you need to make a good decision. Answers should be on their site or a prompt email response away. If you send an email to a potential web host and don't hear back within 24 hours, you shouldn't do business with that host.
When you have selected your web host and reserved your space on the Web, you can install WordPress on your site.
Why PHP and MySQL?
In this chapter, you will see quite a few references to PHP and MySQL, and you may wonder what the references are here for. MySQL is a free relational database management system that stores and manages all the content of your blog. It is an essential prerequisite for installing WordPress. PHP is a programming language for the Web. After you've installed WordPress, a look into the installation directory will uncover a lot of files with the .php extension because this is the language in which WordPress is written.
PHP is the result of another lazy programmer's effort to simplify his life. Back in 1994, Rasmus Lerdorf wanted to eliminate some of the drudgery associated with updating his personal web page. Lerdorf wrote some Perl scripts to generate HTML tags based on some C code. In June 1995, he announced the existence of the PHP tools, version 1.0, in a Usenet CGI newsgroup. Those tools have since evolved into a full-fledged scripting language (now officially called PHP: Hypertext Processor). PHP has a powerful engine, called Zend, and a large community of developers hacking the code. You can read more about the history of PHP at http://php.net/history.
The PHP home page at www.php.net defines PHP as "a widely used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Much of its syntax is borrowed from C, Java, and Perl with a couple of unique PHP-specific features thrown in." It is open source, so anyone can contribute to its development, and it works from the web server to deliver pages. As you'll see later in the chapter, PHP often pulls data out of relational database management systems such as MySQL and PostgreSQL to display web pages that look no different from pages coded in standard HTML.
Every bit of content in your blog—posts, sidebars, stylesheets, comments, graphics, Dashboard, and all the rest—is stored in the MySQL database you set up during your installation. (In a hosted blog, WordPress.com sets up the database for you when you launched your hosted blog—and never gives you direct access to that selfsame database). What happens when your site has a visitor? In a matter of seconds, all this goes on, as shown in Figure 11.1:
- A visitor's web browser calls on a page from your site.
- The web server sees a PHP script on the requested page and fires up its PHP interpreter (mod_php5 in Apache) to execute the code.
- Some of those PHP commands allow the script to connect to the MySQL database as the WordPress user and ask the database for the content that belongs on the page.
- The MySQL database retrieves the requested content and sends it back to the PHP script (more precisely, to the page it's on).
- The script, in turn, pours all of this content into a few variables.
- The script then echoes the content from the variables for display on the page.
- The script combines the database content with any plain HTML included on the requested page and hands it back to the web server.
- The web server sends the HTML page back to the browser.
- The visitor (ideally) becomes enlightened, entertained, enthralled, or some combination thereof. He tells you so on the comments page, beginning the process over again.
Figure 11.1 How PHP and MySQL work together to make a web page.
Why store your content in a database when it's just text? Isn't it just easier to have this material surrounded with some variant of HTML or XML tags? When you think about a blog as a moving target, a combination of static and dynamic elements, the answer becomes apparent rather quickly. Maintaining a blog full of static posts quickly becomes a logistical nightmare.
Coming up with enough blog content to keep people visiting can be hard enough without having to continually think about how many posts should be on the front page, making individual permalinked pages for each of your posts, and all the comments people make on them. This is a job ripe for automation, and the best way to automate content delivery is by keeping your data in one easily accessed place. That's what WordPress does for you.
Using FTP to Upload Files
The last piece of the preinstallation puzzle is a means to upload files from your computer to your host. Do this with a program that uses the Internet standard File Transfer Protocol (FTP). Some of the best FTP clients are available free of charge:
- FileZilla—Runs on Windows, Linux, and Macintosh; http://filezilla-project.org
- CyberDuck—Macintosh-only; http://cyberduck.ch
- CoreFTP—Windows-only; www.coreftp.com
For the purposes of this section, we focus on FileZilla, which is a simple FTP client application that connects to your web host and uploads your WordPress files with just a few setup steps. When you signed up with your host, most likely you received information about uploading files to the host's FTP server. Given its cross-platform character and its lack of cost, you might even find that your host has step-by-step instructions for setting up FTP with FileZilla—the host of one of the authors' (McCallister) did!
After downloading and installing FileZilla, follow these steps to set up file transfer between your computer and your web host:
- Launch FileZilla.
- Go to File, Site Manager (or click the first icon on the left in the toolbar). A dialog box appears.
- Click New Site to enter your information, as in Figure 11.2.
Figure 11.2 Use the General tab on the Site Manager dialog to set up an FTP connection to a web host.
- Insert the connection information you received from your host. This includes the following:
- Host—This is usually the same as your domain name, with ftp in front, for example, ftp.myWPblog.com.
- Server Type—This should always be FTP.
- Logon Type—For your website, this should usually be set to Normal. You use anonymous FTP when you visit a software download site, where the keepers don't really care who you are. The Normal setting requires a password to get to.
- User—Your host should give you a username to access your files. Type this here.
- Password—This is the place where you supply your password. It is usually identical to your site password.
Your host might have you fill in the Account line, and you can add information in the Comments section.
- Click the Transfer Settings tab. Then select the Passive button. In Passive mode, the client sets up all the data flow. This is more secure, especially if your firewall stops any data trying to pass through it from outside the network.
- Click the Advanced tab (see Figure 11.3). Your host might want you to set a Default Remote Directory. This is the directory at the host server that appears when you log in. If you don't set this option, you will likely enter a directory with your username at login time. You could set up a WordPress directory as the default, too. Similarly, you might want to set your local WordPress directory as the default local directory.
Figure 11.3 The Advanced tab in the FileZilla Site Manager dialog lets you define default directories for both your local computer and your blog's host.
- Click Connect at the bottom of the screen. If your settings are entered correctly, you should now be connected to your host server, and you can upload files by dragging them on the screen from the source folder to the destination folder. (When you're ready to disconnect from the server, press Ctrl+D.)
When you have downloaded the latest WordPress files (see the next section), all you need to do is point the Local Site section of FileZilla to the location of the WordPress files on your own computer. Connect to your host (Remote Site) on the right side and navigate to the directory where you want to store WordPress. Figure 11.4 shows how FileZilla looks with both sides set up. If you're ready to transfer all the WordPress files, press Ctrl+A to select them; then drag them over to the right side to begin the transfer.
Figure 11.4 FileZilla makes transferring files to your web host a matter of drag and drop.
Preparing for the Five-Minute Hosted WordPress Installation
You are standing at the precipice of installing WordPress. You have your domain name registered, a host selected and paid for, and a way to download and upload files.
In this section, we'll cover the steps you need to set up your MySQL database and prepare your site for WordPress. While some hosts offer "one-click WordPress installation" features, you lose some control and flexibility with that ease of use. If you want to fully manage your site, we'll show you how.
First, we'll walk through a manual setup with the ICDSoft Control Panel, a homegrown host manager. We'll also show you how using some of the more popular site management tools, CPanel and Plesk, can simplify the task. Although there are a variety of applications that manage user accounts for hosting companies, the basic tasks are the same.
One More Decision: Will WordPress Manage Your Whole Site or Just the Blog?
There's one more decision to be made before you set up your host for running WordPress: whether to have WordPress manage your entire website, just the blogging part, or a specific subset of pages on your site. Your decision affects where WordPress should be installed.
WordPress can act as a complete web content management system (CMS), handling all elements of your website, but setting that up is outside the scope of this book. See Appendix C, "Examples of WordPress Blogs," for some sites that take WordPress beyond simply managing blogs.
Setting Up MySQL with a Generic Hosting Tool
Hosting companies can use a variety of interfaces to allow you to manage your site's files, monitor traffic to your website, and access other features of your hosting account. MichaelMcCallister.com runs at ICDSoft, a host with their own Control Panel tool (Figure 11.5). Your host will have a page that might look a bit different, but should have a way to connect to and configure a MySQL database using commands similar to the ones listed here. That process might even allow you to skip some of these steps. Consult with your web host if you have trouble setting this up. We describe this process in excruciating detail, so you don't miss a thing.
Figure 11.5 The ICDSoft Control Panel shows the tools you need to manage your website.
Follow these steps:
- Get the latest copy of WordPress at http://wordpress.org/download.
Open a browser and log in to your account. When you set up your account, you should receive a username and password to access this page. Your Control Panel appears as shown in Figure 11.5.
The number of icons may be overwhelming at first (again, depending on the options your host offers), but chances are good you will be working with just a few to manage your WordPress site: MySQL Databases (for the installation), File Manager, phpMyAdmin, and PHP Settings.
- Locate MySQL Databases tool. You will see some information about your database connection settings (see Figure 11.6). You will create the database here because it's likely your account limits the number of databases you can have.
Figure 11.6 Create your database in your web hosting account.
- Scroll to Create New Database.
- Name your database in the Database Name field. Technically, you can give this database any name you want, and your host may have some rules on prefixes for your databases. See the next Tip near Step 7 for some advice on database naming. Click Create to confirm the name of the database.
- WordPress needs a way to access this database, and this is done by creating a user. Scroll down to the MySQL Users section and add a user for this database. Give the user a name and password. The Privileges area should have everything selected. Click Add to confirm. This page should look something like Figure 11.7. Write down this essential information. You'll need it for the installation:
- Database name
- Database username (MySQL User in Figure 11.7)
- The database user's password
- The database host
Figure 11.7 Add a user to your database that will manage WordPress database items.
- Check the navigation in your host's administrative area and return to your main control panel (sometimes called Home). Locate the File Manager. Finalize your decision on how much of your website you want WordPress to manage. If you plan to have WordPress manage your entire website (or your website just consists of your blog), go to the root directory of your remote site, locate and rename your existing index.html file to index.old or index.backup so you don't lose either your existing home page or the default (in case you someday decide to return to a more static presentation).
- If you want WordPress to manage your entire website, upload WordPress into the default folder, also called the root directory. If you prefer that WordPress just manage the blog portion of your site, create a subdirectory called /blog or /WordPress or some other name. Then you can direct your blog readers to visit the subdirectory http://<yourdomainname>/blog (or whatever). For the purposes of this example, we'll use the /blog directory.
- Open your FTP client and upload the WordPress files. You can either upload the Zip archive and extract it into your preferred folder or extract the archive into a folder on your hard drive and upload the entire structure. What works best depends on your host.
What's in the WordPress Archive?
When you extract the files with a Zip utility like PKZIP, it matters where you put them. Figure 11.8 shows you the folder structure of a WordPress installation. When you extract to the root directory, you create a /wordpress folder that contains the index.php template file that generates your front page. You'll learn more about template files in Chapter 16. If the /wordpress/index.php file exists in a subfolder, you can create a different front page for your site, with WordPress managing just one area of your site. The decision is yours.
Figure 11.8 Files in the WordPress installation archive are structured in folders.
Wherever you extract the WordPress archive, the guts of your installation are the three main subfolders that create and maintain your WordPress website:
- wp-admin creates the WordPress administration page, also called the Dashboard.
- wp-content holds everything you create and use for your site: themes, plug-ins, and posts. Back this folder up regularly!
As a regular user of WordPress, you won't have a lot of direct contact with individual files in the WordPress installation, but it's good to know a little bit about how WordPress is organized, in case something goes wrong and a file goes missing.
Setting Up MySQL with cPanel
One of the most popular web administration applications is called cPanel. It offers a wizard to create your MySQL database. In the Database section, click the MySQL Database Wizard button and follow these steps:
- In the Create a Database page, type the name of your database (see Step 5 in the previous section for tips). Click Next Step.
- In the Create Database Users page, add the username as in Step 6 in the previous section. The wizard limits passwords to seven characters, and offers a strength indicator for the password you enter. Make sure you use a very strong password. In this case, don't use the automatic password generator. You need to know what the password is, so WordPress can connect to the database. Because the Password field displays only dots, this can be a problem. Click Create User.
- In the Add User to the Database page, check the All Privileges box.
- The Complete the Task page appears, noting that your user was added to your database. Click Return to Home.
Setting Up MySQL with Plesk
This setup is very similar to setting up MySQL with cPanel, with slightly different icons.
- On the main administration page, look for the Domains section. Click your Domain Name.
- Click the Databases icon.
- Under Tools, click Add New Database.
- Type the name of your database (see step 5 in the previous section, "Setting Up MySQL with a Generic Hosting Tool"). Use the Type scrolling box to identify MySQL. Click OK.
- In the Users for Database section, click Add New Database User.
- Add the username as in step 6 in the previous section"Setting Up MySQL with a Generic Hosting Tool." Click OK. Plesk gives this user All Privileges by default.
Your website's host is now prepared to receive data from WordPress. You have a database to hold your blog's content, along with all the design elements of your blog pages. It's time to begin the Famous Five-Minute Install.
The Five-Minute Hosted WordPress Installation
Now you're almost there. You have uploaded the files to the correct directory, and you have set up your database. Let's do the famous five-minute WordPress installation!
- Go to http://<yourdomainname>/blog. If you did everything correctly in the previous set of steps, you should see a mostly empty screen with a Create a Configuration File button (see Figure 11.9). Click it.
Figure 11.9 Begin the Five-Minute Install here.
- Some more introductory language appears, with a Let's Go! button. Click that button.
- Enter the information we advised you to write down in step 6 of the previous section (see Figure 11.10):
- Database name
- Database username
- The database user's password
- The database host (Usually, you don't have to change this from localhost, but your hosting company might ask you to change this.)
- Table Prefix (Your hosting company might ask you to change the Table Prefix from the default wp_. Some security experts also recommend changing this to prevent evildoers from accessing the database.)
Figure 11.10 Enter your database connection information on this screen.
- Click the Submit button. If all has gone well, you'll see a screen that looks like Figure 11.11.
Figure 11.11 All right, Sparky! You configured the database properly!
- Click the Run the Install button.
- Fill in the items on this screen (see Figure 11.12). We covered the relevant points related to this in Chapter 2:
- Name your site.
- Choose a username for your administrative user. This user differs from the WordPress database user you created in the previous section in that you will be logging in to this account on a regular basis to administer your WordPress settings. In the past, WordPress created a user called Admin and automatically generated a password. You would then be asked to change that password after your first login. Because that made one-half of the site-hacking break-in job much easier (that is, you have the Admin username; all you need now is the password to get access to the site Dashboard and muck about any way you like), this was changed. Starting with v3.1, you can use any valid name for your administrative user.
- Select a password for your administrative user. Instead of generating a secure-but-absolutely-unmemorable password, which you'd either (a) forget to save in your browser or (b) change to one of the most common passwords, WordPress now lets you define your own password. The page comes with a "strength detector" to encourage you to type a more secure choice. Repeat your selection to confirm the password and help train your fingers as well.
- Give WordPress an email address for communication purposes.
- If you're ready to greet the world, check the Allow My Site to Appear in Search Engines like Google and Technorati check box.
Figure 11.12 Enter your blog's name and login information for your administrative user on this screen.
- Click the Install WordPress button. WordPress creates the admin user and generates an initial login password for that user. Write down this default password or copy it to the Clipboard or a text file. You will need it to log in the first time. This information is also emailed to the address you listed on the Install screen.
- Click the Login button. The standard WordPress login screen appears (see Figure 11.13).
Figure 11.13 Log in for the first time as the administrative user.
- Type in admin for the username and the generated password from step 7. Leave the Remember Me box unchecked. The admin account should be used only when you have specific administrative changes to make to your blog. You'll create a separate user account for your everyday blogging needs in a few minutes. Click the Log In button.
- Your administrative Dashboard appears (see Figure 11.14). You can learn more about the Dashboard (also known as the administrative page) in Chapter 12, "Taking Control of Your WordPress Site."
Figure 11.14 When your installation is complete, your Dashboard appears.
The installation is complete. Congratulations!
Adding a User to Your Site
You now have everything in place to start using your WordPress site. For an added measure of security, you should create an ordinary, non-administrative user who will handle the blogging/content creation tasks. Because WordPress identifies the author of every post right on the page, you want the "public face" of the site to be a user who lacks administrative privileges. You don't want the bad guys to know who the admin is.
We covered the various user roles in Chapter 7, "Adding Features to Your Blog." The process for adding and working with users is very similar in WordPress.org and WordPress.com.
- From the Administration page, go to Users, Add New.
- Fill out the form (Figure 11.15) with a different username from your administrative user, password, and email address. Include a first and last name if you want.
Figure 11.15 Add a new user with Editor privileges to write posts.
- We recommend clearing the Send Password check box. Instead, write down the password you selected or store it in an encrypted file or in a password management application.
- Select Editor from the Role pull-down menu.
- Click the Add User button.
- The user's name and other information are added to the Users area.
While you're thinking about users and security, this might be a good time to visit the General Settings page. This is the place where you set the Default User Role. By default, this role is set to Subscriber, which is a very good thing for a public-facing blog that accepts comments. Although you can (and should) require visitors to register on your site before they comment, be aware that spammers and their bots are capable of registering and they will. If the default is set to anything other than Subscriber, you may well be seeing posts advertising various "body part enhancing" products appearing on your site (or in your editing inbox). Make sure this default doesn't change.
Prior to version 2.7, keeping your WordPress software up-to-date and as secure as possible involved deleting some program files, downloading the new version, uploading the entire new version to your host, and running the installation program again. Now, with the Updates page at the top of the left sidebar of the Administration page, it's a bit easier.
Figure 11.16 Always look for Updates when you log in to WordPress.
Before clicking that Update button, though, it's still a good idea to follow all these steps:
- Back up your database. This is often done in your host control panel or in your database manager. Instructions for this procedure should be provided by your hosting company. The WordPress Database Backup plug-in simplifies this process greatly, however. You'll learn more about this plug-in in Chapter 14, "The WordPress Toolkit: Plug-Ins."
- Back up your WordPress files. To do this, download a copy of the wp-content folder back to your computer. This folder contains all the most important material of your blog: posts, comments, themes, and plug-ins. You can also use the Export tool to make this backup. See the next section, "Transferring Your WordPress.com Blog," to learn about this tool.
- Turn off any installed plug-ins. Sometimes plug-ins stop working after an update. Sometimes active plug-ins can break the update itself. Before starting the update, go to the Plug-Ins page of your Dashboard and check for Active Plug-Ins. Under Bulk Actions, choose Deactivate. Click Apply.
Now you can click the Update WordPress link and select Upgrade Automatically. In next to no time, WordPress will update itself and tell you when the upgrade is complete.
After logging in again, you can reactivate any plug-ins you want. Go back to the Plug-Ins page and click Recently Active Plug-Ins to see the list of plug-ins you just turned off to complete the upgrade. Click the box at the top of the Plug-In column to select all the recently active plug-ins; then, click the Bulk Actions pull-down menu and select Activate.