Shane McDonald Facebook pixel

How to Install WordPress : Installing WordPress

by | Mar 28, 2010 | Internet & Technology, Software

WordPress Blogging software is one of the best and one of the easiest to Install and Setup. This is a basic How to Install WordPress guide ideal if you are installing WordPress for the first time. This is a very quick guide to installing WordPress is aimed at those who already have a working knowledge of concepts such as FTP, Config Files, MySQL Databases and have access to their own web server. This WordPress Install Guide is guided towards Apache servers running on Linux with PHP installed and a MySQL Database available.  For version 2.9.2 (version available at time of writing this install guide) the minimum requirements for installation are PHP version 4.3 or greater and a  MySQL database version 4.1.2 or greater. If you are unsure contact your website hosting company or check your control panel (e.g. cPanel). You will also need FTP Access to your web server and FTP Software – I recommend FireFTP which is a FireFox Plugin and is quite a good FTP Client.

Step 1 : Download WordPress & Extract WordPress on your PC

WordPress is Free and you can download it at http://wordpress.org/download/ The software downloads as a compressed ZIP file and is about 2.2Mb which would take under a minute on decent broadband. Once Downloaded, you can extract this on your PC. Depending on your PCs setup you can usually right click on the zip file and select “Extract Here…” – a folder should then appear with all the source code in the root directory and 3 subfolders.

Step 2 : Upload your WordPress code to your webserver

Next you need to connect to your web server by FTP. Usually you will be brought into / or if you are lucky /public_html/ The /public_html/ directory is where your homepage’s files are located – if you want your blog to be your homepage you can install the software here – Be warned if you already have content in this directory overwriting it could stop your current site from working. However if you want to have www.yourdomain.com/blog then create a folder called “blog” in /public_html , and upload the code into that directory. You can call the directory anything – but if you are writing about for example Social Media, a good address would be /social-media-blog/ giving you keywords in your web address (always try use keywords in your web address) Uploading the code to the server could take up to 10 minutes. Only when your files have been uploaded , visit the web address where you installed your blog, e.g. www.yourdomain.com/blog If everything was uploaded correctly, you will be presented with a screen telling you that you have to create a configuration file – click the button to create your WordPress config file on-line.

Step 3 : Config – Setting up the WordPress Configuration File

You will be asked for the following; – Database Name   … This is the name of the database which you want to link to – Database Username … This is the username for your WordPress database – Database Password … This is the password for the database you wish to use fro WordPress – Database Host … usually localhost but some hosting providers may differ – Table Prefix … set to wp_ but you can change this if you wish for security. If you have entered the details correctly you will then be able to run the Install Script – click the button to start Installing WordPress.

Step 4 : Final Parts of Installing WordPress

For this next step you will be asked for the following; – The Blog Title, e.g. “My First Blog” or “Shanes World of Social Media and Blogging” – Your Email – as administrator you will be notified of major events on the blog – All blog to appear on search engines – Make sure you tick this box so that the WordPress Blog notifies search engines when you post new content. Click Install You will then get a username of admin and a cryptic password. Very important that you now copy this password (ensure it is copied) and click  Log In. Log in as admin with the password you got above. Thats it – Installing WordPress is finished … Congratulations you now have a WordPress Blog installed. I hope to extend this install guide to cover how to add plug-ins and themes in the future.
Check your access logs and server logs for possible hack attempts

Check your access logs and server logs for possible hack attempts

by | Apr 26, 2009 | Internet & Technology

A lot happens on your web server that you don’t know about. I just checked my web server logs and saw many many entries of attempted access to the following areas of my site;

www.shanemcdonald.org/administrator

www.shanemcdonald.org/control-panel

www.shanemcdonald.org/CMS

These pages don’t exist and never existed so I think these are probably hackers who were trying to find a way into the site. If you have coded your site yourself you should be aware that some attempts may be made as part of an SQL Injection or Brute Force attack on your system. If you know the web coding language PHP, you may think you are doing a good job but if you don’t code your website correctly you may be giving hackers an easy way in to your website. 

The IPs on this occasion were from Norway, Russia, Ukraine, the USA, and a few Asian IP addresses.

It was through the error log (one of the many server logs recorded by your site) that I could see these items. I actually blocked one IP Address because there were so many attempted accesses from that IP. By sealing off all potential access points you can protect your website.

Also, check your PHP code – ensure you don’t automatically register variables, and check all form submissions, and anything that interacts with your database. I always ensure that all forms of error checking are in place. So if you are taking an email address for example, run some regular expression checking to ensure it conforms to an email address format and check the length of the address so it is a logically reasonable email address length. Likewise if you are taking data from a HTML Textarea, run some checks here to ensure the data is not possibly going to trigger or run some database commands.

I have seen some websites out there (businesses) that have text on the website, and slap bang in the middle of the text links to Crack websites or Adult sites. I believe these sites have been compromised by poorly secured web servers (of which I have had a few) and poorly coded websites that have PHP or ASP code.

When I moved web servers back in 2010, moving from a dodgy US server to the excellent Blacknight servers in Ireland, I was been trying to bring the site back up the Google rankings and also re-develop the site, mainly since I had not added much to the site in the few months since the move.

It will be interesting to see how long it takes after 20th April (when I made the changes in line with the Google Webmaster Guidelines) to get re-listed highly on the world’s most popular Search Engine.

Some other security tricks you can employ to make your site more secure involve the following;

  • If you have a WordPress site, use Jetpack to help stop Brute-force attacks
  • If you have a WordPress site, ensure your plugins are from a reputable source and you have then constantly updated
  • Again, on WordPress, log in every 2-3 days and run any updates that are pending, as these have security updates designed to keep your site up-to-date and secure.
  • If you have coded the site yourself, run some security checks on the code and perhaps add some extra security checking. Also, ensure your version of PHP is up to date also.
  • Finally, take a look at the security logs and see if there is any unusual activity. It may only be a website hot-linking to your images, but you can stop that also to stop a drain on your monthly data usage quotas.

 

This is an old post that was originally on my old shanemcdonald.org site and now resides here on shanemcdonald.ie