This tutorial is designed to get you up and running with your own secure, self-hosted WordPress blog FAST – we’re talking under 20 minutes on a good internet connection.
And it is so simple, anyone can do it.
Before We Get Started
You’ll need to register a domain name and create a hosting account where your website will actually live.
This tutorial will be showing you how to do this on our preferred host Siteground.
Don’t be fooled – not all hosts are the same, and not all of them support WordPress well.
To understand more about what to look for when choosing your hosting company, you can read our post about hosting here.
After evaluating most of the major hosts, we recommend SiteGround because:
- They have highly efficient servers that are specifically customised to run WordPress and make your site blazingly fast (up to 8 times faster than other top hosts).
- They take WordPress security seriously – so seriously that they have their own in-house team to investigate and patch vulnerabilities in WordPress and popular plugins at a server level (generally before official updates are released).
- They have 24/7 support with staff that are actually trained in WordPress – unlike other hosts that tell you it is your problem once they find out you are running WordPress, SiteGround love helping you solve your WordPress issues.
- They have virtually no downtime, thanks to their unique server setup and automatic monitoring/resolution systems.
Watch these three short videos for a simple explanation of Siteground’s focus on speed, support and security – you’ll quickly understand why we use Siteground for our websites and recommend it to all our clients.
Please Note: We are an affiliate for Siteground, which means the company pays us a commission every time someone signs up via one of our links. This doesn’t affect the price you pay for hosting nor does it influence our recommendation – we use Siteground for our websites because we believe they provide an excellent WordPress hosting service (and they are the best host for us right now and have been since we joined them in October 2013).
What If I Want To Use a Different Host?
The basics of the process outlined below is the same with any other host that uses cPanel but you may find that the screens look a little different, so be sure to read the instructions carefully.
What Are We Going to Do?
Creating your own self-hosted WordPress site involves just 4 simple steps:
- Create your SiteGround hosting account
- Load the WordPress files
- Create an empty database (don’t worry – this is easier than it sounds)
- Run the WordPress installer
So, grab a coffee, juice or wine 🍷and let’s get started…
Step 1: Create Your SiteGround Hosting Account
When you arrive on the SiteGround website, hover over the Hosting menu and click on the WordPress Hosting link.
Step 1a – Choose Your Hosting Plan
For most of you, the StartUp plan will be sufficient.
You really only need to consider the GrowBig plan if you are planning to host a number of websites (an even if you do, you can always start on the StartUp plan and upgrade when you need to).
Also be aware that the Special price listed for each plan is applicable to the first period of time you sign up for. Renewals are invoiced at the regular price.
For example, if you sign up for 1 year, you’ll pay the special monthly price x 12 and after that first 12 months you’ll pay the regular price. If you sign up for 3 years, you’ll pay the special monthly price x 36 and after the 3 years, the regular pricing will resume.
Step 1b – Register your Domain
You can register a new domain while activating a new hosting account with SiteGround or later through your User Area.
If you are only planning to have the one site, then it is OK to register the domain through your hosting account – just select the Register a New Domain option and enter your desired domain in the box.
We would always recommend using a .com domain unless you have a very specific reason for using a different extension (like .com.au if you are only doing business in Australia).
If you are not sure if the domain you want is available, you can do a search on a site like NameCheap first.
Sidenote: Multiple DomainsIf you are planning on having multiple websites, we would suggest you register all of your domain names through a professional domain registrar (like NameCheap). This will make it easier to manage your domains and give you more flexibility in the future.
In this case, select the I already have a Domain option, register your domain with NameCheap and then enter your domain in the box before clicking the Proceed button.
You can link your domain to your hosting account later – this can also be done if you have already registered your domain elsewhere.
Step 1c – Complete Your Account Information
Assuming your chosen domain is available, you will now need to complete your Contact Information, Payment Information and Purchase Information.
Sidenote: What Extra Services Do I Need?
We would strongly suggest you select the Domain Privacy – this will keep your personally identifiable information private.
You may as well select the premium support – it is free for the first 3 months, which is the time you will probably need it. You will get an email at the end of the 3 months giving you the option to extend or opt out.
We actually recommend separate premium plugins for backup (BackupBuddy) and security (Sucuri). If you plan to follow our recommendations then you don’t need the Basic Backup Service or HackAlert Monitoring.
Congratulations – You have Hosting!
After a minute or so, you should receive a message that your account was successfully created (don’t worry if it takes a bit of time – there is a lot of magic going on in the background).
You will also receive an email with your username (which is automatically generated for you).
Step 2: Load The WordPress Files
Now that you have a hosting account, it is time to load WordPress on to it.
Step 2a – Download WordPress
Head over to wordpress.org and click the Download WordPress button in the site header.
On the following page, click on the download button for the latest version of WordPress (version 4.2.2 as at the time of writing this tutorial). Save the zip file in a convenient location on your computer – we will need it again soon.
Step 2b – Access Your Hosting Control Panel
Remember that email you got when you created your SiteGround account? It’s time to pull it out and find the section containing your login information, then click on the Login To Customer Area button.
Note: If you already know your username and password, you just head directly to https://ua.siteground.com/login.htm.
Once you have entered your username and password, you will be presented with a helpful setup wizard. Make sure you select the Thanks, but I don’t need help option. Although SiteGround has one of the better WordPress setup wizards, it is still not as secure as a manual install.
Once the setup wizard closes, you then need to click on the My Accounts tab and then the Go to cPanel button.
Note: We recommend that you access cPanel securely (select this option in the popup window that appears.
Step 2c – Upload WordPress Files
Scroll down the cPanel page until you find the Files section (about half way down) and click on the File Manager link.
Note: You should select the default of opening in the Web Root in the popup window that appears.
Click on the public_html directory in the file tree on the left site of the window that appears, then click on the Upload button in the toolbar.
On the page that appears, click the Choose File button and locate the WordPress zip file that you downloaded earlier. Once you select the file, the upload will start automatically.
You can monitor the upload progress by the bar in the bottom right of the browser window. Once it shows the upload is complete, click on the link in the middle of the browser window (it will say something like “Back to /home/acctname/public_html“).
You will now see the WordPress zip file in the list of files. Click on it (once) and then click the Extract button in the toolbar.
Note: You will need to confirm the extraction in the popup window that appears, then close the results window once the process completes.
You should now see a wordpress folder appear in the file list (if not, just click the Reload button directly above the list of files). This folder contains all of the files needed to run WordPress on your site.
Step 2d – Relocate The WordPress Files
Unfortunately, these files are currently one level too deep to operate properly. What we need to do is move all of the files out of this directory into the public_html directory.
Start by double clicking on the folder icon next to wordpress in the file list to display all of the files in the wordpress directory.
Note: Double clicking on the folder name will give you the option to change the folder name (instead of listing the files in the folder).
Once the files in the wordpress directory are displayed in the file list, click on the icon next to the first file/directory (should be the wp-admin folder) to select it. Now hold down the shift key and click on the icon to the left of the last file in the list (should be xmlrpc.php). This should select all of the files in the list.
With all of the files selected, drag them across to the public_html directory in the left side of the browser window – you will need to make sure your mouse pointer is directly over the public_html otherwise the files could end up in the wrong directory.
All going well, the file list should (for the wordpress directory) should now be empty. In addition, when you click on the public_html link in the left side of the browser window you should see all of the files now listed in that directory.
As a final tidy up, you can now delete the wordpress directory and zip file from the public_html directory. Do this by clicking on the icon next to the appropriate file/directory and then clicking Delete in the toolbar.
Sidenote: Extra Security
You can also delete the licence.txt and readme.html files from the public_html directory. These files are not needed by WordPress and can be safely removed.
If kept, these files can provide potential hackers with clues as to which attacks may work best on your site.
Congratulations – you have successfully loaded the WordPress files. You can now close the File Manager tab in your browser and return to the main cPanel tab (that should still be open).
Step 3: Create An Empty Database
WordPress stores all of the content for your site in a database.
But don’t be scared, you don’t have to create the full database – WordPress will do that for you. All you need to do is create an empty shell for WordPress to work with.
Start by locating the Databases section in cPanel (it should be just below the Files section that we were just working with) and clicking on the MySQL Databases link.
Step3a – Create a Database
At the top of the MySQL Databases page that opens, there is a section titled Create New Database. All you need to do is enter a name for the database in the field provided and click the Create Database button – nothing to it!
Make sure you note down the database name (including the prefix) as we will need this in the final step.
When you get the confirmation message that the database has been created, click on the Go Back button to return to the main MySQL Databases window.
Step 3b – Create a User
Underneath the databases section you will find the MySQL Users section, with the Add New User form. Simply enter a name and password for the user as requested and then click the Create User button.
Again, make sure you note down the username (including the prefix) and the password for use in the final step.
If you need help generating a secure password, simply click on the Password Generator button. Using the Advanced Options link, you can set what characters you do and don’t want used in the password and how long you want the password to be.
Sidenote: Securing Your Database
It is important to make your database name, user and password hard to guess – otherwise you make it easy for hackers to gain access to your site. The good news is that you don’t have to remember these values after the final step in this process, so feel free to make them as obscure as possible.
Some guidelines to keep in mind:
- Don’t use the same name for the database and the user
- Don’t use anything that could be easily guessed by anyone who knows you (it is amazing how much personal information hackers have access to)
- You should aim for a password Strength score > 90 (100 is best)
Once again, when you get the confirmation message that the database has been created, click on the Go Back button to return to the main MySQL Databases window.
Step 3c – Add User to Database
Now that you have created the database and the user, all you need to do is give the user full permission to the database.
Scroll down to the Add User To Database section at the bottom of the main MySQL Databases window. The database and user that you just created should already be selected be selected in the dropdown lists (it not, just select the appropriate entries). Click on the Add button.
In the window that pops up, make sure the All Privileges checkbock is ticked and then click the Make Changes button.
Congratulations – the database setup is complete! See, it wasn’t that hard (or scary) after all!
You are now finished working in cPanel. Feel free to log out and pat yourself on the back for surviving the technical part.
Step 4: Run The WordPress Installer
We are on the home straight now! All that’s left is to give WordPress the information it needs to complete the install.
Start by typing your domain name into a browser window. If everything has gone to plan so far you should be greeted with the message below. Simply click on the Create a Configuration File button to get start the installation process.
You will see an information screen letting you know what data you need to provide the installer. Don’t worry – if you have followed this tutorial so far you have all the information you need. Just click on the Let’s Go! button at the bottom to move on.
The next screen is where the magic happens – you link WordPress up to the database you created earlier. Fill in the database name, username and password that you recorded in the last step. Remember to include the prefix for the database and username (it will be your username followed by an underscore – eg, “easywpin_” (without the quotes)).
For most hosts, including SiteGround, you can leave the Database Host set to localhost.
We recommend changing the Table Prefix for extra security. 3 or 4 random letters/numbers followed by an underscore is usually good enough.
When everything is entered, click the Submit button.
Sidenote: The Importance Of Table Prefix
One of the common methods used by hackers is to try and trick WordPress into running code to directly write to the database (generally to create a new user that they can access your site with).
This sort of attack relies on the fact that the majority of WordPress installations, including all 1-click installs, use “wp_” as the table prefix. Therefore, hackers can write code to the wp_users table and create a backdoor for themselves on most WordPress sites.
By creating a different (random) prefix, your site will be immune to these attacks.
Assuming you entered everything correctly, you should see the following message. If not, go back and check the details you entered and try again until you do get this message (all it takes is one incorrect character at this point).
Click the Run the install button to move to the final step.
To complete the installation, you just need to supply the following information:
- Site Title – This will be displayed in the header of the site.
- Username – This is the username that you will use to log in to the management area of your site. It should be something that is not easy to guess, but easy enough for you to remember (you will be using it a lot)
- Password – Again, make this something hard to guess (the longer the better)
- Your E-mail – A valid email address that WordPress can send site management related emails to
You can leave the checkbox ticked to allow search engines to index the site (there are differing views on this, but I don’t see any compelling reason to hide your site from the search engines).
Finally, click on the Install WordPress button and let it weave its magic.
Sidenote: Login Details and Security
You may have heard reports of large numbers of WordPress sites being hacked in “brute force” attacks. These attacks work on the premise that most WordPress sites, especially those created by 1-click installers, have the username “admin”. Knowing that, hackers ran scripts to repeatedly try logging in with different passwords until they found the right one.
By following this tutorial, and selecting a more obscure username than “admin” your site will be virtually immune to these hacking attempts.
By using a long password (we suggest around 14 characters) you will also increase the amount of time your site would stand up to a brute force attack if a hacker was able to work out your username. An easy way to produce a long password is to use a memorable phrase or sentence (without spaces).
Congratulations! Your Site Is Live
WordPress is now fully installed and functioning on your site – that wasn’t hard, was it!.
Check out what you have achieved by typing your domain into a new browser window. Sure, it’s not much to look at yet, but it’s your very own site that you created from scratch. Feel proud!
Now the fun really begins …
Now it’s time to choose a theme to make your website shine – this article will help you choose the right one for you – Stand out from the crowd – How to choose the right WordPress theme for your website