Active Web Hosting Logo

 

  1. Introduction
  2. Installation
    1. What You'll Need
    2. Where To Put WordPress
    3. Configuration
    4. Lock Down Your Writable Directories
    5. Uploading Your Installation
    6. Installing WordPress
    7. Finishing
    8. Plugin: Security
    9. Plugin: JetPack
  3. Security
    1. Prevention
    2. Detection
    3. Removal
  4. Updating Wordpress
  5. Removing WordPress
  6. Back Up Your Site
  7. Troubleshooting
  8. Resources

What You'll Need

A CGI and MySQL Database Account:

When you sign up for hosting, your domain points to a normal web hosting account (we call this the "default" or "web" hosting account). This account will not work with PHP applications.

WordPress requires a special type of account (a CGI Server Account) to work, and a MySQL database. You can add both of these to your hosting via the Account Administration System. There is no extra charge for adding and using these accounts. You will be sent an email to let you know that each account is set up. Be sure to wait at least 2 hours for these accounts to become active.

Attach Your Domain:

Your domain name automatically points to your Web Hosting account (and not your CGI Server account), even if you add a CGI Server account to your domain. If you want your visitors to go directly to your WordPress site when they type in your domain name, you will need to contact us and tell us to "Point the domain to the CGI Server". Please be sure to specify your domain name in your request.

IMPORTANT NOTE: If your domain points to your CGI Server account, then you will not be able to use your Web Hosting account becuase the domain is no longer pointing to it. Be sure that you are not using your Web Hosting account and/or download and back up all files (via FTP) in your Web Hosting account before you requrest your domain to be pointed to your CGI Server account.

Security Note: If you have opted to have your domain point to your CGI Server account, you could install WordPress files and folders into the root directory (not a sub-directory) of your CGI Server account via FTP. However, this may not be very secure as most malware bots also look here for WordPress installations to infect. It's recommended that you install WordPress into a sub-directory. This is the type of installation we will cover in this tutorial.

You do not need to have your domain point to your CGI server account if you do this. But you can if you want to. See the Where To Put WordPress if you will not be installing WordPress files and folders in the root directory of your CGI Server account.

Download the WordPress File(s):

To install WordPress, you will need to download the following items. Follow the links to obtain the official latest versions.

WordPress
A Responsive Theme: Responsive themes allow your site to be viewed on any device. However, you can also search for and use other types of themes. It's best to get themes from the Official WordPress Theme Directory. Other sites may contain malware embedded in the theme that could compromise your site.

• Download any plugins that you will need. As with themes, it's best to get your plugins from the Official WordPress Plugin Directory.

NOTE: We do not endorse or support wordpress, it's themes or plugins. However, this tutorial will cover installing and setting up WordPress with some of the following plugins which may help you keep your site secure.

Security and Anti-Spam:

All in One WP Security and Firewall: We believe a good security plugin is essential for protecting your site. This is the one we will help you set up in this tutorial.

Optional:

JetPack: This is a popular plugin most use to add extra features to WordPress. While JetPack has some security features, these are only used on WordPress.com hosted sites and will not work if you install WordPress on your CGI Server account. This is why we insist you have a good security plugin installed instead (see above). If you opt to use JetPack and will enable the Sharing Button to allow visitors to share your articles, you will need to secure this button using ReCaptcha (which is free) so that your site has less chance of being used to send spam. This requires you to have a free Google Account.

Unplug JetPack: JetPack is usually only used on a WordPress.com account. To use JetPack on your CGI Server account, you will need this plugin to bypass this requirement.

Database Optimizer: Helps you to optimizes your database. For example, if you have deleted data within WordPress (such as old posts, etc.), these may not be removed entirely from the database. This can cause your database to become large and may slow down loading your site. Optimizing your database periodically can help with these issues.

SECURITY WARNING: If you install themes or plugins from within WordPress, you will be asked for your CGI Server FTP host and login information. Providing this information via WordPress is not secure! It could happen that the pages used to ask this information could become infected and gather your FTP information, opening up your site to further maliscious attacks! While it's easier to work with your themes and plugins within WordPress, it's more secure to upload and/or remove your themes and plugins by logging into your CGI Server account via your normal FTP client (and not from your web browser via WordPress).

Plugins To Avoid:

WARNING: Please note that the following plugins may compromise your site by making it easier to access your database or site via forms, logins, etc. In addition, some plugins take up too much space by leaving a lot of files behind or using a lot of resources which could slow down your site or simply will not work on our server setup. We do not recommend you use these plugins.

WordFence: And any other plugin that requires modifying the php.ini file or use of a user.ini file, or modification of apache server configuration. These types of plugins are for dedicated hosting services. Active Web Hosting is a shared hosting service and for security reasons users do not have access to these configuration files. For security reasons, we will not alter these files to make plugins or other PHP software work.

WordPress Theme Check: While this sounds like a good idea, it's also been known to compromise WordPress sites. Please see this article for more information.

WP-DBManager: This plugin could leave large files behind and also uses resources which could slow down your site or cause memory errors.

Datbase Backup Systems: These types of plugins could leave large files behind and slow down your site. We automatically back up all domains nightly. Also WordPress comes with a way to manually download a backup of your site.

Form Stylers and Form Builders: While these plugins can be convenient, they also can provide ways for intruders to inject code and even integrate maliscious scripts that will compromise your site.

Redirection Plugins: These may open your site to cross site scripting hacks and other compromises that could damage your site or use your site to send spam.

Extract Your Files:

1. Extract your WordPress archive onto your hard drive.
2. Extract your plugins into the WordPress wp-content/plugins directory.
3. Extract your theme into the WordPress wp-content/themes directory.

 


Home - Support - Management - About Us
... Active Web Hosting, 1445 American Pacific Dr. Ste 110-318, Henderson, NV 89074 ...
Phone 702-449-2337