2.4 Installing WordPress

Hey, welcome back to the WordPress Secure Setup Guide. So far we have got all of our files onto our server. And we've set up a database, it's ready to use. So now we can go ahead and run that WordPress installer. Now from here on, I'm actually gonna be working offline on a MAMP Server. Which is just a way to set up the equivalent of a web host, but just on your local computer. It's just gonna make it be easier to show you through everything. But don't worry, everything that we go through, you'll be able to use these steps in the same way in your online setup. So what you need to do now is plug in the domain of your site that you're working on into a browser. And then you wanna type in wp-admin and get that loaded up. And now, that's taken us into WordPress's installation process. So here, it's just a matter of following the prompts. So, choose our language. And this is just warning us that we're going to need the information that we prepared in the last lesson for our database. So go ahead and press Let's go! Now here, we need to fill everything out. You should still have a little notepad with all of the details from the database that you set up in the last lesson. So then you're just gonna copy and paste those into these fields. So we've got our database name, paste it in, database username, Copy and paste, database password. And then the database host, which will almost always be localhost. So just leave that as localhost. And as the little note says, if that doesn't work for you. Then just shoot a message through the web post and see what you should be putting in there instead. Now the last field that we have here is the table prefix. Now, by default, this is wp_. But you always want to change that to something else. The less that a hacker knows about your website. The more difficult it is for them to compromise it. So if you leave this at the default wp_, then the hacker can assume that all of the tables in your database are gonna start with this. But if you change it to something different, then that's just another roadblock that you're putting up in the way of potential attackers. So just change this to something random. Just like we did with the usernames and passwords that we've set up so far. Just a bit of a keyboard mesh and that'll do the job. And then we'll hit Submit, and we're good to go. So now hit Run the install. Now we're just gonna continue following the prompts. So we'll add a site title. I'm just gonna call this WordPress Secure setup Guide. Now we need to fill in a username. Now here, it's really, really important that you change this username. This is pre-filled in with admin, but you never ever want to leave your username as admin. Recently, I've been helping out a friend whose partner's website was hacked. Now this guy paid his developers $20,000. And despite the fact that he'd invested a considerable sum in his side, the developer had made the classic error of leaving an account set up inside the site with full access privileges and the username admin. Now, one of the ways that an attacker can try to get into your admin area is with something called brute force. Now let me explain how this works. Let's say, for example, you have a password. And a hacker knows it's only one place. It has only one letter or number. Then all they need to do is try every number zero through nine and every letter A through Z. And they can automate that process with software. And they can figure out what your one character password is in less than a second. Now let's say your password has four places. Then they do the same thing. They look at all possible combinations of four places. They do this automatically with software. And sooner or later, they figure out what your password is. However, if you extend your password out so that it has several characters in it. Then you get to the point where even an automated process is not gonna be able to figure out what your password is very easily at all. Because the number of different combinations that could be in that password is simply too high. And even with automation, it would just take too long to figure out what that password is. So that's the basic idea of how brute force attacks work. Now if you leave your username as admin, then that is the first thing that a brute force attack on WordPress is going to check. They'll plug in the username admin, and then they'll start trying to brute force the password as well. So let's say you have an admin account with the username admin and a password with something like ABC123. Then a brute force attacker will be into that in seconds. So what you wanna do is make sure that your username is not one of these really common usernames that a brute force attack is just gonna try for straight away. And that you have a really strong password to go along with it. So if you wanna be super secure, you can use a string like this strong password as your username as well. Now, of course, that's gonna be a little bit difficult to remember. So if you go with that approach, then you're gonna need to use something like LastPass. Which is a plugin for Chrome that you can use to have all of your usernames and passwords remembered for you. Or if you don't wanna do that, then just use something that's gonna be a bit more obscure. So what you see on screen here, these usernames, these are just usernames that I use offline. I would never just use kezz or kezzb online because that will be one of the first things that a hacker would check. So don't use your full name, don't use the name of your site. Come up with something that's not so obvious. So you might use a nickname from your childhood that nobody knows about. You might include your unusual middle name that nobody's ever heard. Whatever you do, just think about something that's not going to be easy to guess. So for the sake of this demo, I'm just gonna go with the old keyboard mash. And I'm going to copy that username. I'm gonna add it to my little page here. Copy this password. I've got those on hand, I'm gonna use it as a login once our setup is finished. And then I'm gonna use LastPass to remember them. So we're gonna fill in an email address here. And then finally, you have the option to check this box here if you're just working a new site and it's not ready to be indexed by search engines yet. So you can tick this box if you wanna keep your site private for now. But then just remember to uncheck it again later on when your site is ready for public attention. All right, so let's click Install WordPress. Now we can log in. So we grab our username. Our password. I'm gonna check Remember Me just so it keeps me logged in, makes things a little easier, and log in. All right, so now that's WordPress installed. And it's ready for us to continue on with our setup process. Next up, we're gonna keep on putting security measures in place. We're gonna be looking at a file named wp-config.php that holds some important configuration information for your site. And we're gonna look at ways that you can enhance the security of that file. So I'll see you in the next lesson.