To install and configure the blog from scratch follow these steps:
- Create web site.
- Add SSL and enforce HTTPS access (i.e. redirect all HTTP to HTTPS).
- Create database.
- Install WordPress on the web server:
- Download the current installation package form wordpress.org.
- Unpack and copy the files to the blog’s doc root.
- Call the blog’s URL and follow the installation instructions.
- Create new Administrator user and delete the default admin user.
- Add basic auth protection in .htaccess for the folder wp-admin.
- Grant write access to the tech webserver user to the folder wp-content.
- Add the following lines at very end of
wp-config.php:
/** use direct method for WordPress updates without FTP */
define('FS_METHOD','direct'); - Disable REST-API for not logged-in users (≥V4.7): ad the following lines to your
functions.php:
// Return an authentication error if a user who is
// not logged in tries to query the REST API
add_filter( 'rest_authentication_errors', function( $access ) {
if( ! is_user_logged_in() ) {
return new WP_Error( 'rest_API_cannot_access', __( 'Only authenticated users can access the REST API.', 'disable-json-api' ), array( 'status' => rest_authorization_required_code() ) );
}
return $access;
}); - Install the plugins. You can do this directly in the back end (menu: Plugins > Add new).
- For db backups (with plugin „WP-DBManager“) create the folder
wp-content/backup-db. - To prohibit public access to the backup files copy the file
wp-content/plugins/wp-dbmanager/htaccess.txttowp-content/backup-db/.htaccess. - Go to the settings (menu: Settings) and do the configuration for:
- General
- Writing
- Reading
- Discussion
- Media
- Permalinks: Do NOT configure anything yet! Do this later at the end after configuration of the plugins, since the configuration of
Polylang and WP-CleanUmlauts2 have an impact on the permalinks)
- Activate all plugins except: Google XML Sitemaps.
- Do the configuration for the following plugins:
- Akismet (menu: Settings > Akismet): Create an account (sign-up with e-mail, username, password) and enter the API key.
- Antispam Bee (menu: Settings > Antispam Bee)
- AntiVirus (menu: Settings > AntiVirus)
- Bad Behavior (menu: Settings > Bad Behavior)
- Broken Link Checker (menu: Settings > Link Checker)
- Captcha
- Disable Google Fonts
- Feed Statistics (menu: Feed Statistics)
- Limit Login Attempts (menu: Settings > Limit Login Attempts)
- (Plainview Activity Monitor)
- Polylang (menu: Settings > Languages)
- Post Notification (menu: Settings > Post Notification > Settings)
- Revision Control (menu: Settings > Revisions)
- Sitemap
- Subscribe To Comments
- TinyMCE Advanced (menu: Settings > TinyMCE Advanced)
- Uber Login Logo (menu: Settings > Uber Login Logo)
- WP-CleanUmlauts2 (menu: Settings > Umlauts)
- WP-DBManager (menu: Database > DB Options)
- WP-Piwik (menu: Settings > WP-Piwik): Add the „auth token“ of the corresponding website in Piwik (menu: API).
- Define the permalinks (menu: Settings > Permalinks). Saving the settings will create the new permalink structure. You will not be able to
access the front end until having performed the next step! The direct access to the back end will be still accessible. - Add the following lines to
.htaccessin the doc root:# BEGIN WordPress<Directory>AllowOverride All</Directory><IfModule mod_rewrite.c>RewriteEngine OnRewriteBase /RewriteRule ^index\.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</IfModule> # END WordPress - Delete all sample pages, posts, and comments.
- Activate the following plugins:
- Google XML Sitemaps
- …
- Do the configuration for the following plugins:
- Google XML Sitemaps (menu: Settings > XML Sitemap): Click on [Update options] at the end of the page to create the XML
sitemap with the current permalinks. - …
- Google XML Sitemaps (menu: Settings > XML Sitemap): Click on [Update options] at the end of the page to create the XML
- Create users.
- Select a theme or install your own (menu: Appearance). Configure your theme and create your menu structure.
- Your basic setup is done. Check the front end and start blogging!
See also the official „Installing WordPress“ documentation.