If you want to have a secure WordPress installation, I urge you not to use any automated tool to install it. In this post, I will demonstrate how I install your WordPress blog without using any FTP software and without using Fantastico.

This installation is simple, more secure, and will make your future upgrades a lot easier.

All you need is a hosting provider that offers cPanel to follow these steps.

Now, if you haven’t already installed WordPress, here are the five steps you can do right now to get your new WordPress blog installed.

These 5 minutes Install are inspired from the wordpress site, however I will show you here how I use it without FTP software and put some emphasis on better securing your install.

It takes me a little over 5 minutes, however it is time well spend and I recommend it over the 3 click install, that can cause you a lot of headache down the road.

So, here we are:

1. Download the latest WordPress package, if you haven’t already.

You can download the latest version from http://wordpress.org/download/ , however the zip file contains a top directory wordpress that you might not need when you deploy to your web hosting. In other words when you unzip the files under your domain, you will need to type something like http://yourdomain.com/wordpress to get to your blog. To avoid this, I created a zip file for WordPress that you can use.

Click here to download it. This should be for version 3.0. (disclaimer: I did my best in creating this download for you and will accept no liability for it’s content or any consequences from using it)

Please note: The download might not be the latest version, but you can easily upgrade after installation and before adding any content, by using the automatic upgrade button.

2. Create a database for WordPress on your web server, as well as a MySQL user who has all privileges for accessing and modifying it.

– Log into your cPanel account.

– From the main cPanel screen, click on MySQL databases icon.

This will take you to the MySQL Account Maintenance screen.

Under current databases, type the desired name of a database and then click on “Create Database” button.

You will get a confirmation screen that the database has been created.
Click the “Go Back” link.

Under “Add Users To Your Database” section, from the drop-down pick the user
and database that is configured to use your database.

3. Place the WordPress files in the desired location on your web server:

– If you want to integrate WordPress into the root of your domain (e.g. http://your-domain.com/), upload the zip file into the root directory of your web server. (www or public_html)

– If you want to have your WordPress installation in its own subdirectory on your web site (e.g. http://your-domain.com/blog/), navigate through cpanel’s File Manager to that directory and upload your zip file there.

– In File Manager highlight the zip file and on the right hand side click on extract file contents. All WordPress files will be extracted.

4. Rename the wp-config-sample.php file to wp-config.php and prepare file for database access.

– In cPanel highlight wp-config.php under the www folder. Click on rename and take the “-sample” section out and save.

– Edit the file and make sure you set the user id and database password the same you used in step 2.

– Make sure you also update the table prefix to a difficult name instead of “wp_” use a combination of letters and numbers e.g. “flower938_”.

5. Run the WordPress installation script by accessing wp-admin/install.php in your favorite web browser.

– If you installed WordPress in the root directory, you should visit: http://your-domain.com/wp-admin/install.php

– If you installed WordPress in its own subdirectory called blog, for example, you should visit: http://your-domain.com/blog/wp-admin/install.php

Follow the online instructions. There should be 2 simple steps to follow. I like the improved main panel in WordPress 3.0, following 2 items to note:

1- You don’t have the user admin created automatically, you can change it from the installation screen. For better securing your site, pick any user name other than admin. This user will have Administrator role, no matter what name you choose.
2- Type the password of your choice. Pre WordPress 3.0 always picked a password for you, and then asked you later to change it.


That’s it! WordPress should now be installed and you have the peace of mind knowing that your installation is more secure than before.