The Ultimate Beginner’s Guide to Setting Up & Running a WordPress Site
So you've decided to run a WordPress site but have no idea where to start? This tutorial is aimed at absolute beginners. Some IT knowledge will help but I presume you want to learn the essentials within a few hours. Let's get started.
Step 1: What Do You Want to Achieve?
A little planning goes a long way. Be honest with yourself: why are you considering WordPress? Do you want to:
- create a business website?
- document your life, hobby or interests?
- start an amazing web design agency?
- learn to write code?
- do something else?
WordPress is flexible and runs almost a third of the web — but it's not ideal for every situation. A website or article library is perfect. Creating a social network or online shop is possible but there may be better options. Using WordPress to learn PHP could be a frustrating experience.
Presuming WordPress is appropriate, are you interested in the technicalities or would you simply prefer to write content? If it's the latter, a managed WordPress plan from SiteGround or an account at WordPress.com will get you running without the hassles of installation and server management.
The moral: define the problem before choosing a solution!
Step 2: Plan Your Content
Ideally, you should have all your content written before building a site. It's the best way to plan a structure and will influence your design. No one ever does that, but at least plan a few general concepts so you have somewhere to start.
Step 3: Purchase a Domain Name
A domain name is your primary web address, e.g. www.mysite.com. Keep it short and use keywords appropriate to your content. This can be tougher than it sounds; most good names were registered years ago.
Use a reputable domain registrar, like Hover. Prices vary across countries and top-level-domain types (.com, .net, .org, .ninja etc), but expect to pay around $25 for a new domain for a couple of years. Buying a decent pre-registered domain from someone else can be considerably more expensive.
Step 4: Purchase a Hosting Plan
Your site needs to be hosted somewhere. Its files must be placed on a device which understands how to deal with web requests: a web server. You could serve everything from your desktop PC but it quickly becomes impractical.
Buy a suitable plan from a respected host such as SiteGround. A WordPress-compatible shared hosting plan costs a few dollars a month and you can upgrade disk space and bandwidth as traffic grows.
You will then need to 'point' your domain at your new web space. This is normally done by logging into your domain registrar's control panel then either:
- Setting the host as the DNS nameserver, or
- Changing the domain's DNS A records to point at the host's IP address.
All hosts and domain registrars provide guidance but you may need to seek expert assistance. Domain changes can take up to 48 hours to propagate so you may need to wait before moving to the next step.
Step 5: Set Up SSL
Secure Socket Layer (SSL) certificates enable cryptographic protocols on your website so it is served over an https:// address rather than http://. All communication between your server and the user's browser is encrypted so it cannot be (easily) intercepted by a third party.
Configuring SSL is an optional step but highly recommended:
- Browsers warn when a site is not secure especially when completing forms or sending data.
- Search engines rank secure sites higher than non-secure equivalents.
- SSL is essential if you eventually want a Progressive Web App which allows your site to be "installed" and work offline.
- Adding SSL later is considerably more difficult. You may need to reinstall WordPress and search engine indexing can be affected.
- There are no disadvantages. HTTPS can be added for free and is negligibly slower than unencrypted HTTP (it can be considerably faster when used with HTTP/2).
Hosts often allow you to install a certificate purchased elsewhere, but it's easier to use their own service. For example, SiteGround provides a free Let's Encrypt option in the security section of your site's cPanel. Click that, hit Install and SSL is enabled.
Step 6: Install WordPress
WordPress is a complex application which requires:
- A back-end MySQL database where your configuration, posts, comments and other information is retained. This must be installed and configured first. A database user ID and password must be defined so applications can store and retrieve data.
- A large set of PHP files which form the WordPress application. These must be copied to the server prior to running a set-up procedure. This requests the database credentials before creating the database tables and initial data.
- After installation, WordPress communicates with the database using the ID and password to enable editing and presentation of pages.
The majority of hosts provide cPanel - a popular website management facility. You can create your database, upload WordPress and install manually. For full instructions, refer to How to Create WordPress MySQL Databases on cPanel.
Fortunately, there is an easier option. Search or browse for the WordPress options in cPanel:
Click the WordPress Installer to open the installation panel:
Define the following settings:
- https:// for the protocol if you enabled SSL in step 5. (You can also choose whether the domain uses the initial 'www' or not).
- Your primary domain. (There will only be one choice unless you have multiple domains pointed at the hosting plan).
- The directory should be left blank to install WordPress in the root folder. Only change this if you want to run it from another folder, e.g. https://mysite.com/blog/
- The name and description of your new site.
- Keep Multisite unchecked unless you're intending to run more than one WordPress site on the same space.
- Enter an Admin Username and Password. You will use these to log into WordPress so ensure they're strong (NOT'admin' and 'password'!) and you keep them in a safe place.
- Enter your Email. WordPress uses this to send you notifications when necessary.
The other options can normally be left as the default settings. Hit Install and wait a few minutes for the installation process to complete. You will be given a link to the main site (https://mysite.com/) and the WordPress control panel (https://mysite.com/wp-admin) where you can log in with your administrative username and password.
Step 7: Initial WordPress Configuration
Don't be tempted to start publishing content just yet! It's best to configure WordPress from the Settings menu before going further:
The following sections describe the basic WordPress settings but note that installed themes and plugins can override these options.
General
This pane allows you to change various aspects about your installation. The primary settings to change include:
- The Timezone. This may default to UTC so choose an appropriate city instead.
- The Date Format. Choose an appropriate option or enter a custom string using PHP's date format
- The Time Format. Similarly, choose an option or enter your own.
Remember to hit Save Changes once finished.
Writing
The main settings to change in this pane are:
- The Default Post Category. Post categories are defined in Posts > Categories.
- The Default Post Format. WordPress themes often provide different post types such as standard articles, galleries and video pages. Choose whichever you will use most often.
Reading
The Front page displays setting allows you to set whether your latest posts or a static page is presented on the home page.
The other default settings are normally fine, although you may want to temporarily disable Search Engine Visibility during the initial stages of building your site. Don't forget to enable it before going live!
Discussion
This pane controls commenting. The main setting is Allow people to post comments on new articles which you may want to disable if you don't require comments.
Media
The pane allows you to set default sizes for large images, medium images and thumbnails. The defaults are reasonable but, the smaller your image dimensions, the smaller the file size and the faster your site will download.
Permalinks
Permalinks are the URLs given to WordPress posts. The default is often a plain https://mysite.com/?p=123 which will not help your keyword-rich search engine optimization efforts!
Set the permalink to Post name or something appropriate for your site.
Step 7: Set Up User Accounts
During installation, WordPress creates a single administrator account which has unrestricted access to all control panel functions. Never share those credentials: set up separate accounts for everyone who needs access.
Users are the weakest point of any system — especially when they can choose their own simple passwords and happily pass credentials to anyone who asks! WordPress offers a range of roles and capabilities and it's rarely necessary to give anyone administrative access. Even if you are the only content editor, it's advisable to create another account specifically for daily writing and publishing tasks.
In most cases, users should be either:
- an Editor: someone who can publish and manage their own and other people’s posts
- an Author: someone who can publish and manage their own posts, or
- a Contributor: someone who can write and manage their own posts but cannot publish them.
None of these roles can configure WordPress or install plugins.
To create new users, click the Users option in the menu followed by Add New. Enter the user's credentials remembering to set strong user names and passwords.
Step 8: Start Writing!
A default WordPress installation offers two types of content:
- Posts: articles and blog posts normally displayed in reverse chronological order. Posts can be assigned to categories, tags, and may have alternative formats such as galleries and videos.
- Pages: static website pages normally displayed in a menu hierarchy - home, about us, contact us, etc. A page can be assigned a parent page and an order to ensure menus are created correctly.
Both content types are accessed from the menu and look very similar. Double-check you are editing the correct content. You are likely to find default pages, posts and comments for the initial site — remember to delete them! (Deleted items are sent to the Trash and can be retrieved if necessary).
At this point, I hope you have the final copy for all the content planned in step 2. No one ever does, but it's worth adding as many pages as possible. This will allow you to see how menus and article lists are forming before making decisions about layout and themes.
The WordPress Editor
WordPress provides a visual and text/code editor. Most users will prefer the visual editor because it allows them to enter and format text much as they would in a word processor. WordPress generally does a good job but:
- The visual editor can become difficult for more complex layouts. Inevitably, users will demand features such as tables or columns which may be difficult to edit or are not directly supported in the site's theme.
- The HTML code can become messy when users have unrestricted control to change fonts, colors, and formatting.
Ideally, use the text editor or consider options such as markdown (which may require a plugin):
Step 9: Back-up Now!
If you've gotten this far, you now have a working WordPress installation with several pages of content. How long did it take? Several hours? A few days? Now consider how painful it would be to lose everything.
Disks fail. Databases corrupt. Users make mistakes. Sites are hacked. A rogue plugin could cause havoc. Hosts go out of business. There are any number of reasons why your carefully-created site could disappear.
Hosts such as SiteGround provide a free daily back-up. At the very least, ensure you back-up all content before proceeding to the next step. There are a couple of simple options:
- WordPress's Tools > Export facility allows you to download all content as a single XML file.
- cPanel provides a Create Backup option. From here you can download a full website backup, just the files or just the database.
Backing up all WordPress files is rarely required unless you have complex custom code or configurations. However, the database contains all the content and settings — ensure you download a copy.
Longer term, ensure you have a robust, automated back-up solution in place:
Step 10: Security, Security, Security
Unfortunately, WordPress's success has made it a target. If you can gain access to one site, you may be able to gain access to a third of the sites on the web.
Never underestimate your vulnerability. Your small blog is attractive because, unlike larger companies, you are less likely to have the knowledge or resources to thwart attacks. Some will attack you for the challenge or to cause malicious damage. However, the worst culprits sneak links into your content, place phishing sites deep within your folder structure, or use your server to send spam. Once your installation is cracked, it may be necessary to delete everything and reinstall from scratch.
There are many technical options but being aware of the risks is most important. Never trust your users. Never trust third-party themes and plugins. Never avoid implementing a back-up plan!
Step 11: Install a Theme
One reason for WordPress's meteoric rise in popularity was the simplicity of theme development. It quickly gained thousands of free and commercial themes. Many are amazing. Many are an awful bloated mess.
It's tempting to install a theme immediately but this can be a mistake. You can only appreciate whether a theme is suitable once you have appropriate content to view. A free theme can rapidly become expensive if you need to pay for custom development to make your menu fit or have mobile layout problems fixed. In addition, it's best to back-up your site before installing a theme which runs third-party code.
Themes are installed and managed from the WordPress Appearance menu available to administrators. Click Add New to browse and search hundreds of themes on the WordPress.org theme directory. Any theme can be previewed, installed and activated using the buttons which appear when hovering over a theme.
There are dozens of other sites offering free and commercial WordPress themes. These can be uploaded in a ZIP file by clicking the Upload Theme button.
Step 12: Install Plugins
Similarly, WordPress has a thriving plugin ecosystem offering a diverse array of additional functionality. You can transform WordPress into a social network, online shop, or CRM system. Whether you should is another matter...
It's tempting to install a range of plugins for every potential use-case but:
- plugins run third-party code. The majority are fine but there's no guarantee every one will be secure or compatible with your installation.
- will your critical plugin continue to receive updates and support?
- every installation incurs a performance hit. Misbehaving plugins can cause misery for WordPress editors.
Only install a plugin when it's absolutely necessary. There are a few essentials many people choose to install:
- A caching plugin such as WP Super Cache or W3 Total Cache can noticeably improve WordPress performance. Hosts such as SiteGround provide their own caching solutions.
- If you're using comments, a spam checker such as Akismet is so essential, it's provided with most new installations. You just need to enable it.
- JetPack provides a number of free and commercial options to improve analytics, SEO, security, CDNs, embedded media and support.
- Yoast SEO can help improve content, readability and search engine indexing.
To install plugins, log in as an administrator then select Add New from the WordPress Plugins menu. You can browse, install and activate plugins using the appropriate buttons. Remember to check the details, version compatibility and reviews before committing to an installation.
You should now have a working WorkPress installation with several pages of content. Many people are happy to stop at this point, but you can evolve further...
Bonus Step 13: Your Own Development System
Until this point, you have been working on a single, live WordPress installation. This process rapidly becomes impractical as you test themes, plugins and your own code. A single rogue command could break your entire system; both the site and administration panel could come crashing down.
A better option is a test code running on your own local PC before you deploy it to the live server. At a minimum, you will need to install:
- Web server software such as Apache or NGINX.
- The PHP language runtime with MySQL and other appropriate extensions enabled.
- The MySQL database server.
- A local installation of WordPress.
- A copy of the themes and plugins installed on your live server.
- Ideally, a snapshot of the current content would be useful.
Fortunately, there are some simpler single-installers which do the hard work for you including MAMP, WampServer, and XAMPP.
A better option could be an isolated virtual machine which runs Linux and all dependencies "within" your PC. This will be closer to your hosting environment which avoids cross-platform development issues. Popular options include Docker and Vagrant -- both offer pre-configured WordPress systems.
Other considerations include:
- WP-CLI - a command line interface for WordPress which allows you to install updates and plugins.
- VersionPress - a version control plugin for WordPress built on Git.
- Host-specific options. For example, SiteGround provide Git repository management and a staging environment which creates a snapshot of your WordPress installation you can update and push live.
Finally, you will require a number of other development tools and utilities including:
- A code editor or IDE such as VScode or Atom.
- MySQL management clients such as Adminer or phpMyAdmin.
- Graphic manipulation software.
- Git for source control.
There is an infinite variety of ways to build a local environment and you may need to consider concurrent revisions by two or more developers. Start with a simple working system then evolve and improve your workflow over time.
Bonus Step 14: Develop Your Own WordPress Themes
Why should your site look like 101 others? Consider developing your own WordPress theme. You'll require some HTML, CSS and PHP knowledge but a custom theme offers more flexibility and better performance than any off-the-shelf option.
There are two potential approaches:
- Adapt a barebones theme. Options such as HTML5 Blank, Underscores, BlankSlate and Bones provide simple themes with minimalistic styling.
- Start from scratch. Create the minimum number of files (style.css and index.php) then evolve from there.
You could use a combination of the two, i.e. copy code snippets from a working theme into your own files.
WordPress theme development is reassuringly easy and fun for anyone with the appropriate development knowledge. That said, it could be a frustrating experience for novice coders. There are simpler options to learn coding — such as SitePoint courses, books and videos.
Bonus Step 15: Develop Your Own WordPress Plugins
Your theme's functions.php file can contain PHP code which enhances WordPress functionality. For example, see 7 Ways to Make WordPress Simpler for Users. However, the file can become impractical for larger developments or functionality you want to use on another site.
The answer: develop your own plugins. Again, WordPress makes development remarkably easy presuming you know a little PHP. Start with a simple example such as How to Customize the WordPress ToolBar then build your own plugins as you expand your knowledge.
And Relax!
Congratulations for getting this far. You now have enough knowledge to install, configure, and enhance any WordPress system. Your skills have just become invaluable to one in three online companies who choose to deploy WordPress. Best of luck!