Sunday, 21 July 2013

Exploring main configuration settings

After the wp-config.php file is nice and secure, you need to know what’s stored within it so you can reference it and understand how WordPress hooks into, or communicates with, the database you configured and set up in Chapter 4 of this minibook. Open the wp-config.php file by using your default text editor and have a look inside. The next sections take you through, in detail, the information stored within.

 

Saturday, 20 July 2013

Securing the configuration file

3. Save the new .htaccess file and upload it to your Web server.

Your wp-config.php file is hidden from any outside bots or search engines.

4. Change file permission (chmod) on wp-config.php to 640.

See Chapter 2 of this minibook for information on file permissions and how to change permissions (chmod) via FTP.

Changing the file permission to 640 ensures that the file can be written
(or changed/edited) only by the owner of the file, not by the public; or
worse yet, by any automated bots or script programs run by hackers.

Securing the configuration file



1. Log in to your Web server via FTP, and then locate and open the
.htaccess file to edit it.

See Chapter 2 of this minibook for information on File Transfer Protocol (FTP).

Most FTP programs allow you to open and edit a file on the server by
right-clicking the filename and choosing Edit. This opens the file in the
default text editor on your computer (either Notepad for Windows or
TextMate for Mac).

2. Add the Deny from all code to the top of the .htaccess file.


 

This secures the file from being seen by any bots or search engines on the Web:

<Files wp-config.php>
Order Allow,Deny

Deny from all
</Files>

Securing the configuration file

 

As you can probably already guess, hackers find the valuable information
stored in the wp-config.php file attractive. If someone with nefarious
intent were to get your database username and password, he could log in
and undo everything that you’ve built! Therefore, take whatever steps you
can to secure that file so that no one, but you, has access to it. One quick
and easy way to do that is to disallow any bots (automated software appli-
cations that run on the Internet) access to it and to change the file permis-
sions. To do so, follow these steps:

Discovering the Configuration File

 

Every WordPress installation contains a configuration file that holds essential data for your Web site to work. The file, wp-config.php, is located in your WordPress installation directory (see Chapter 4 of this minibook). Simply put, your Web site doesn’t work if this file is missing or if the data found within the file is incorrect.

More than likely, you haven’t even looked at your wp-config.php file yet because when you download the WordPress software, the file is actually wp-config-sample.php. When you install WordPress, the file is renamed wp-config.php and is populated by WordPress with the following information, some of which you may remember from when you installed WordPress, and some that we explain later in this chapter:

✦ Database name
✦ Database username
✦ Database password
✦ Database host
✦ WordPress language: English is the default.
✦ WordPress database table prefix: wp_
✦ Secret keys
✦ Absolute path to the WordPress files on your Web server

All this information must be present in the wp-config.php file for your
installation to work correctly. If WordPress already works on your site, most likely, your wp-config.php file is correct and functioning beautifully. (See Chapter 4 in this minibook for how to install WordPress.)

Common WordPress Installation Problems

Error Message       Common Cause           Solution

500:                         Permissions on           Try setting the permissions (chmod)

Internal                PHP files are set           on the PHP files to 666. If that change

Server                     incorrectly.               doesn’t work, set them to 644. Each

Error                                                                  Web server has different settings for

how it lets PHP execute on its servers.

404: Page              The URL for the           Double-check that the URL you’re

Not Found            login page is incor-   using to get to the login page is

rect.                         the same as the location of your

WordPress installation (such as

http://yourdomain.com/

wp-login.php).

403:                         An index.html           WordPress is a PHP application, so

Forbidden             or index.htm               the default home page is index.

Access                    file exists in the        php. Look in the WordPress installa-

WordPress instal-     tion folder on your Web server. If an

lation directory.         index.html or index.htm file

is there, delete it.

 

Common WordPress Installation Problems



Error Message        Common Cause                     Solution


Error                         The database name, user-


Connecting            name, password, or host

to the                      was entered incorrectly.

Database


Revisit your MySQL data-
base to obtain the database
name, username, and pass-
word and then reenter that
information.


 

Headers                     A syntax error occurred      Open the wp-config.php

Already                     in the wp-config.                        file in a text editor. The first

Sent Error                  php file.                             line needs to contain only

Messages                                                                         this line: <?php. The last

line needs to contain only

this line: ?>. Make sure that
those lines contain nothing
else — not even white space.
Save the file changes

Friday, 19 July 2013

Running the installation script

9. Click the Log In button to log in to WordPress.

If you happen to lose this page before clicking the Log In button, you can
always find your way to the login page by entering your domain followed
by the call to the login file (for example, http://yourdomain.com/
wp-login.php — where yourdomain is your domain name).

 

You know that you’re finished with the installation process when you see

the login page, as shown in Figure 4-8. Check out Table 4-1 if you experience any problems during this installation process; it covers some of the common problems users run into.

So do tell — how much time does your watch show for the installation? Was it
five minutes? Stop by Lisa’s blog sometime at http://lisasabin-wilson.
com and let Lisa know whether WordPress stood up to its famous five-minute installation reputation. She’s a curious sort.

The good news is — you’re done! Were you expecting a marching band? WordPress isn’t that fancy . . . yet. Give them time, though. If anyone can produce it, the folks at WordPress can.

Running the installation script

 Your E-Mail: Enter the e-mail address you want to use to be notified
of administrative information about your blog. You can change this
address later, too.

 Allow My Blog to Appear in Search Engines Like Google and Technorati:
By default, this check box is selected, which lets the search engines
index the content of your blog and include your blog in search results.
To keep your blog out of the search engines, deselect this check box
(see Book III).

8. Click the Install WordPress button.

The WordPress installation machine works its magic and creates all the tables within the database that contain the default data for your blog. WordPress displays the login information you need to access the WordPress Dashboard. Make note of this username and password before you leave this page. Scribble them on a piece of paper or copy them into a text editor, such as Notepad.

After you click the Install WordPress button, you’re sent an e-mail with
the login information and login URL. This information is handy if you’re
called away during this part of the installation process. So go ahead
and let the dog out, answer the phone, brew a cup of coffee, or take a
15-minute power nap. If you somehow get distracted away from this
page, the e-mail sent to you contains the information you need to log
in to your WordPress blog.

Running the installation script

 Username: This is the name you use to log in to WordPress. By default,
the username is admin, and you can leave it that way. However, for
security reasons, I recommend you change your username to some-
thing unique to you. This username is different from the one you set
for the MySQL database in previous steps. You use this username
when you log in to WordPress to access the Dashboard (see Book III),
so be sure to make it something you’ll remember.

 Password, Twice: Type your desired password in the first text box
and then type it again in the second to confirm that you’ve typed
it correctly. If the two versions of your password don’t match,
WordPress alerts you with an error message. If you don’t enter

a password, one is generated automatically for you. For security                    Book II

reasons, it’s a good thing to set a different password here than the               Chapter 4

one you set for your MySQL database in the previous steps — just don’t get them confused.

For security reasons (and so other people can’t make a lucky guess),
passwords should be at least seven characters long and use as many
different characters in as many combinations as possible. Use a
mixture of uppercase and lowercase letters, numbers, and symbols
(such as ! “ ? $ % ^ &).

 

Running the installation script

5. After you fill in that information, click the Submit button.

You see a message that says, “All right, sparky! You’ve made it through this part of the installation. WordPress can now communicate with your database. If you’re ready, time to run the install!”

6. Click the Run the Install button.

Another welcome page appears with a message welcoming you to the famous five-minute WordPress installation process.

7. Enter the following information, as shown in Figure 4-7:

 Site Title: Enter the title you want to give your site. The title you

enter isn’t written in stone; you can change it later, if you like. The site title also displays on your site.

Running the installation script

2. Click the Create a Configuration File button.

The Welcome to WordPress page appears, giving you the information you need to proceed with the installation.

3. Click the Let’s Go button at the bottom of that page.

4. Dig out the database name, username, and password that you saved
in the earlier section “Setting up the MySQL database,” and use that

information to fill in the following fields, as shown in Figure 4-6:

 Database Name: Type the database name you used when you created
the MySQL database before this installation. Because hosts differ in

configurations, you need to enter the database name by itself or a combination of your username and the database name, separated by an underscore mark (_).

If you named your database wordpress, for example, you enter that in this text box. If your host requires you to append the database name with your hosting account username, you enter username_ wordpress, substituting your hosting username for username. Lisa’s username is lisasabin, so she enters lisasabin_wordpress.

 User Name: Type the username you used when you created the
MySQL database before this installation. Depending on what your host

requires, you may need to enter a combination of your hosting account username and the database username separated by an underscore

mark (_). In Figure 4-6, you can see both: lisasabin_username.

 Password: Type the password you used when you set up the MySQL
database. You don’t need to append the password to your hosting

account username here.

 Database Host: Ninety-nine percent of the time, you leave this field
set to localhost. Some hosts, depending on their configurations,
have different hosts set for the MySQL database server. If localhost
doesn’t work, you need to contact your hosting provider to find out
the MySQL database host.

 Table Prefix: Leave this field set to wp_.

You can change the table prefix to create an environment secure from outside access. See Chapter 5 for more information.

Running the installation script

The final step in the installation procedure for WordPress is connecting

the WordPress software you uploaded to the MySQL database. Follow
these steps:

1. Type the URL of your Web site into the address bar in your
Web browser.

If you chose to install WordPress in a different folder from the root

directory of your account, make sure you indicate that in the URL for
the install script. For example, if you transferred the WordPress soft-
ware files to the /blog folder, for example, you point your browser to
the following URL to run the installation: http://yourdomain.com/
blog/wp-admin/install.php. If WordPress is in the root directory,
use the following URL to run the installation: http://yourdomain.com/
wp-admin/install.php (where yourdomain is your domain name).

Assuming that you did everything correctly (see Table 4-1 for help with
common installation problems).

Uploading the WordPress files via FTP

✦ You can choose a different folder from the root. You aren’t required to
transfer the files to the root directory of your Web server. You can choose
to run WordPress on a subdomain or in a different folder on your account.
If you want your blog address to be http://yourdomain.com/blog,
you transfer the WordPress files into a /blog folder (where yourdomain
is your domain name).

✦ Choose the right file permissions. File permissions tell the Web server
how these files can be handled on your server — whether they’re files
that can be written to. Generally, PHP files need to have a permission
(Chmod is explained in Chapter 2 of this minibook) of 666, whereas file
folders need a permission of 755. Almost all FTP clients let you check
and change the permissions on the files, if you need to. Typically, you
can find the option to change file permissions within the menu options
of your FTP client.

Some hosting providers run their PHP software in a more secure format —
safe mode. If this is the case with your host, you need to set the PHP files to
644. If you’re unsure, ask your hosting provider what permissions you need
to set for PHP files.

Uploading the WordPress files via FTP

Here are a few things to keep in mind when you upload your files:

✦ Upload the contents of the /wordpress folder to your Web server —

not the folderitself. Most FTP client software lets you select all the files
and drag and drop them to your Web server. Other programs have you
highlight the files and click a Transfer button.

✦ Choose the correct transfer mode. File transfers via FTP have two

forms: ASCII and binary. Most FTP clients are configured to autodetect the transfer mode. Understanding the difference as it pertains to this WordPress installation is important so that you can troubleshoot any problems you have later:

 Binary transfer mode is how images (such as JPG, GIF, BMP, and PNG
files) are transferred via FTP.

ASCII transfer mode is for everything else (text files, PHP files,
JavaScript, and so on).

For the most part, it’s a safe bet to make sure that the transfer mode of your FTP client is set to autodetect. But if you experience issues with how those files load on your site, retransfer the files by using the
appropriate transfer mode.