An Introduction to

Ian Krigsman

Melbourne ADUG August 18, 2014

Agenda

Intro
What is WordPress?
Getting Started
Installation
Configuration
Security
Final Tips
Q & A

Disclaimer

I am a software developer

Target Audience

We will focus on technical aspects, not visual asthetics. A certain level of IT knowledge is assumed.

Nerd Assessment:
Q. Complete the following:
There is no place like http://localho _ _

http://localhome ?

Q. What is WordPress?

A. A FOSCMS

WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL. - Wikipedia

Two flavours...

1. Hosted CMS

wordpress.COM

Hosted CMS

http://adugmembers.wordpress.com

Hosted CMS

Basic structure - mainly for blogs
Eg. http://mygr8recipes.wordpress.com
cf. blogspot.com, tumblr.com, weebly.com, typepad.com, etc.
Free
Quick to setup & Easy to maintain
Can use own domain for redirection
members.adug.org.au ⇒ adugmembers.wordpress.com

2. Roll your own CMS

wordpress.ORG

Roll your own CMS

Eg. http://widgetsRus.com.au
Requires own domain and hosting (PHP, MySQL)
Good for most web site development (including blogs)
Full control of content
Free to use (download source from wordpress.org)
DIY or employ web developer

Design your site

What is your goal? ⇒ Site map

Tools you'll need

Web host with PHP 5.2.4 and MySQL 5.0
http://wordpress.org/about/requirements/
Some HTML, CSS & phpMyAdmin skills
FTP Client (eg. Filezilla)
Image editor (eg. Gimp)
Google is your friend
Patience

Installation

STOP PRESS: Does your hosting service provide a "One Click" WordPress install option?

Installation

Download & extract http://wordpress.org/latest.zip
FTP files into subfolder on website eg. /wordpress/
Create database
Create wp-config.php
Access your URL in browser
eg. http://widgetsRus.com.au/wordpress/
Details: http://codex.wordpress.org/Installing_WordPress

Installation Demo

(Finally. I'll look interested now.)

WordPress Dashboard

Configuration Demo

General Settings
Themes
Child themes
Appearance: Header, background...
Pages
Posts
Menus
Media
Users

Security

Your /wp-login.php page will be a hackers magnet. Ignore basic steps at your peril.

Security

Create new Admin user and delete admin
UPDATE: admin no longer created by default, so this doesn't appear to be an issue anymore.
Ensure display name <> user name
Security plugins abound: BruteProtect, Clef, etc.
Modify .htaccess (on Linux) to include password or lock access down...

.htaccess

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /wordpress/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wordpress/index.php [L]
</IfModule>
<Files wp-login.php>
        order deny,allow
        Deny from all
        # Allow from this IP address
        allow from 1.2.3.4
</Files>

Final Tips 1

Install to subdirectory Eg. /wordpress/ and redirect.
(It's easy to redirect. Harder to relocate.)
Use Responsive theme
Test in multiple browsers (and platforms)
Get to know your browser inspector
Ample support and documentation

Final Tips 2

32+K Plugins
Uninstall inactive plugins
Shopping cart: WooCommerce
Turn on Search Engine Visibility after go-live
Check Permalink settings
Google Universal Analytics
Turn off comments, pingbacks and trackbacks if not essential (they're spam generators)

Final Tips 3

Tune for SEO
Apply regular updates (wordpress, themes and plugins)
Ensure no sub-folders can be accessed from browser

Final Tips 4

Regular backups of complete site
Backup MySQL database
Yes, there are backup plug-ins

Why WordPress?

"The best CMS is the one you'll use"

Q & A

Check ADUG news for link to this presentation.