Build a WordPress Website — Complete Step-by-Step Guide
Everything you need, from planning and hosting to deployment, security, performance and troubleshooting — packaged as a single HTML reference. Follow the numbered steps exactly; copy/paste code samples and replace placeholders marked with <like-this>.
Overview & prerequisites
Before installing WordPress, make sure you have:
- A registered domain name (example:
example.com). - Hosting that supports the modern WordPress stack (Linux hosting with PHP and MySQL/MariaDB), or a local environment for development.
- Basic comfort with FTP/SFTP, creating a database, or using a hosting control panel (cPanel/Plesk) or SSH terminal.
Quick technical checklist you should confirm with the host: PHP version, MySQL or MariaDB, and HTTPS support. Replace values in the tutorial with those from your host.
1. Plan your site (10–30 minutes)
- Decide the purpose: blog, business site, e-commerce, portfolio.
- Sketch primary pages: Home, About, Services/Products, Blog, Contact, Privacy/Terms.
- Plan content: text, images, videos — optimize images for the web (at least
webpor compressed.jpeg). - Choose a style direction and a theme (light/dark, boxed/wide, typography choices).
2. Get domain & hosting
Two common approaches:
- Managed WordPress hosting (easiest) — host takes care of server setup, security, updates. Good for beginners (e.g., SiteGround, Bluehost, Kinsta).
- Shared/VPS hosting — more control; you manage server software. Choose a Linux server with SSH if comfortable.
Tip: For learning or development, use Local by Flywheel or XAMPP/MAMP to run WordPress locally on your PC/Mac.
3. One-click install (cPanel / Managed hosts) — fastest
If your host offers a one-click installer (Softaculous, Installatron, WP Toolkit):
- Login to your hosting control panel (cPanel or provider dashboard).
- Find WordPress under Apps/Installers (Softaculous, WordPress manager, or WP Toolkit).
- Click Install. Fill site name, admin username (avoid 'admin'), strong admin password, and admin email.
- Choose installation directory: root (
/) for primary domain or a subfolder for staging or a subdomain. - Finish install; note down the admin URL:
https://example.com/wp-admin.
One-click installers handle database creation, file placement and basic configuration automatically.
4. Manual install (FTP / SSH) — maximum control
4.1 Download WordPress
- Download the latest WordPress from wordpress.org/download.
- Unzip the package locally.
4.2 Create database (MySQL / MariaDB)
Using cPanel > MySQL Databases or via SSH:
# login to mysql as root
sudo mysql -u root -p
inside mysql shell
CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'strong_password_here'; GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost'; FLUSH PRIVILEGES; EXIT; 4.3 Upload WordPress files
Use SFTP/FTP or scp/rsync (preferred over plain FTP):
# example using rsync (from your machine to server)
rsync -avz ./wordpress/ username@your-server.com:/var/www/html/example.com/ 4.4 Configure wp-config.php
- Rename
wp-config-sample.phptowp-config.php. - Open and set DB_NAME, DB_USER, DB_PASSWORD, DB_HOST.
- Visit
https://api.wordpress.org/secret-key/1.1/salt/to generate unique auth keys and paste them in.
4.5 Set correct file permissions
# from the webroot
sudo chown -R www-data:www-data /var/www/html/example.com find /var/www/html/example.com -type d -exec chmod 755 {} ; find /var/www/html/example.com -type f -exec chmod 644 {} ; 4.6 Run the web installer
Open your browser: https://example.com or https://example.com/wp-admin/install.php. Follow the on-screen wizard to create an admin user and site title.
5. Local development (Local / XAMPP / MAMP)
For development, use Local by Flywheel, XAMPP, WampServer or MAMP:
- Install the local tool and create a site — it will configure PHP & MySQL automatically.
- Use a search-replace plugin or WP-CLI's
search-replacewhen migrating from local to production to replacehttp://localhostwithhttps://example.com.
6. Initial WordPress setup
- Permalinks: Settings > Permalinks > Post name (best for SEO).
- General settings: Site title, tagline, timezone, date format.
- Users: Create admin user and add editor/author accounts as needed. Use strong passwords (passphrases) and a secure admin email.
- Reading: Set homepage to a static page if needed.
- Media: Configure image sizes and consider using next-gen formats (WebP).
7. Themes, child-themes & essential plugins
Themes
- Choose a lightweight, well-supported theme (e.g., block themes or a popular framework like Astra, GeneratePress, OceanWP).
- To customize safely, create a child theme or use the WordPress Site Editor / Full Site Editing where available.
Essential plugins (start with these)
| Purpose | Recommended plugin examples |
|---|---|
| SEO | Yoast SEO, Rank Math |
| Security | Wordfence, Sucuri Scanner, iThemes Security |
| Backups | UpdraftPlus, Jetpack Backup |
| Caching | WP Super Cache, W3 Total Cache, LiteSpeed Cache |
| Image optimization | Smush, ShortPixel |
| Form building | WPForms, Contact Form 7, Gravity Forms (paid) |
Install plugins only from trusted sources. Too many plugins can slow your site — choose carefully.
8. HTTPS & SSL (Let's Encrypt)
Enable HTTPS using Let’s Encrypt (free) or a commercial certificate:
- If your host provides a free Let's Encrypt option in cPanel, enable it there.
- Or install Certbot on the server and run automatic setup for Apache or Nginx:
# example (Debian/Ubuntu) install certbot and enable for nginx
sudo apt update sudo apt install certbot python3-certbot-nginx sudo certbot --nginx -d example.com -d www.example.com Certbot will create and renew certificates automatically if your server supports it; otherwise configure a cron job to renew.
9. Performance & caching
- Enable caching plugin and configure page caching and object caching.
- Use a CDN (Cloudflare CDN, Bunny.net, StackPath) to serve static assets globally.
- Optimize images and serve WebP where possible.
- Use lazy-loading for below-the-fold images (WordPress core does this for images with
loading="lazy").
10. Security best practices
- Keep WordPress core, themes and plugins up to date.
- Use strong admin credentials and limit login attempts (use a plugin or Web Application Firewall).
- Disable file editing in the dashboard by adding to
wp-config.php:define('DISALLOW_FILE_EDIT', true); - Harden file permissions (see earlier section).
- Use 2FA for admin accounts (plugins available).
- Implement server-level protections (fail2ban, ModSecurity, strong SSH keys).
11. Backups & disaster recovery
- Automate backups (database + files) daily or weekly depending on update frequency.
- Store backups off-site (S3, Dropbox, remote server).
- Test restores periodically to ensure backup integrity.
# manual MySQL dump example
mysqldump -u wpuser -p wordpress > ~/backups/wordpress_$(date +%F).sql
backup files
tar -czvf ~/backups/wp_files_$(date +%F).tar.gz /var/www/html/example.com 12. Deploy from local to live
- Preferred: Use a migration plugin (Duplicator, All-in-One WP Migration) or WP-CLI to export/import.
- When migrating manually: export DB, upload files, update
wp-config.php, run search-replace to fix URLs. - Flush caches and verify permalinks after migration.
13. WP-CLI quick commands (developer-friendly)
Install WP-CLI (download phar, make executable) and use commands like:
# download & install
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar chmod +x wp-cli.phar sudo mv wp-cli.phar /usr/local/bin/wp
basic usage from webroot
wp core download wp config create --dbname=wordpress --dbuser=wpuser --dbpass='password' --dbhost=localhost wp core install --url='https://example.com' --title='My Site' --admin_user='admin' --admin_password='StrongPass123!' --admin_email='you@example.com'
useful commands
wp plugin install akismet --activate wp theme install twentytwentythree --activate wp user create author author@example.com --role=author --user_pass='AuthorPass123' WP-CLI is fast and scriptable — great for repeatable deployments and automation.
14. Troubleshooting
White Screen of Death
- Enable
WP_DEBUGinwp-config.php:define('WP_DEBUG', true); define('WP_DEBUG_LOG', true); define('WP_DEBUG_DISPLAY', false); - Check
wp-content/debug.logand server error logs. - Disable all plugins and switch to a default theme to isolate the issue.
500 Internal Server Error
- Check PHP error logs for memory or fatal errors.
- Increase memory in
wp-config.phptemporarily:define('WP_MEMORY_LIMIT', '256M');
15. Pre-launch checklist
- All pages published and proofread.
- SEO basics: meta titles/descriptions, sitemap, robots.txt, and Google Search Console verified.
- SSL installed and working (https enforced).
- Backup configured and tested.
- Performance: caching & CDN active.
- Security: admin user strong password + 2FA, file permissions correct.
Appendix — Helpful commands & samples
Apache VirtualHost sample
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com
AllowOverride All
Require all granted
ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
Nginx server block (basic)
server {
listen 80;
server_name example.com www.example.com;
root /var/www/html/example.com;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; # adjust php-fpm socket/version
}
} Recommended file permissions
- Directories:
755 - Files:
644 - wp-config.php: consider
640or600if supported by your host.
Resources
- Official WordPress: wordpress.org
- WP-CLI: wp-cli.org
- Let's Encrypt: letsencrypt.org
Comments
Post a Comment