path: root/wired/old/published/Webmonkey/blogcms/wordpress_intro.txt

Back when blogging was just catching on a small PHP-based publishing system was quietly released and quickly took the blogging community by storm. WordPress, as the system was known, was an instant hit thanks to its simplicity and open source license which allowed interested developers to extend and improve the system.

Today WordPress powers everything from huge sites like [http://politicalticker.blogs.cnn.com/ CNN's Political Tracker] to thousands of personal blogs. Thanks to its easy step up process and the widespread availability of web hosts that offer one-click WordPress installs, you can get up and blogging in a snap.

In this tutorial we'll assume that your web host doesn't have a one-click installer, but fear not, getting WordPress working on your domain won't take but a few minutes. Once you're up and running we'll take a look at different ways you can customize and extend your blog.

==Installation==

Much of WordPress's popularity stems from its dead simple installation process. All you need to get started with WordPress is a web host to serve the site, a MySQL database for WordPress to talk to and of course [http://wordpress.org/download/ the WordPress software itself].

Unzip the WordPress download and rename the <code>wp-config-sample.php</code> file to <code>wp-config.php</code>. Now fire up that file in your favorite text editor and fill in the details about your database so WordPress can connect to it.

Now you just need to upload WordPress using an FTP program. Upload all the files to where ever you'd like you new blog to live. For instance, if you want your blog to be the root of your domain, upload all the files to your root web directory. If you want your blog to be at say <code>mysite.com/blog</code>, just upload all the WordPress files to a "blog" directory under the web root.

Now you just need to run the install script by pointing your browser to http://mysite.com/blog/wp-admin/install.php (just adjust that URL to fit wherever you placed WordPress.

The install script will walk you through naming your blog and creating a username and password for accessing the administration panel.

Once that's done login to WordPress and you're ready to roll. If you run into any problems, have a look at the [http://codex.wordpress.org/Installing_WordPress#Famous_5-Minute_Install official WordPress installation guide], which covers some common issues.

==Digging In==

When you login to WordPress for the first time you'll encounter what's known as the Dashboard. The Dashboard tracks your recent activity and lets you know about and manage comments your visitors have left and tracks any incoming links from other sites.

In order to have some content for when we start customizing our installation, go ahead and click the "Write a new Post" link and, well, write a quick post or two. 

Once you have a couple of posts done click the "Write a new page" button. Now what's a "page" versus a "post" you ask? Well, a post is an entry on your blog whereas a page represents something static like a contact page or an about me page. Go ahead and create a couple pages so you can see how they work in the next section.

The other section that might catch your eye is "Links." Older versions of WordPress referred to this section as the Blogroll, but the name change reflects the more general purpose usefulness of Links. While you can still use Links to generate a blogroll linking to your friends' sites, you can also do other things like create an entire site navigation system for your sidebar.

If you click the "visit site" button from any of the Admin pages, WordPress will dump you onto your live site so you can see what your changes look like.

==Customizing the Look of WordPress==

The default look for WordPress is a blue header above a two column layout -- you might even recognize it since many sites don't bother to customize. It's okay for a default layout, but if you want to personalize your WordPress site a bit, read on.

Customizing WordPress's look happens through "themes." If you login to your WordPress admin and select the Design tab you'll see the main themes panel. Now you could head over to the Header Image and Color tab which features a very nice inline theme editor with color pickers and other tools that make it easy to customize the default theme.

But frankly one of the advantages of WordPress is the number and variety of custom themes that members of the community have created. The official repository of themes is the [http://themes.wordpress.net/ WordPress Theme Viewer], so browser through that list, find something you like and download it.

Then just unzip and upload the theme to the wp-content/themes directory provided by WordPress. Then just head over to the Design tab inside the WordPress admin and select your new theme.

From there you can customize and tweak the theme to fit your whims. Different themes offer different levels of customization so what you can and cannot do will depend on the theme you're working with. In general you should be able to change the header image, layout options and colors on any theme.

Also note that themes don't have to be site-wide. If you happen to blog about both cupcakes and software, you can assign your archive pages for cupcakes to use one theme and the software posts to use another.

If you'd like to create your own theme it isn't too difficult, though it is more complex than just throwing together some HTML and CSS in a template. It helps to have a decent knowledge of PHP. If you'd like to get started using PHP check out our tutorial.

==Plugins - tap the Power of the Community==

One of the chief appeals to powering your blog with WordPress rather than building your own system is that you can take advantage all of the cool tools that other people have developed. The WordPress plugin universe offers something for everyone, whether you just want to add some photos or turn your blog into a proto-social network using the plugins from the [http://code.google.com/p/diso/ DiSo project].

To get you started, here's a few of our favorites:

# WP-Cache - Caches your pages for much faster loads. An absolute must, this should be part of WordPress by default. It works by caching WordPress pages and storing them in a static file for serving future requests directly from the file rather than loading and compiling the whole PHP code and the building the page from the database. Your site will thank you when Digg and Slashdot readers start pouring in.

# [http://wordpress.org/extend/plugins/wordpress-flickr-manager/ WordPress Flickr Manager] - post images from your Flickrstream with ease.

# [http://wordpress.org/extend/plugins/google-analytics-for-wordpress/ Google Analytics for WordPress] - track stats and more using Google Analytics.

# [http://alexking.org/projects/wordpress Twitter Tools] - enable you to integrate your WordPress blog and your Twitter account. Pull your tweets into your blog and create new tweets on blog posts and from within WordPress.

# [http://www.ilfilosofo.com/blog/wp-db-backup/ WordPress Database Backup] - creates backups of your core WordPress database tables. Backups are a must.

# [http://www.ejump.co.uk/wordpress/easytube-plugin-for-wordpress/ EasyTube] - post YouTube videos using just the URL. This plugin takes the URL and uses it to embed the actual video.

== Batten Down the Hatches==

While WordPress is open-source and constantly updating to fix known vulnerabilities, it still behooves you to take a few steps to protect yourself against attacks.

The first thing to do is makes sure that your WordPress installation is using the most current version available. To stay abreast of new releases consider subscribing to the [http://wordpress.org/development/ Developer Blog's RSS feed].

Beyond making sure that you have the latest security updates, there are few things in your server setup that can make WordPress more secure.

One big thing you can do is limit access to your wp-admin directory. There are two approaches here, if you have a static IP and you're only likely to update your blog from a few locations you can actually deny access to all other IPs. The following instructions will work with any Apache server, for Microsoft Servers, consult the Microsoft documentation.

To do that log into your web server via ftp and navigate to the wp-admin directory. Create a new file named <code>.htaccess</code> and enter the following lines:

Order Deny,Allow
Deny from all
Allow from XXX.XXX.XXX.XXX

Just replace the Xs with your home IP address. You can allow multiple IPs, just enter one per line. Now only requests from your IP addresses will be able to get to your WordPress login page.

If your internet service provider frequently changes your IP, the above solution isn't practical. In that case you can still add some password protection to the wp-admin directory. To do so move up out of your publically accessable directories and create a folder that's only accessable from FTP or the shell.

With most webhosts what would be the directory you see when you first login with you FTP client. Now create a file named <code>.htpasswd</code> and add the line <code>username:password</code> in that format with the username and password of your choice.

Now go back to the <code>.htaccess</code> file in the wp-admin directory and add these lines:

AuthUserFile path/to/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

require user XXXX

Replace the Xs above with the username you created in the .htpasswd file. Now if you navigate to your WordPress Admin pages you should be forced to enter a username and password before you even get to the WordPress login page.

Neither of the solutions is totally foolproof, but they're generally enough to convince the script kiddies to move on to easier prey.

== Conclusion ==

So there you have it, you should now have a working WordPress installation with a custom theme and some useful plugins. Happy blogging and be sure to check out our more advanced WordPress tutorial on creating custom themes and more.