Tutorial Details
- Topic: WordPress
- Difficulty: Easy
- Estimated Completion Time: 20-30 minutes
A comprehensive WordPress installation, albeit simple to produce, often requires multiple steps — many of which can easily be omitted accidentally. How many times have you forgotten to customize your permalink structure? How about adding in a sitemap plugin? What about changing your timezone? If you’ve installed WordPress more than once, chances are you’ve missed something. Take the following steps and you’ll never miss anything again.
Step 1: Get WordPress from SVN
The number one mistake for a flexible WordPress installation happens right from the get-go. I’ve seen numerous developers manually download, unzip, and upload WordPress to their site. This is not only a waste of time, but it also reduces flexibility.
If you download WordPress from SVN, all you need to do is run the following in command-line:
svn co http://core.svn.wordpress.org/tags/3.0 .
Maybe you want the latest developer version. That’s even simpler:
svn co http://core.svn.wordpress.org/trunk/ .
Why is this so useful? For starters, all it takes is one command. Looking at WordPress in a long-term perspective reveals that SVN also provides the simplest, hassle-free way to update to a new stable version (or even downgrade). For example, let’s say you want to update to version 3.0. All you need to do is run the SVN switch command:
svn sw http://core.svn.wordpress.org/tags/3.0/ .
How easy was that? Note that if you’re using the developer version, updating is even easier:
svn up
That’s all it takes. If you ever need the URL to a new stable version repository, visit the WordPress Codex. You can also find full instructions on using SVN there.
“Looking at WordPress in a long-term perspective reveals that SVN also provides the simplest, hassle-free way to update to a new stable version (or even downgrade).”
Step 2: Secure .svn Directories
Now that you’re using SVN, you must ensure that your .svn directories are protected from the public. One main reason lies in the .svn/entries file, which can give out sensitive information to attackers. For further information regarding this subject, please take a look at Smashing Magazine’s article on the SVN server admin issue.
To secure .svn directories using .htaccess, just apply the following redirect rule:
RewriteRule ^(.*/)?\.svn/ - [F,L]
Step 3: Create wp-config.php
As outlined in the famous 5-minute WordPress installation, you’ll need to rename wp-config-sample.php to wp-config.php and add in your database information.
Step 4: Add a Unique Database Prefix and Authentication Keys
Leaving your wp-config.php file only with database information and no other configuration is a security issue. Make sure to generate authentication keys, as outlined in the comments. To do so, visit https://api.wordpress.org/secret-key/1.1/salt/ and copy-paste the randomly-created keys into the file.
Note that you should also change the default WordPress database table prefix. This is to secure your installation against hacks, such as the recent outbreak of the Pharma Hack. Visit random.org to generate a random prefix string which you’ll need to set as the $table_prefix in wp-config.php. In addition, make sure to add an underscore at the end of the prefix.
Step 5: Install Using wp-admin/install.php
As usual, visit wp-admin/install.php in your browser and follow the instructions. When filling out the form, change the default administrator username (“admin”) in order to increase security. Note that most attackers will target a WordPress installation with default settings. Thus, changing this username is a must.
“Note that most attackers will target a WordPress installation with default settings.”
Step 6: Remove wp-admin/install.php
This is a commonly-omitted step which only takes a few seconds to execute. Simply remove the wp-admin/install.php script after installing WordPress for further security.
Step 7: Login to the Dashboard and Complete User Profile
Login to your WordPress installation at http://example.com/wp-admin, click your username in the top-right corner, and fill out your user profile.
Step 8: Edit Tagline and Timezone
Under the Settings > General tab, make sure to edit your blog’s timeline as well as timezone.
Step 9: Review Writing, Reading, and Discussion Settings
Although you might not have to change anything, looking over Settings > Writing, Settings > Reading, and Settings > Discussion is always a good idea. Ensure that the configuration meets your standards.
Step 10: Change Permalink Structure
A default WordPress installation comes with query-string permalinks that look like http://example.com/?p=1 for each article. Not only is this not search-engine friendly, but it’s also not even human-friendly. Change this to a permalink structure that contains the title of the post (%postname% if you’re using a custom configuration).
Step 11: Add .htaccess Rules
An .htaccess file is necessary for your WordPress site to function correctly. To begin, turn on the RewriteEngine:
RewriteEngine On
Disable directory listings for security purposes:
Options -Indexes
Add/Remove www to prevent content duplication (replace example.com with your domain):
# Add www (change www.example.com to example.com to remove www)
RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
WordPress requires you to redirect all non-files and directories to index.php:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [PT]
Disable ETags:
Header unset ETag FileETag None
Suppress PHP errors (note that this might not work on all hosts):
php_flag display_startup_errors off php_flag display_errors off php_flag html_errors off php_value docref_root 0 php_value docref_ext 0
Control caching on files to speed up your site:
ExpiresActive On ExpiresDefault A0 <FilesMatch "\.(gif|jpg|jpeg|png|swf)$"> # 2 weeks ExpiresDefault A1209600 Header append Cache-Control "public" </FilesMatch> <FilesMatch "\.(xml|txt|html)$"> # 2 hours ExpiresDefault A7200 Header append Cache-Control "proxy-revalidate" </FilesMatch> <FilesMatch "\.(js|css)$"> # 3 days ExpiresDefault A259200 Header append Cache-Control "proxy-revalidate" </FilesMatch>
Secure the .htaccess file:
<Files .htaccess> Order Allow,Deny Deny from all </Files>
Secure the wp-config.php file:
<Files wp-config.php> Order Deny,Allow Deny from all </Files>
Secure .svn directories, as explained in step #2:
RewriteRule ^(.*/)?\.svn/ - [F,L]
If you would like to add more configuration for your website and are looking for a general tutorial, consider Nettuts’ Ultimate Guide to htaccess Files or Stupid htaccess Tricks on Perishable Press.
Step 12: Use gzip
Applying gzip can compress text files up to 80% and greatly save bandwidth. Making it active on your site only requires a PHP file and a bit of .htaccess. Note that the following code is referenced from a gzip tutorial on Lateral Code.
PHP (gzip.php):
<?php if( isset( $_SERVER['HTTP_ACCEPT_ENCODING'] ) && substr_count( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip' ) && !preg_match( '/(load-styles|load-scripts)\.php/', $_SERVER[ 'SCRIPT_NAME' ] ) ) ob_start( 'ob_gzhandler' ); else ob_start(); ?>
This may look a bit daunting at first, but it really isn’t too bad. The large boolean expression checks whether gzip is available and, if so, it’s applied. Unfortunately, I have found that this gzip method doesn’t function well with WordPress’ load-styles.php and load-scripts.php. As a result, the preg_match is used to exclude them.
.htaccess:
<FilesMatch "\.js$"> AddHandler application/x-httpd-php .js php_value default_mimetype "text/javascript" </FilesMatch> <FilesMatch "\.css$"> AddHandler application/x-httpd-php .css php_value default_mimetype "text/css" </FilesMatch> <FilesMatch "\.(htm|html|shtml)$"> AddHandler application/x-httpd-php .html php_value default_mimetype "text/html" </FilesMatch> php_value auto_prepend_file /absolute/path/to/gzip.php
This snippet adds the php handler to .html, .css, and .js files so that they can be gzipped. It also prepends the previously mentioned gzip.php file. Make sure to change /absolute/path/to/gzip.php to the correct path.
XEROX CODEStep 13: Apply the 4G Blacklist
Perishable Press’ 4G Blacklist will prevent numerous attacks on your website through .htaccess. I’ve included the code below (edited for WordPress). You can learn about how it works by reading the article on Perishable Press:
### PERISHABLE PRESS 4G BLACKLIST ###
# ESSENTIALS
RewriteEngine on
ServerSignature Off
Options All -Indexes
Options +FollowSymLinks
# FILTER REQUEST METHODS
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
# BLACKLIST CANDIDATES
<Limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from 75.126.85.215 "# blacklist candidate 2008-01-02 = admin-ajax.php attack "
Deny from 128.111.48.138 "# blacklist candidate 2008-02-10 = cryptic character strings "
Deny from 87.248.163.54 "# blacklist candidate 2008-03-09 = block administrative attacks "
Deny from 84.122.143.99 "# blacklist candidate 2008-04-27 = block clam store loser "
Deny from 210.210.119.145 "# blacklist candidate 2008-05-31 = block _vpi.xml attacks "
Deny from 66.74.199.125 "# blacklist candidate 2008-10-19 = block mindless spider running "
Deny from 203.55.231.100 "# 1048 attacks in 60 minutes"
Deny from 24.19.202.10 "# 1629 attacks in 90 minutes"
</Limit>
# QUERY STRING EXPLOITS
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
# RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|'|"|;|\?|\*).* [NC,OR]
# RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
# CHARACTER STRINGS
<IfModule mod_alias.c>
# BASIC CHARACTERS
RedirectMatch 403 \,
RedirectMatch 403 \:
RedirectMatch 403 \;
# RedirectMatch 403 \=
RedirectMatch 403 \@
RedirectMatch 403 \[
RedirectMatch 403 \]
RedirectMatch 403 \^
RedirectMatch 403 \`
RedirectMatch 403 \{
RedirectMatch 403 \}
RedirectMatch 403 \~
RedirectMatch 403 \"
RedirectMatch 403 \$
RedirectMatch 403 \<
RedirectMatch 403 \>
RedirectMatch 403 \|
RedirectMatch 403 \.\.
# RedirectMatch 403 \/\/
RedirectMatch 403 \%0
RedirectMatch 403 \%A
RedirectMatch 403 \%B
RedirectMatch 403 \%C
RedirectMatch 403 \%D
RedirectMatch 403 \%E
RedirectMatch 403 \%F
RedirectMatch 403 \%22
RedirectMatch 403 \%27
RedirectMatch 403 \%28
RedirectMatch 403 \%29
RedirectMatch 403 \%3C
RedirectMatch 403 \%3E
# RedirectMatch 403 \%3F
RedirectMatch 403 \%5B
RedirectMatch 403 \%5C
RedirectMatch 403 \%5D
RedirectMatch 403 \%7B
RedirectMatch 403 \%7C
RedirectMatch 403 \%7D
# COMMON PATTERNS
Redirectmatch 403 \_vpi
RedirectMatch 403 \.inc
Redirectmatch 403 xAou6
Redirectmatch 403 db\_name
Redirectmatch 403 select\(
Redirectmatch 403 convert\(
Redirectmatch 403 \/query\/
RedirectMatch 403 ImpEvData
Redirectmatch 403 \.XMLHTTP
Redirectmatch 403 proxydeny
RedirectMatch 403 function\.
Redirectmatch 403 remoteFile
Redirectmatch 403 servername
Redirectmatch 403 \&rptmode\=
Redirectmatch 403 sys\_cpanel
RedirectMatch 403 db\_connect
RedirectMatch 403 doeditconfig
RedirectMatch 403 check\_proxy
Redirectmatch 403 system\_user
Redirectmatch 403 \/\(null\)\/
Redirectmatch 403 clientrequest
Redirectmatch 403 option\_value
RedirectMatch 403 ref\.outcontrol
# SPECIFIC EXPLOITS
RedirectMatch 403 errors\.
# RedirectMatch 403 config\.
RedirectMatch 403 include\.
RedirectMatch 403 display\.
RedirectMatch 403 register\.
Redirectmatch 403 password\.
RedirectMatch 403 maincore\.
RedirectMatch 403 authorize\.
Redirectmatch 403 macromates\.
RedirectMatch 403 head\_auth\.
RedirectMatch 403 submit\_links\.
RedirectMatch 403 change\_action\.
Redirectmatch 403 com\_facileforms\/
RedirectMatch 403 admin\_db\_utilities\.
RedirectMatch 403 admin\.webring\.docs\.
Redirectmatch 403 Table\/Latest\/index\.
</IfModule>
A few of these rules are commented out or edited because they interfere with WordPress. If you are having problems with certain URLs, fix them by prepending a “#” (comment) to the corresponding rule.
Step 14: Activate Akismet
“Activating Akismet is a must in order to prevent comment spam.”
Activating Akismet is a must in order to prevent comment spam. Do so by registering for an API key at akismet.com. Note that a WordPress.com account API key will also work.
Once you obtain a key, visit Plugins > Akismet Configuration in your dashboard and paste it in the corresponding box.
Step 15: Download Plugins
The following plugins are a great help to any WordPress blog:
For further security, these plugins, referenced from DigWP’s WordPress lockdown article, are also important:
To make installation easy, you can run the following in command-line under your plugins directory:
wget http://downloads.wordpress.org/plugin/all-in-one-seo-pack.zip
wget http://downloads.wordpress.org/plugin/google-sitemap-generator.3.2.4.zip
wget http://downloads.wordpress.org/plugin/wordpress-file-monitor.2.3.3.zip
wget http://downloads.wordpress.org/plugin/wp-security-scan.zip
wget http://downloads.wordpress.org/plugin/ultimate-security-check.1.2.zip
wget http://downloads.wordpress.org/plugin/secure-wordpress.zip
find . -name '*.zip' -exec unzip {} \;
rm *.zip
This will retrieve zip files for the plugins, unzip them, and delete the .zips
These download links may not be correct later on due to plugin updates. As a result, you can visit the wordpress.org plugin pages listed above in order to find the updated links.
After you finish installing the plugins, make sure to enable them through the WordPress dashboard.
Step 16: Configure All in One SEO Pack
Before All in One SEO Pack becomes active, you’ll need to configure it. Go to Settings > All in One SEO to do so. Make sure to mark the “enabled” radio button. In addition, add in a home title, description, and keywords. Finally, set the rest of the options to your liking.
Step 17: Generate a Sitemap
Visit Settings > XML-Sitemap to generate your first sitemap that will be sent to search engines. Before doing so, ensure that the options on the page are what you desire. For example, I often edit the change frequencies, as my posts are modified quite often.
Once you are ready, scroll to the top of the page and click the build link (“Click here”). You might have to create two blank files—sitemap.xml and sitemap.xml.gz—in your root directory depending on the directory permissions. Nevertheless, once you finish building it for the first time, it should automatically update as long as you have “Rebuild sitemap if you change the content of your blog ” checked.
Step 18: Add Security
At this point, you’ve already installed four security plugins. You should now put them into use.
Visit Settings > WordPress File Monitor and add wp-content/uploads in the exclude path. Change the other information if necessary. Note that this plugin will inform you whenever it notices a change in your file system.
Under Settings > Secure WP, check Error Messages and Windows Live Writer for extra protection.
Note that there is a new “Security” tab created by WP Security Scan. Fix items in red under Security > Security and Security > Scanner. When you visit Security > Scanner, make sure to chmod all of your individual plugins with 755 as well. Furthermore, you can use the password tool to generate a strong password.
Finally, fix the errors under Tools > Ultimate Security Check and ensure your site receives an A.
Step 19: Customize Theme and Sidebar
Now that you’ve setup a flexible, secure WordPress installation, you’ll need to make it comprehensive by customizing the theme and sidebar to fit your site’s needs. Of course, there is no set method to accomplish this; each site is unique in it’s own way. Make a theme that appeals to both you and your readers.
Step 20: Write Content
All that’s left now is to write genuine content that appeals to your user base. You now have a flexible, secure, and comprehensive WordPress installation. Use it wisely.
Congratulations! You now have a flexible, secure, and comprehensive WordPress installation. Use it wisely!
Enjoyed this Post?
Subscribe to our RSS Feed, Follow us on Twitter or simply recommend us to friends and colleagues!
By Karthik Viswanathan
Premium Members
Source Files, Bonus Tutorials & More for all relevant Tuts+ sites in one subscription. Join Now
Related Posts
Premium Membership
Source Files, Bonus Tutorials & More for all relevant Tuts+ sites in one subscription
Rockstar WordPress Designer
Now updated for WordPress 3.0, this classic book on WordPress theming and design has sold over 3500 copies! Get yours now!
Top Selling
on Codecanyon
jQuery Lightbox Evolution only $12.00 
Events Calendar Pro - Wordpr ... only $30.00 
Honda Malta - More
Web Basix
Just getting started? Start with our basix tutorials on the fundamentals. View All Basix Tutorials
Other Plus Sites ...
aetuts+ audiotuts+ vectortuts+ tuts+ phototuts+ cgtuts+ nettuts+ psdtuts+ activetuts+ mobiletuts+Create a Tutorial, Get Paid!
Have something to teach the world? Want to earn money doing it? Tutorials, screencasts, and articles published here on Nettuts+ are largely contributed by readers just like you! We'll pay you great money for good content. Find Out More
Great Article. This should act as my check-list for go live process for clients.
I am some what surprised by your suggestions of Disabling ETags in Step 11. I am interested to know your reasons for this?
Especially when one of the Best Practices for Speeding up your website is to enable etags: http://developer.yahoo.com/performance/rules.html#etags
Hey Azizur,
You make a good point. As stated in the last paragraph of the link you posted, it’s better to disable ETags if you’re not making use of the validation. This is exactly my case.
In hindsight, I should have removed that from the htaccess snippet and let that decision be up to the user.
Karthik
First of all change admin username
Wow a lot of great information there.
I would have loved to see a screen-cast of someone actually going through these processes. For some reason, this is one of the areas I feel like iI might actually ‘break’ something in WordPress. Not sure why, but I dont trust myself??? Maybe its how complex the wordpress folder seems to me?
Thanks again, will try and make sure I do everything to stay secure.
This is what I was looking for from a very very long time! All important things in one place. Thank’s Nettuts!
Wow, thanks for this. Excellent list of steps to take!
Really great list. Anything to add more security to WordPress is a must. Keep up the good work =)
Why would you want to disable ETags? ETags are ridiculously handy for front-end optimization when used correctly.
Thanks, Karthik, a very good list. Looking forward to updating my WP checklist.
Great tutorial for locking down a fresh WordPress install. This is a must considering all of the malware and link injections going around. The .htaccess and blacklist are perfect. Thank you!
This is by far the most detailed Security post related to wordpress out there on the web! For being just a high school student.. you are impressive man! Great job Karthik .. keep it up
This is probably the most helpful tutorial I’ve seen on NetTuts yet. All of those .htaccess tips are awesome.
Wow, this is one amazing tutorial,
On the otherhand,
it’s a pity wordpress need all that fix after installation.
Somebody should write a php script for this routine!
I install WordPress on nearly every site I build and probably omit half of these steps normally, there are now a lot more things I’ll build into my install process now thanks to this.
Best of they don’t add much time but I can see how they’re beneficial.
I feel exactly the same. This is a great entry.
Nice post!!
Thanks for the information.
But the .htaccess file is for an apache server!!!
What about IIS server???
Oh come on! How lame are these tutorials, no offence, but most of them are blindingly obvious, and people will install how they want, there is no secuirty hole from not installing from a svn, and sometimes setting it up is a pain in the a$$.
Do they seriously pay people for these tutorials, maybe I should start and become a millionaire
Agreed. How much time is really spend downloading a file that is 3.0MB? Less than a minute? To extract? Less than 10 seconds? To upload? Less than 3 minutes?
I can’t see the argument that you’re wasting time. I could if the difference in time was much more significant.
Agreed… The only good informative ones is 11,12 and 13… The rest is either common sense (I should hope) or personal opinion. Though to be fair 11-13 are pretty cool…
I wish there was an easy way to change the table prefixes after installation. That means no plugin.
There is a relatively easy way. Export your database into an SQL file, open it in a text editor, do a find and replace, and then re-import.
Of course if you’re doing a find an replace for “wp_” that might be a little scary, so you’ll have to make sure to do something like find: “CREATE TABLE `wp_” and “INSERT INTO `wp_”
How do most one-click install services stack up against a manual install following these steps? Would you say that it’s worth avoiding these services and doing things yourself?
I’ve never liked the one click install services as you have to wait for them to update, or they may do the install strangely. I could see using it for some of the more complex setups, maybe, but for wordpress it makes most sense to do it manually.
Hey Chris,
Good question. As far as I know, most one-click install services simply get a default WordPress installation running on your site. Because defaults are what attackers look for, this is a security vulnerability.
On the bright side, you can still execute steps #6-20 to secure the installation. Not only that, but you can add authentication keys and change the database prefix (via the WP-Security plugin that I mentioned) as well. Thus, you could use a one-click service and really only miss out on SVN. Nevertheless, I would suggest doing everything manually, as you’re likely to avoid any quirks of the quick install process.
Karthik
You might also want to look into TAC for themes to make sure they are clean if you are grabbing them from anywhere other than WP.org.
http://wordpress.org/extend/plugins/tac/
Thank you thats a very useful plugin.
Most of the time i start working on free themes and build from there.
Very useful, thanks a lot for sharing !!
Nice list but is it really necessary?
Great tips. I didn’t know most of these. Thanks Karthik for sharing.
Very useful tips, I gotta bookmark this one
hey, great tutor..
thanks,
Some good suggestions here. I disagree with installing via SVN though. If, like me, you use subversion to control theme and/or plugin updates that you develop, then it will clash with the svn of the core, leaving possible conflict to deal with further down the line. Instead of checking out from the core repository, you could use the export command that will leave out the .svn folders everywhere.
Hey Kevin,
SVN will only keep core WordPress files and the default plugins (Akismet and Hello Dolly) under revision control. As a result, you can safely keep your themes/plugins under SVN/Git/Mercurial/etc. without conflict.
Karthik
Wow great article and will be following most of these pointers out in future! Thanks.
Be very careful running the WP Security Scan plugin. This plugin can leave you without admin access to your blog, as happened to me last night after running it. This blog provides the SQL code you need to complete the work started by WP Security Scan and regain admin access to your blog.
Really helpful checklist. The security section alone helped me greatly.
Great tips for securing wordpress installation.
Thanks for sharing.
Found this list very helpful and easy to follow.
I really didn’t know about the 4G Blacklist, and it’s something I really should check.
Thank you!!!. I dont knoW SEO plugin.
Useful tips and a really helpful checklist,too. Using gzip is brilliant!
My current WordPress 3.0 install has the following .htaccess file that was automatically built by wordpress:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
In steps 11 and 13 above, you give 2 different pieces of advice on setting up your .htaccess file. I’m a little confused as to which to use, for instance there are 2 different versions of this:
RewriteRule . index.php [PT] # from step 11 above
and
RewriteRule . /index.php [L] # created by wordpress 3.0
Nick
thanks for sharing this useful list!!
btw: the line 42 of the edited “Perishable Press’ 4G Blacklist” shouldn’t be typed in like this:
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
cause the “select” in this line generate a 403 error while using the “automated multi-update” funktion for plugins, themes, etc in WP. if u change the line like this:
RewriteCond %{QUERY_STRING} ^.*(request|insert|union|declare|drop).* [NC]
it works like it should – at least in my WP blogs.
have a nice day.
Marvin
Thanks for the tips, Mark!
Thank you for writing this article. I learned a ton.
Perfect article! Retweeted, added to favorites in delicious, and others! Thanks!
Can you provide links on how to achieve number 10?
Difficulty: Easy
???
I feel this was pretty hard to understand for me. i had never worked with htaccess before and i didn’t know what i was doing so i had to ask on some other community why and what..
I’am normally a login hosting-admin guy that clicks on the one-click installer button and WordPress is ready to go. * but that doesn’t work fine.
Your Command-Line:
I don’t know if it was me doing it wrong but at #15 after the command-line in the Terminal i had all my zip file on my computer unzipped. :S
Now i can clean up again! :S
Now i have trouble with my sitemap files..
I think it has everything to do with all the htaccess changes i made.
I did everything like in step#17.
First i created one empty tekst-editor file and named it sitemap.txt after that i changed it to sitemap.xml and duplicated it and named it sitemap.xml.gz
After that i uploaded them to my hosting in the same directory where the index.html / index.php file goes.
But nothing i get this error!
There was a problem writing your sitemap file. Make sure the file exists and is writable.
** Same line for the Gzip verson ***
I when looking in my hosting admin, to see what the permissions are on the file.
and it says the following:
Owner: read mode, write mode
Group: read mode
Others: read mode
Somebody knows where it goes wrong?
Learn lot’s of important things. I must use these to my work.
thanks fro sharing.
thanks you..
The GZip method is causing me not to be able to install or upgrade plugins directly through WordPress. Is anyone else having this problem?
I will use it on my site for sure..
Thanks, great tips.