WordPress installation made easy | incl. security tips & essential first steps

You want to use WordPress for your website? Great idea! The number of WordPress users is skyrocketing. In 2020, the percentage of websites based on WordPress increased by 5% to 40% now! This means that the software will continue to improve and grow.

With this guide, even beginners can install the software. You will see that installing WordPress is not an impossible task. If you follow the steps in order, you will definitely succeed.

 Difference to other guides: Most guides show you how to install WordPress in the main directory (www/) of your domain. However, we recommend and teach you how to install WordPress in a subdirectory (www/subdirectory/).

The benefits are:
  • neatness
  • flexibility
  • Prevent complications if you want to install other applications on your web space later on

This is similar to creating an organised folder structure on your PC and not storing all files in the main directory (C:).

1. Preparation - what do I need to install WordPress?

Before you start with the installation, you need to do some preparations.

Domain and web hosting

To be able to use WordPress, you need a domain and web hosting. To make sure that your domain points to the hosting package, you need to check the DNS settings. Usually, if you order your domain and hosting package from the same provider, these settings will be set automatically.

SSL Certificate - https

Before you start using WordPress, you should definitely install an SSL certificate on your web hosting. With the SSL certificate, the transmission of data between the user and the server is encrypted.

If you set up the SSL certificate after installing WordPress, you will have to make manual changes to your website. This may cause problems.

Free SSL certificate

Free Let's Encrypt SSL certificates are included in alldomains.hosting web hosting packages. You can install them in the control panel with just two clicks (module "SSL security" -> "Activate certificate").

2. WordPress installation

Installation methods

WordPress can be installed automatically or manually. You can decide for yourself which method you choose.

Automatic installation

The fastest and easiest method is the automatic installation with a software installer. alldomains.hosting provides this option for free.

Software installer from alldomains.hosting:

The result of the automatic installation with our installer is identical to the manual installation. No additional plugins are installed or presettings are made. WordPress is installed with just a few clicks.

Other software installers:

Some providers install additional plugins and themes. If you do not need these, you should make sure to delete them. This optimises storage space and minimises security risks.

Manual installation

Manual installation is more complicated and can cause problems for newcomers. In this guide we will go through both variants, the installation with a software installer and the manual installation, step by step.

 After you are done with the installation, you have to make the right settings to access your WordPress website without a subdirectory. This is the crucial difference in our tutorial, which we have already described in the introduction. We will remind you of this later.

Automatic installation with software installer

Not much technical knowledge is required to do the installation with the software installer.

Open the Control Panel

You can find all the tools you need in the alldomains.hosting Control Panel. Here you can access the login page of your control panel.

Create a database

First you have to create a database. This can be done easily in your control panel in the menu item "Databases". There you select "Add new database".

Select MySQL and in the next step the latest MySQL version.

The name of the database could be “wordpress”.

The next step is to choose a secure password. It should be many characters long and contain numbers and special characters.

With a free password management programme such as KeePass, you can not only create secure passwords, but also manage them in one place.

Check the settings you have made and complete the creation of the database by clicking on "Next".

Install WordPress software

Now you can start installing WordPress. Select the menu item "Software" in the control panel and click "Install".

Then select WordPress and the desired WordPress version. We recommend that you use the latest version.

As mentioned in the introduction, it is best to create a subfolder in the main directory (/www/) of your domain as the installation path. To do this, select the option "New directory". You can name the folder "wordpress", for example. Click on "Create" and then "Next".

The path in this example would be www/wordpress/. "www" is the main directory, "wordpress" the subdirectory just created.

After confirming by clicking on "Next", continue with the installation of WordPress in the browser. To do this, open the link provided and continue there.

Note that the installation routine of Wordpress has been secured by us with a password, if you open it directly via the link from the control panel, the username and password will be passed automatically, just press "ok". Otherwise you can find the password in the installation window in your control panel. The password protection is automatically deleted after the installation is completed and the wordpress installation has been secured with a user.

Leave the browser tab with the control panel page open (after completing the further installation process in the browser, you must click on "Next" here).

Setup in the browser

After opening the link in the control panel, you will be directed to the WordPress setup page in your browser. Select the language in which you want to install WordPress and continue.

Now you have to link the WordPress installation to the database you just created. Click on "Let's go!

Enter the database name, the user name, the password and the database host.

To better protect your database from attacks, you should change the table prefix value to some random letters and numbers, e.g. (ad7a03_) . If you want to use several WordPress installations within one database - then you have to give each installation its own table prefix.

Where do I find the data? We described this in the next paragraph.

You will find the required data in the Control Panel module "Databases". Click on the previously created database and retrieve the access data.

After you click on "Send", WordPress can already communicate with your database. Now select "installation".

Now all you have to do is choose the title of your website (you can change this later) and create your user account for the WordPress login.

Do not name your user "admin" or "Admin", because this name is the first to be tried in brute force attacks.

Do not check the box "Prevent search engines from indexing your website" if you want Google & Co. to be able to index your website.

You can, however, check the box until your website is finished and the content is available. After that, you can still activate it for search engines. To do this, go to "Settings" -> "Read" -> "Visibility for search engines" in the backend and remove the tick.

Click on "Install WordPress" to complete the installation in the browser.

Go back to the Control Panel and close the installation wizard by clicking on "Next" and "Exit Wizard".

That's it! The software has been successfully installed. You can already log in to WordPress.

 Don't forget to make the settings described below so that your WordPress site can be accessed without a subdirectory in the URL (“yourdomain.tld/" instead of "yourdomain.tld/wordpress/”).

The first steps you should now take in your WordPress backend are explained further down in the article.

Manual installation

Create a database

First you need a database. You can create one in your control panel in the menu item "Databases". Click on "Add new database" and select MySQL as database system. Use the latest MySQL version unless you have an explicit reason to use an older version (e.g. due to plugin compatibility).

Name the database "wp" or "wordpress", for example. Write down the password or use a password manager. You will need it later in the installation process.

2.3 - Download and configure the installation files

Now you have to download the installation files from the official WordPress website (https://wordpress.org/download/).

Extract these files locally on your computer (right click on the ZIP file -> "Extract all").

The unzipped files are now in a folder called "wordpress".

2.4 - Upload WordPress files to the web space

Connect to your server using FTP. You can use a programme like FileZilla. To log in, enter your FTP access data in the bar at the top. You can simply leave the "Port" field blank. On the left side you see the local files on your PC, on the right the files on the server.

You will receive the FTP access data by e-mail after you ordered your hosting package. You will also find the server and user names in the Control Panel module "FTP Manager". There you can also set a new password ("Action" -> "Set password").

Upload the unzipped "wordpress" folder to the main directory (www) of your domain. To do this, either double-click on the folder or drag and drop it into the www directory.

The folder "wordpress" is now a subdirectory of the main directory of your domain. The file path is www/wordpress/.

2.5 - Start the installation process in the browser

Open your WordPress installation. Simply open your domain in your browser with the installation path of WordPress. The www directory must be omitted. In our example with the path www/wordpress/, we enter yourdomain.tld/wordpress/ in the address bar. You will automatically be redirected to https://www.deinedomain.tld/wordpress/wp-admin/setup-config.php.

Clicking on "Let's go!" takes you to the page where you enter your database access data.

Enter the access data for your previously created database. You can access this information in the Control Panel in the "Databases" module. Click " Action" -> "Access data".

To better protect your database from attacks, you should change the value Table prefix to some random letters and numbers, e.g. (ad7a03_) . If you want to use several WordPress installations within one database - then you have to give each installation its own table prefix.

In the next step, create a user account for the WordPress backend.

Do not call your user "admin" or "Admin". Otherwise your WordPress installation will be more vulnerable to brute force attacks.

Choose a secure password (not too short, upper and lower case letters, numbers, special characters etc.)

Do not check the box "Prevent search engines from indexing your website" if you want Google & Co. to be able to index your website. You can, however, check the box until your website is finished and the content is available. After that, you can still activate it for search engines. To do this, go to "Settings" -> "Read" -> "Visibility for search engines" in the backend and remove the tick.

Click on "Install WordPress" to successfully complete the installation! You can now log in to WordPress with the user account you just created.

 Important: Follow the steps below to remove the subdirectory from the website address (URL).

The first steps you should take afterwards in your WordPress backend are explained at the end of the article.

Displaying a WordPress website without a subdirectory

To make your website accessible without the directory name in the URL, you still have to make settings. Otherwise, the subdirectory in which you have installed WordPress would appear in the URL, e.g. as follows: www.deinedomain.tld/wordpress/

However, the website should be accessible without a subdirectory in the URL: www.deinedomain.tld/

In the control panel, open the file manager and navigate to the folder in which you have saved the WordPress files. In our example, this is the folder named "wordpress" with the following file path: www/wordpress/.

Download the files named "index.php" and ".htaccess" (right click -> "Download" -> "Save file"). Make sure that you save them and do not load them temporarily by selecting "Open with", otherwise complications may arise.

Alternatively, you can also upload or download files via FTP.

Open the index.php in a text editor such as Notepad++, Atom or the Windows editor. These do not cause any errors in the source text due to automatic formatting (happens, for example, with Microsoft Word).

Now adjust the path of the WordPress installation by inserting the name of the subdirectory including the prefix "/" in front of "/wp-blog-header.php".

In our example, the name of the subdirectory would be "wordpress".

Then upload the two files (the .htaccess and the just changed index.php) into the main directory ("www").

Do not delete the two old files in the subdirectory ("wordpress"). Just leave them unchanged in the subdirectory.

In order for WordPress to adopt the new settings, you have to log into the WordPress backend and change the "Website address (URL)" in the settings under " General".

To do this, delete the subdirectory (after the /). You must not remove the subdirectory for "WordPress address (URL)".

Your website is now accessible "normally" via your domain without the subdirectory.

First steps after installation | Must-have settings

Congratulations! Your new WordPress website is now ready for use. To help you get started, we'll walk you through a few steps that will allow you to make useful configurations.

Change URL structure to increase usability

One of the first things you should do is change the permalink structure.

You change the URLs by default e.g. from:


The subpages of your website are then much easier for visitors to access. In addition, meaningful URLs have a positive influence on your Google rankings.

Sooner or later, you'll want to make this adjustment anyway! If you do it now, you will save yourself the manual effort of setting up redirects later on.

To change the permalinks, go to "Permalinks" in the settings and select the desired URL format. We recommend "post name".

Delete pre-installed plugins to increase security

After that, you should delete pre-installed plugins.

By doing so, you remove possible security vulnerabilities from your website. In addition, the standard version of the plugin "Akismet Anti-Spam" is not DSGVO-compliant.

Navigate to the "Plugins" tab -> "Installed plugins" and delete the plugins.

Activate maintenance mode to inform visitors

Before you have finished designing your website, you should activate the maintenance mode. This allows you to inform visitors who are already on your website that it is under construction.

The easiest way to do this is with a plugin such as Maintenance.