This WordPress tutorial will walk you through everything you need to get started with a WordPress website. We will cover web hosting, WordPress installation, creating pages and posts, and optimizing your WordPress website.
- What is WordPress?
- What is a CMS?
- Is WordPress Free?
- WordPress.org vs WordPress.com
- Step 1: Install WordPress
- Step 2: Navigating WordPress
- Step 3: Publishing Content
- Step 4: Installing WordPress Themes
- Step 5: Installing WordPress Plugins
- Step 6: Optimizing WordPress Performance
- Step 7: Keeping WordPress Secure
What is WordPress?
WordPress is a free, open-source Content Management System (CMS). Using a CMS like WordPress allows you to design, develop and manage your website content using their framework.
What is a CMS?
A Content Management System (CMS) is a piece of software used to create, design, and manage digital content in the form of a website or web application.
Is WordPress Free?
Yes, WordPress is a free open-source CMS, meaning that the core software is available at no charge. You are able to download, install, and customize the software for free.
Choosing WordPress as your CMS usually means that you will need a domain name and web hosting to install the software and publish a live website.
What is the difference between WordPress.com vs WordPress.org?
WordPress.com and WordPress.org are often confused, leading to the wrong platform being used for the purpose of your website. The main difference being that WordPress.com is a hosted option while WordPress.org is a self-hosted open-source option.
WordPress.com is a hosted service created by the founder of WordPress.org. With this option, you are limited with your capabilities in many of the available plans. If you would like to use Google Analytics, you need the Business Plan which starts at $300USD per year.
You are also unable to process payment on your website, unless you have their e-commerce plan, which starts at $540USD per year.
WordPress.org is the open-source platform most people think of when looking to start a WordPress website. This is the self-hosted WordPress option, allowing you to download and install on a web host of your choosing.
With this option, you are only required to pay for web hosting, and can customize your WordPress website as much or as little as you like.
You can also download and install any themes and plugins on your website, and use Google Analytics without needing to upgrade your plan.
Step 1: Install WordPress
Before installing WordPress you will need to find a hosting provider which offers WordPress support. A good hosting provider will have a control panel like cPanel or Plesk with WordPress auto-installers built in to their systems.
If you do not already have a hosting account, you can buy WordPress hosting to get started.
Using an auto-installer means that you do not have to download WordPress, nor set up the database. This will all be done for you when using the WordPress auto-installer.
Below, you will learn how to install WordPress on your web hosting account using 2 popular methods.
Before we begin, you will need to decide where you would like to install WordPress. Do you want WordPress to be installed on the root domain, subdomain or subfolder?
WordPress on the root domain (yourdomain.com) is the most common method and is recommended if you are looking to use WP as the CMS for your entire site.
Installing WP on a subdomain (blog.yourdomain.com) is recommended for users who have an existing website or cms installed on the root domain (yourdomain.com) and are looking to install another CMS to manage a separate blog.
WP in a subfolder (yourdomain.com/blog) allows you to run multiple WordPress instances on the same domain. This method comes in handy if you have an existing website on your root domain, and want to add a blog without adding a subdomain.
1.1 Install WordPress on Dynamic Hosting Using the Plesk WP Installer.
This is the fastest way to install WordPress and start building your website or blog. So, lets dive into how to install WordPress using the Plesk auto-installer in your Dynamic Hosting account:
- Login to your Dynamic Hosting Plesk control panel.
- Navigate to “websites and domains”.
- On your domain/subdomain, select “Install WordPress”.
- Fill out the custom website details:
- Installation path
- Website title
- Plugin/theme set
- Website language
- WordPress Administrator
- Database name
- Table prefix
- Database user name
- Database user password
- Automatic Update Settings
1.2 Install WordPress Manually.
Installing WordPress manually is recommended for users who are experienced with web hosting, FTP, and File Manager. We will be covering two of the most common methods to install WP manually, using FTP and using your web hosting File Manager.
Before we begin, you will need an FTP client like FileZilla or web host with file manager built into their control panel. If you do not already have a hosting account, you can buy WordPress hosting to get started.
First off, you will need to download the latest release of WordPress from the wordpress.org site.
- Open your FTP client
- Connect to your account with your FTP credentials
- Navigate to the httpdocs folder
- Upload the latest release of WordPress you downloaded
1.2.2 File Manager
- Login to your Dynamic Hosting Plesk control panel.
- Navigate to “websites and domains”.
- Under your domain, select “File Manager”.
- Navigate to the httpdocs folder
- Upload the WordPress files as a zip file.
- Extract/unzip the WordPress install files.
After you have completed this, you will need to create a new database. WordPress stores information in a database, so this step is mandatory. In your Dynamic Hosting account, you can add a new database under the “Databases” section in your Plesk control panel.
- Navigate to Databases in your Plesk Control Panel.
- Select the “Add Database” button.
- Fill out the database details (Copy this information to a notepad or document. You will need it in the next few steps):
- Database name
- Related site
- Database user name
- Confirm Password
- Access control
- Select "OK"
Now that you have uploaded the WordPress files, and created the WordPress database for your website, you will need to install WordPress. To start this process, navigate to your domain name, subdomain, or directory.
WordPress will take you through a step-by-step process to finish your installation. This is where you will need your login credentials and database information you created earlier on.
Step 2: Navigating the WordPress Dashboard
Woohoo! You should now have a working WordPress installation to start building your flashy new website.
The next step is to login to your WordPress website. The quickest way to access your login screen, is to navigate to:
On the screen that pops up, enter your admin username and password which you created earlier in this tutorial. This will take you directly to your WordPress dashboard after you login. To reset or change your password, you can select the “Lost your password?” option.
If you have an account with us, you can skip the login page by clicking on the login button in your Plesk Control Panel. This will automatically log you in and take you to your WordPress website dashboard.
Your dashboard consists of the following main elements:
- The WordPress toolbar
- The WordPress navigation menu
- The WordPress work area
Step 3: Publishing Content
Most basic websites consist of two main items: posts and pages.
WordPress posts are used to display content which is archivable and contain a publish date. Posts can be organized using tags, taxonomies and categories. A good example of content which should be added under the posts section are blog posts.
On the other hand, WordPress pages are used to publish static content which is not timely and doesn’t require tags, taxonomies or categories. A few examples of this would be your contact page, home page, and services page.
Let’s dive into publishing your first few pages and posts!
3.1 Creating a New Post
To add a new post, navigate to the Posts item in the WordPress navigation menu, and select the Add New option. You can also use the WordPress toolbar to add a new post. To do this, hover your mouse over +New and select Post.
You will be redirected to the WordPress post edit screen. Since WordPress has 2 editors, you will be able to choose the Block Editor or the Classic Editor to add your post information. We prefer to use the WordPress Classic Editor as it is more intuitive and user-friendly than the Block Editor.
First off, you will need to give your post a title. Make sure to follow SEO best practices when giving your new post a title. This will help Google understand what your post is about, increasing organic traffic to your post.
Secondly, you will need to add the content of your post using the WordPress Wysiwyg editor.
The editor is similar to most text editors like MS Word, iPages, and Notepad.
The boxes you see on the right hand side of the post are referred to as Meta Boxes. Each meta box carries out a unique function related to your post.
- Publish: This is where you can edit the status of your post. You can save a draft of your post, schedule your post, and publish your post. You are also able to change the status of your post in the future.
- Categories: In this meta box, you can set the a category for the post or create a new category for the post by selecting the + Add New Category option.
- Tags: This meta box allows you to tag your post and easily create new tags to add to your post.
- Featured Image: Here you can Add a featured image to your post. Your featured image will be displayed above or below your post title. The featured image will also be used by social media and search engines when linking to your post. When adding an image, make sure that you follow SEO best practices for naming your image and adding Alt tag attributes.
3.2 Creating a New Page
To create a new WordPress page, navigate to the Pages item in the WordPress navigation menu, and select the Add New option. You can also use the WordPress toolbar to add a new page. To do this, hover your mouse over +New and select Page.
You will notice that the page editor in WordPress looks rather similar to the posts editor. Both editors use the WYSIWYG editor to add content to the page/post.
Since pages are not timely, and archivable, you will notice that you are unable to add categories, tags, and taxonomies to your WordPress pages.
3.3 Uploading Media
WordPress administrators, authors, editors and contributors can upload media to a WordPress website by default.
The recommended file types include:
* It is not recommended to upload and link to .doc files.
To upload files to your website, navigate to Media in your WordPress navigation menu. You can either drag or drop media files in the above format, or hit the Select Files option to select files from your device.
To follow SEO best practices, and rank your website pages higher on Google searches, we recommend naming your images correctly, and providing Alt Text tags for all images you upload.
Since Google is not yet capable of understanding what is an image, you need to explain the image to Google so that it understands what the image is of. Think of Google as being blind when describing your image in the Alt Text field.
When uploading an image, it is best practice to name the purpose of the image. This makes it easy to find when searching through large amounts of images on your website. Use all lowercase, and substitute spaces for hyphens. This allows Google to better index your images.
Image Name: downtown-vancouver-city.png
Image Alt Text: Ariel view of downtown Vancouver at night
Example of incorrect image fields:
Image Name: IMG-00334.png
Image Alt Text: Blank
In the incorrect example, you can see why your image would not appear if someone searched for “downtown vancouver” on Google.
Step 4: Installing WordPress Themes
WordPress themes are used to style your website on a global level. Every WordPress website requires an active theme to be installed. There are free and premium (paid) WordPress themes to choose from. We will discuss the difference between the two, and give you a list of recommended free and premium themes.
You can find the themes section of your website under Themes in the Appearance tab in your WordPress navigation menu.
In the Themes section of WordPress, you can preview, activate, and customize existing themes or add new themes using the Add New button.
4.1 Free WordPress Themes
Free WordPres themes are available to download, install and edit under the themes section in your navigation menu. WordPress has native themes developed by their team (Twenty Twenty-One and Twenty Twenty). Third party free themes are usually limited versions of premium themes.
Not all themes are equal. Poorly developed and updated themes will lead to your website getting hacked or infected with malware. Be sure to check that the theme is updated often, and developed by a trusted third party.
The best free WordPress themes
4.2 Premium WordPress Themes
Premium WordPress themes are usually available for purchase on a third party website. These themes usually include visual page builders and hundreds of website templates to speed up the web design process.
You can install these themes by uploading them directly from your WordPress themes section. For more advanced users, you can upload them through your web hosting file manager.
Just like with free themes, not all premium themes are equal. Be sure to check that the theme is updated often, and developed by a trusted third party.
The best premium WordPress themes
Step 5: Installing WordPress Plugins
You can use plugins to add custom contact forms, e-Commerce functionality, membership capabilities, and much more. You can choose between free plugins and premium plugins.
Plugins do come with a risk. Download poorly developed plugins, and your site is very likely to get hacked. Installing bad plugins on your website is like leaving the vault of a bank open. Be very careful when installing plugins on your website, making sure that you only install secure plugins.
Installing plugins on your WordPress website is very similar to installing themes. You can find the plugins section of your website under the Plugins tab in your WordPress navigation menu.
In the Plugins section of WordPress, you can search, install, and activate, and plugins using the Add New button.
Installing too many plugins will bloat your website and decrease your website performance. For that reason, we recommend keeping your plugins to a minimum. Only install plugins that are light-weight and essential to your website. Stay away from the “nice-to-have” plugins.
* If you receive an error message, your PHP upload limit is likely too low. Contact your web host to have this limit increased.
5.1 Free WordPress Plugins
There are thousands of free WordPress plugins available to download and install on your website. You can search for plugins in the WordPress plugin directory, which is also accessible from your navigation menu.
* Just because a plugin is listed in the WordPress directory does not mean it is safe to use. Always do your due diligence and check to see if the plugin is secure before installing it on your website.
5.2 Premium WordPress Plugins
Premium WordPress plugins are made available in a variety of ways. You can download them from 3rd party developer websites, premium plugin directories, and the WordPress plugin directory.
Some examples of premium WordPress plugin directories are:
5.3 Essential WordPress Plugins
There are thousands, if not hundreds of thousands of WordPress plugins. It can be tough to choose which ones to use for your website, nevermind whether the plugin is secure or not!
The ultimate goal when adding a plugin is to expand your website functionality, while keeping your website secure from hacks and malware.
The following plugins are essential for almost every WordPress website:
Step 6: Optimizing WordPress Performance
By this point of the WordPress tutorial you have a WordPress installed and should know how to navigate the admin section to build pages, posts, and install plugins and themes. Earlier in this post we touched on using as few plugins as possible so that you do not bulk up your database. This is for 2 major reasons, WordPress performance and WordPress security. We will touch on performance first.
Think of your website as your laptop or desktop computer. The more applications you install and run on your device simultaneously, the slower it will process functions. Your website is exactly the same.
As your WordPress website grows, so will the amount of text, posts, pages, images, and plugins. The more data your website has, the more processing power it requires from your web hosting server.
Nobody likes a slow website. If a website takes too long to load, the user will close your website faster than you can say “no more traffic”. Spend some time optimizing your WordPress website performance so that your website loads fast for your visitors.
Improving your WordPress speed can be done without any coding knowledge.
WordPress optimization techniques include best practices for maintaining your website, and preparing media before uploading.
Let’s dive right in.
6.1 Using WordPress Caching Plugins
What is WordPress Caching?
Implementing WordPress caching allows you to increase your website performance. When multiple users browse your website, static resources are downloaded onto their device each time. Caching allows you to reuse previously generated content so that it does not have to be downloaded each time.
This speeds up the website by decreasing the amount of resources which need to be downloaded in order to view the website.
If you prefer to use a plugin or are using a different web hosting provider, we have a list of recommended caching plugins below.
Recommended WordPress caching plugins:
6.2 Optimizing WordPress Images
WordPress image optimization is critical for website performance, and seo performance. When uploading an image to a website, it is important that you follow these guidelines:
- Scale your images correctly
When uploading an image to your WordPress website, ensure that the images use the correct dimensions.
If you upload an image that is 2000 x 1200 in dimension and insert it into a page that uses 500 x 300 as the dimension, your website will first have to load the large dimension and then scale it down for the user.
This creates unnecessary tasks which slow down the speed of your pages and website.
The correct way to scale your images would be to upload your images in the correct dimensions from the start. That way, WordPress will load the correct images, speeding up your website performance.
Scaling WordPress images with a plugin:
If you already have images on your website that need rescaling, you will likely prefer using a plugin. We recommend using WP Smush to scale your images correctly.
Scaling WordPress images without a plugin:
You can scale your WordPress images before uploading them with PicResize.
- Compress your images
Compressing images before uploading them to your WordPress website keeps your page size small, speeding up your website load times.
As a general rule, images should be no larger than 100kb. There are some exceptions for portfolio websites and the likes.
WordPress image compression plugins:
If you have a bunch of uncompressed images on your website, then you can use WP Smush to compress them.
Compressing images without a plugin:
We always like to use as few plugins as possible while doing this right, the first time. For that reason, we recommend that you compress your images before you upload them to your website.
You can use the online Image Compressor tool to compress your WordPress images.
6.3 Enable gzip Compression for WordPress
Gzip compression for WordPress websites increases speed and performance. It does this by decreasing the size of your static resources, essentially compressing them.
How to enable gzip compression:
- Enable gzip using the .htaccess file.
- Enable gzip using a WordPress plugin. You can use WP Fastest Cache to apply gzip to your website.
* Please note that these plugins can break elements of your website, so be sure to test these plugins on a WordPress staging site before pushing them to your live site. Using a private window or incognito window to preview your site is recommended so that cache is ignored.
6.5 Using a Content Delivery Network (CDN)
A Content Delivery Network (CDN) works by downloading cached files from your website to servers around the world.
This improves your performance by allowing users to download and view the static elements of your website from local servers rather than a server from across the world.
CloudFlare is a free example of a CDN. It includes DNS management, DDoS protection and CDN capabilities to name a few.
6.6 Removing Query Strings from Static Resources
Query strings refer to everything that follows the “&” and “?” symbols in a URL. These query strings are used by developers to pass information and identify various files.
Since query strings are not part of your website page and post hierarchy, they should not be visible when viewing a website. Removing query strings also allows you to improve your website security as hackers can use them to compromise your website.
Query strings also prevent resources from being cached, which ultimately slows down your website by increasing your page size and load times.
The plugin WP Fastest Cache can be used to remove query strings, thus speeding up your page load time, and providing another layer of WordPress security.
6.7 Enabling Lazy Loading
When you load a web page, the user browser will download the entire contents of that page to display it to the user.
Lazy loading works by delaying the loading of content onto the user browser only when they scroll to that section of the page. This is called lazy loading.
There are a few WordPress plugins which can enable lazy loading on your website. We recommend using Autoptimize for this.
Step 7: Keeping WordPress Secure
Just like any piece of software, WordPress is at risk of being hacked by malicious parties who steal data or install malware on your website. As WordPress is the most popular CMS, it is targeted for these attacks more frequently than others.
There are some basic security measures you can take which will ensure that your WordPress website will not be hacked or fall victim to malware.
7.1 Keeping WordPress Updated
Keeping your WordPress website updated ensures that your website is using the latest versions of software with known vulnerabilities being patched. All of our web hosting plans and WordPress hosting plans come with automatic WordPress updates twice every week.
WordPress, Themes, and Plugins are updated for the following main reasons:
- Add new functions
- Fix vulnerabilities
- Fix security exploits
- Fix general bugs and code conflicts
When WordPress, plugins and theme developers release updates, they also release the vulnerabilities and security exploits which were fixed. WordPress hackers and malicious third parties are able to identify these vulnerabilities and security exploits, and target websites using older versions.
Make a point of updating all of your WordPress plugins at least once a week. If you are a Dynamic Hosting client, then you can be rest assured that your WordPress will always be up to date.
You can access your WordPress updates by navigating to the Dashboard tab in your WordPress admin console. Click on “Updates” and then select all the themes and plugins you would like to update.
It is best practice to test these updates on a WordPress Staging Site before pushing them to your live site.
7.2 Using Unique Usernames and Passwords
When you install WordPress on a new domain, the default username is Admin. Be sure to change this to a unique name. If you use Admin, then hackers already have the first step of hacking your website figured out.
Select a WordPress administrator password that uses industry best practices. Ensure that your password uses numbers, a mix of uppercase and lowercase letters, and symbols.
You can store your passwords in your web browser keychain to make remembering them easier.
7.3 Backing up WordPress
Backing up your WordPress website is critical, which is why all of our WordPress Hosting clients have nightly backups of their websites for 90 days.
Backups are a great way to restore your content in the case of website errors and issues.
If you would like to create your own backup files, you download your WordPress website manually or using automated WordPress backups.
We recommend having downloaded archives of your website, as well as automated backups. If you have a Dropbox or Google account, you can automatically run monthly, weekly or daily backups of your WordPress website using a plugin.
If you are a Dynamic Hosting customer, you don’t need a plugin to do this, as our Plesk control panels allow you to connect your control panel directly to Dropbox, Google Drive, and many more.
As a general rule, WordPress backups should always be stored offsite. If you are storing your backups on your web hosting server, you are creating unnecessary risk. To have fully redundant backups, you should always store your backups offsite on a server different from your web hosting server.
7.4 Restricting WordPress Admin Access
WordPress administrators have access to your entire website content and user information, with the ability to edit plugin and theme files.
If malicious parties gain access to an administrator account, they are able to inject malicious code to give them access to your database. This effectively allows them to access private user information and inject malicious code.
Malicious code is often used to display ads in your website, or redirect users to a different website.
Restrict WordPress admin access down to 1-3 users maximum. To add more layers of security to your website, we also recommend restricting the following admin access:
- Restrict admin access to IP addresses
- Limit WordPress dashboard access
- Use Two Factor Authentication (2FA)
- Limit login attempts (Included with all Dynamic Hosting Web Hosting Plans)
- Require strong passwords
- Disable login hints
7.5 Installing a SSL Certificate
A Secure Socket Layer (SSL) allows you to encrypt a users’ connection to your website, preventing man-in-the-middle attacks from occurring on your website, among other things.
Since 2019, Google has made it a requirement for all websites to use an active SSL on their site. If you do not have an SSL, Google will often display a security warning to users before they can access your website. On top of this, Google also punishes your website by ranking you lower for keyword searches related to your website.
Ultimately, ignoring SSL will mean that you miss out on a significant amount of organic website traffic.
To enable (SSL) on your website, you can use the Free Let’s Encrypt SSL found in your Plesk Control panel.
7.6 Installing Secure WordPress Plugins & Themes
A sure way to protect your WordPress website from being hacked, is to do your due diligence and research a plugin and theme before installing it on your website.
Anyone can create a WordPress plugin and theme, and just because they are available for download from the WordPress directory, does not mean they are secure.
If a WordPress plugin or theme is poorly coded, and the source code is not updated and patched by the developers, your website is likely to get hacked. Find out more on how to find and download secure WordPress plugins and themes.
Latest WordPress Tutorials
In this WordPress tutorial, we have covered the basics of a CMS, how to install and navigate WordPress, and where to host your website.
To help you get started with your website we have also covered how to create WordPress pages, and posts.
Since WordPress is the most popular CMS it is also vulnerable to security risks. We have helped you identify security issues, and resolve them using secure WordPress plugins and themes while also implementing security measures.