Short answer: there are three ways to install WordPress. One-click install from your hosting control panel (pick a subdomain, enter a site title and admin email, click Deploy – the host creates the database, generates
wp-config.php
, and runs the installer for you). Manual install (download WordPress from wordpress.org, upload the files to your server, create a MySQL database, then run the five-minute install wizard at
wp-admin/install.php
). Or WP-CLI (
wp core download
+
wp config create
+
wp db create
+
wp core install
– four commands over SSH). The one-click installer is the right default on modern hosting because it removes every step that can go wrong. The manual install is the fallback for hosts that do not offer one-click, and it is what is happening under the hood when you use the wizard directly. WP-CLI is for anyone who installs WordPress more than once a year, prefers scripts, or needs to provision a site that has no browser-reachable URL yet.
WordPress is famous for the “five-minute install” – the original web installer that shipped with WordPress 2.0 in 2005. Two decades later, the underlying steps have not changed: download core, point a config file at a database, fill in a few fields. What has changed is that most modern hosts automate all of it. Knowing all three methods is still useful, because each one is the right answer in different situations: one-click when you want a working site in under a minute, manual when you need to understand what is happening, WP-CLI when you do this often enough to script it.
How to install WordPress: methods at a glance#
| Method | Best for | Time | What it needs |
|---|---|---|---|
| One-click installer | Anyone using modern hosting with a built-in WordPress deploy | Under 1 minute | A subdomain, a site title, an admin email |
| Manual install | Hosts without a one-click installer, or anyone learning how WordPress works | 15-30 minutes | FTP/SFTP access, MySQL credentials, the WordPress zip |
| WP-CLI | Scripted deployments, multiple sites, no browser available | Under 1 minute | SSH access, WP-CLI installed, MySQL credentials |
The one-click installer covers the vast majority of cases. The manual install is what every other method ultimately calls under the hood – core files in the document root, a database with a user, a
wp-config.php
pointing one at the other, and a final pass through the install wizard to create the admin account. WP-CLI is the same flow expressed as four commands.
Method 1: One-click install on modern hosting#
Most modern hosts include a one-click WordPress installer in the control panel. The exact label varies (Softaculous, Installatron, “Install WordPress”, “Deploy WordPress”), but the flow is the same: pick where the site should live, set a site title and admin email, click Deploy.
On Hostney specifically, the deployment form has three inputs:
- Subdomain – pick from the list of subdomains attached to your domain. Only subdomains that do not already have a WordPress install (and are not used for a different application) show up in the list.
- Site title – a human-readable name for the site (letters, numbers, hyphens, and spaces are allowed). This appears in the browser tab, the site header, and search engine results until you change it.
- Admin email – the address that will own the initial admin account. WordPress sends password resets, update notifications, and comment moderation alerts here.
You click Deploy. The host creates a MySQL database, generates secure salts in
wp-config.php
, downloads the latest WordPress core, runs
wp core install
against the database, creates the admin user, and shows you the admin URL and credentials when the deploy finishes – typically in under 60 seconds.
What you get out of the box from a one-click install on Hostney:
- The latest stable WordPress release (no version picker – older versions are not offered because installing a version with known CVEs is never the right answer).
- A dedicated MySQL database with a unique user (not a shared database).
- Automatic SSL via Let’s Encrypt on the subdomain.
- The Hostney Cache plugin pre-installed with automatic cache purge wired up.
- The site listed in the WordPress page of the control panel with one-click access to the admin panel, database credentials, snapshot backups, and the search-replace tool.
When to use one-click: almost always. The only reason to skip it is if your host does not offer one, or if you have a specific reason to install a non-standard configuration (different table prefix, a multisite from day one, a custom WordPress core fork).
Method 2: Manual install (the classic five-minute install)#
The manual install is what the WordPress documentation has called “the famous five-minute install” since 2005. It is worth knowing for two reasons. First, some hosts genuinely do not offer a one-click installer. Second, every other method – one-click, WP-CLI, automated deploys – is mechanically doing these same steps for you, so understanding the manual flow tells you what is happening when something goes wrong.
Step 1: Download WordPress#
Go to wordpress.org/download and download the latest WordPress zip file (typically a 25-30 MB archive named like
wordpress-6.8.zip
). Do not download WordPress from anywhere else. “Nulled” copies of WordPress core do not really exist in the wild, but pre-bundled installers from shady sites sometimes ship with malware injected into core files. Stick to wordpress.org.
Unzip the file on your computer. You will get a
wordpress/
folder containing
wp-admin/
,
wp-includes/
,
index.php
,
wp-config-sample.php
, and the rest of WordPress core.
Step 2: Upload the files to your server#
Connect to your server using SFTP or FTPS (FTP without TLS is unsafe and most hosts have disabled it). Use a client like FileZilla, Cyberduck, or WinSCP – or if your host has a browser-based file manager, use that instead, since drag-and-drop upload through the browser is usually faster than configuring an external client.
Upload the contents of the
wordpress/
folder (not the folder itself) to the directory where you want WordPress to live. For most installs this is the document root for the domain –
public_html/
,
httpdocs/
,
htdocs/
, or whatever your host calls it. After the upload finishes, you should see
wp-admin/
,
wp-includes/
,
index.php
, and the rest of core directly inside the document root.
If the upload fails partway through with a 413 Request Entity Too Large error or a timeout, that is a server upload limit, not a problem with WordPress. The fix is to upload the original zip in one go and extract it on the server using your control panel’s file manager (most file managers support extract-in-place), or to ask the host to raise the upload limit.
Step 3: Create a MySQL database and user#
WordPress needs a MySQL (or MariaDB) database to store posts, pages, users, settings, and everything else. The database has to exist before WordPress can install.
Most hosts have a database management section in the control panel where you can:
- Create a new database (give it a name like
wp_yourdomain). - Create a new database user (a separate user from your control panel login – WordPress needs its own).
- Set a strong password for the user.
- Grant the user ALL PRIVILEGES on the new database.
Write down the database name, username, password, and hostname (usually
localhost
, but some hosts use a separate MySQL host like
mysql.example.com
– the control panel tells you which). You need all four for the next step.
If your host gives you raw MySQL access instead of a control panel:
mysql -u root -p -e "CREATE DATABASE wp_example CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -u root -p -e "CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'your_password';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON wp_example.* TO 'wp_user'@'localhost';"
mysql -u root -p -e "FLUSH PRIVILEGES;"Use a long random password. WordPress only reads the password from
wp-config.php
– you never have to type it again – so the password being a 40-character string of random characters is fine.
Step 4: Configure wp-config.php#
WordPress ships with
wp-config-sample.php
, a template you copy and fill in. The cleanest way is to let the install wizard generate
wp-config.php
for you (see Step 5). The manual way is to rename
wp-config-sample.php
to
wp-config.php
and edit it directly.
Open
wp-config.php
and find these four lines:
define( 'DB_NAME', 'database_name_here' );
define( 'DB_USER', 'username_here' );
define( 'DB_PASSWORD', 'password_here' );
define( 'DB_HOST', 'localhost' );Replace each value with what you wrote down in Step 3. Save the file.
Further down in the same file, find the section labeled “Authentication unique keys and salts”. Replace the entire block with a fresh set generated by api.wordpress.org/secret-key/1.1/salt. These keys are used to sign authentication cookies – leaving the defaults is a security hole.
If you skip this step entirely, the install wizard will create
wp-config.php
for you in Step 5. The manual edit is only required if
wp-config.php
does not exist and your server cannot write to the document root.
Step 5: Run the install wizard#
Open your browser and go to
https://yourdomain.com/wp-admin/install.php
. If
wp-config.php
is in place, the wizard skips straight to the install screen. If not, the wizard offers to create
wp-config.php
for you using the database credentials you paste in.
The install screen asks for:
- Site title – the public name of the site.
- Username – the admin account name. Do not use
admin– that is the first username every brute force script tries. Pick something else. - Password – the wizard generates a strong default. Keep it, or replace it with your own (use a password manager).
- Your email – the address that owns the admin account.
- Search engine visibility – leave this unchecked unless the site is meant to be a staging environment that should not be indexed.
Click Install WordPress. The wizard creates the database tables, sets up the admin user, and finishes in about 5-10 seconds. You can now log in at
/wp-login.php
with the username and password you just set.
That is the full manual install. Five minutes is optimistic for the first time. After the second or third install, it really is closer to five minutes.
Method 3: Install WordPress with WP-CLI#
If your hosting provides SSH access and WP-CLI is available, the entire install reduces to four commands. This is the fastest install method by far, and it is the right default if you are setting up multiple sites, scripting deployments, or working on a server that does not have a working DNS record yet (the web installer needs a browser-reachable URL; WP-CLI does not).
The condensed version:
# Move to the document root
cd /var/www/example.com
# 1. Download WordPress core
wp core download --locale=en_US
# 2. Generate wp-config.php
wp config create \
--dbname=wp_example \
--dbuser=wp_user \
--dbpass=your_password \
--dbhost=localhost \
--dbcharset=utf8mb4 \
--dbcollate=utf8mb4_unicode_ci
# 3. Create the database (only if it does not exist yet)
wp db create
# 4. Run the install
wp core install \
--url=https://example.com \
--title="Example Site" \
--admin_user=admin_username \
--admin_password=strong_password_here \
--admin_email=you@example.com \
--skip-emailAfter the fourth command finishes, the site is fully installed and you can log in at
/wp-login.php
. No browser session, no wizard, no clicking through five screens.
WP-CLI also pins versions (
--version=6.5
), skips the default themes and plugins (
--skip-content
), and runs everything in scripts. The full walkthrough – including how to install WP-CLI itself – is in how to install WordPress with WP-CLI.
When to use each method#
| Situation | Best method |
|---|---|
| First WordPress site, modern host | One-click installer |
| Host does not offer one-click | Manual install via wp-admin/install.php |
| Learning how WordPress actually works | Manual install once, then switch to one-click for real sites |
| Multiple sites, scripted deployments | WP-CLI |
| Server with no public DNS yet | WP-CLI |
| Non-standard config (custom table prefix, etc.) | Manual install or WP-CLI |
| Migrating from another host | Often neither – use a migration tool. See why most WordPress migrations fail for the common pitfalls |
There is no “correct” method in absolute terms. One-click on a host you trust is faster and removes the steps where most beginners get stuck (database creation, file permissions, wp-config edits). Manual install gives you the deepest understanding of what WordPress actually needs to run. WP-CLI is the right professional default once you do this often enough that the dashboard feels slow.
What every install method has in common#
Whichever method you use, the result is the same five things on the server:
- WordPress core files in the document root (
wp-admin/,wp-includes/,wp-config.php,index.php,.htaccessfor Apache, etc.). - A MySQL database with the WordPress tables (
wp_options,wp_users,wp_posts,wp_postmeta, etc.). Thewp_prefix is the default but it can be changed for security obscurity reasons. - A
wp-config.phpthat tells WordPress how to reach the database, plus the authentication salts. - Two empty directories under
wp-content/–wp-content/plugins/andwp-content/themes/– ready to receive plugins and themes. For a deeper look at what lives there, see what is wp-content and what goes in it. - The default themes and Akismet plugin in their respective directories. These can be removed if you are about to install your own.
Anything else – a sample post titled “Hello world!”, the default “Sample Page”, the default pingback comment – is created by the install wizard or the first activation, not by core itself.
After the install: the first things to do#
Whichever install method you used, the first hour with a fresh WordPress site is roughly the same:
- Log in to
/wp-login.phpwith the admin credentials. - Change Settings > General – confirm site title, tagline, timezone, date format. Default tagline is “Just another WordPress site” – change it.
- Set Settings > Permalinks to “Post name” (or whichever permalink structure you want). The default
?p=123URLs are bad for SEO and confusing to users. - Delete the default content – the “Hello world!” post, the “Sample Page” page, the default comment, and the Akismet plugin if you do not plan to use it.
- Pick a theme – either keep one of the default themes (Twenty Twenty-Five, Twenty Twenty-Four) or install a custom one. The full walkthrough is in how to change, install, and customize WordPress themes.
- Install your starter plugins – typically a caching plugin if your host does not include one, an SEO plugin (Yoast, Rank Math, SEOPress), a backup plugin if your host does not run automated snapshots, and any feature plugins you actually need. How to install plugins in WordPress covers the install methods and how to pick safely.
- Create a non-admin user for daily writing. The admin account should be reserved for actual admin tasks. Day-to-day content writing happens under an Editor or Author account so a compromised cookie does not hand over the keys.
That is the baseline. From here, the site is yours to build.
Common mistakes during install#
- Using
adminas the username. Brute force scripts tryadminfirst. Use literally anything else. - Reusing the database password as the admin password. Two different secrets – one for
wp-config.php, one for the WordPress admin account. They should not be the same string. - Leaving the default authentication salts in
wp-config.php. The placeholder values are public, in the WordPress source code. Generate a fresh set from api.wordpress.org/secret-key/1.1/salt/. - Uploading the
wordpress/folder instead of its contents. The result is a site atyourdomain.com/wordpress/instead ofyourdomain.com/. Easy to fix – move the files up one level – but easier to avoid by uploading the contents the first time. - Skipping HTTPS. Install on
http://, then enable HTTPS later, and you end up with mixed-content errors and asiteurlvalue that needs fixing. Set up SSL first, install overhttps://from the beginning. - Installing onto a domain that already had WordPress. Old
wp-content/, old database tables, and oldwp-config.phpfrom a previous install will interfere with a fresh one. Either remove the old install completely first, or install onto a different subdomain. - Picking a host based on the install experience rather than the runtime. The install happens once. The site runs every day. How to choose WordPress hosting: what actually matters and managed vs unmanaged WordPress hosting cover the things that matter more than how fast the install button is.
How Hostney handles WordPress installation#
Hostney ships with a one-click installer that takes the three inputs above – subdomain, site title, admin email – and provisions everything in under 60 seconds: latest WordPress core, a dedicated MySQL database with a unique user, automatic SSL on the subdomain, the Hostney Cache plugin with automatic cache purge wired up, and the install registered in the WordPress page of the control panel for one-click admin access, snapshot backups, search-replace, and database credentials.
For people who prefer the command line, SSH access with WP-CLI is enabled on every site by default. The four-command install at the top of Method 3 works out of the box without any plan upgrade. For people who prefer to install by hand, the browser-based file manager supports drag-and-drop upload, zip extract-in-place, and a built-in code editor for
wp-config.php
– the manual install in Method 2 is fully supported through the file manager without ever opening a desktop FTP client.
Database creation is bundled with the one-click installer – you do not separately create a MySQL database. If you want to install WordPress against your own pre-existing database, that path works too: create the database through the MySQL page in the control panel, then run either the manual install or WP-CLI flow against it.
WordPress core, plugins, and themes are auto-updated by default with configurable per-installation delays (typically 2 days for plugins and themes, 1 day for minor core releases, 5 days for major core releases). The Vulnerabilities page in the control panel lists any installed component with a known CVE and offers a one-click override to apply the patched version immediately if you do not want to wait for the delay. Daily snapshot backups are included so you can roll back if an update breaks something.
Quick reference#
- Three install methods: one-click installer (under a minute on modern hosting), manual install via
wp-admin/install.php(15-30 minutes, classic five-minute install), WP-CLI (four commands, under a minute over SSH). - One-click is the right default. Manual is the fallback for hosts without it, and is what every other method runs under the hood. WP-CLI is for anyone scripting installs.
- Every method produces the same five things: WordPress core files, a MySQL database, a
wp-config.phplinking the two, emptywp-content/plugins/andwp-content/themes/directories, and the default themes plus Akismet. - Download WordPress only from wordpress.org. Avoid pre-bundled installer sites.
- Common mistakes: using
adminas username, reusing passwords, skipping authentication salts, uploading the wrappingwordpress/folder instead of its contents, installing without HTTPS, picking a host based on install speed rather than runtime. - On Hostney: three-input form (subdomain, title, admin email), under 60 seconds, latest core, dedicated database, automatic SSL, cache plugin pre-installed, snapshot backups, SSH and WP-CLI available by default.