Blogging Tips / Blogging Tutorials / Tips /

Setting up a self-hosted install

wpstuffThe pros and cons of being free hosted by or self hosting a software install are summed up very well in this support documentation entry – vs. The first step towards eventualy managing your own install can be purchasing your own domain and domain mapping. You don’t need to leave to do that, and the sooner you do this, the better.  The reasons why acting early is better than waiting are found in my blog posts below:

Do I need a Domain?
How and why to get your own domain

Bloggers Get Your Own Domain
Self-hosting: What’s Your Hurry?

If you are an experienced software user, and have the skill sets required to set up and manage your own self hosted install then the instructions for making the move are easy to follow. But if you are not skilled at  blogging, and also lack the skill sets required to self host your own install then acquiring those skills first is recommended.

Required skill sets for self-hosting a install

Richard, who answers questions on the support forums as I do,  provides the following advice:

You will be responsible for all upgrades, installations,  backups and troubleshooting. If you install a theme or a plugin that negatively affects your blog, then you have to figure out what went wrong and fix it. Sometimes it is a conflict with another plugin, sometimes is it is just a poorly written plugin.

If you install a plugin with a security flaw, and your blog is hacked, you had better have a good, recent backup or you might just lose everything. I cannot stress the importance of frequent backups. I’ve been called into many situations where there were no recent backups (or none at all) and no backups available from the host, and there was nothing left to recover, so in one case, 3 years of postings virtually every day were gone. Only about 15% of them could be recovered by copy and paste from Google cached pages, the rest were simply gone.

I’m not trying to scare anyone off, just letting them know what is ahead. In the last 3 months, I’ve helped to recover a total of 35 blogs that were “hacked.” Luckily in most cases we were able to recover most of it, but the average cost of recovering one is about $500. Think about that when you ponder if backing up your blog is really that necessary.

WordPress has done an outstanding job of jumping on security issues and making WordPress as secure as they can right out of the box, but the thing you have no control over is the web hosting company and their server configurations, and some of them are not all that secure.

For self-hosting figure an average monthly total cost (including cost of a domain name) of about $10 to $25 generally, but that all depends on storage and bandwidth requirements.

Most bloggers I know that take this route to make money via advertising do not make up for their hosting and domain registration costs, and with literally millions of people downloading and installing  Adblock plus on their Firefox browsers each month, fewer and fewer people are seeing ads. Adblock Plus for Firefox has been downloaded from the site 98,112,095 times as of the end of October 2010. I installed it years ago and have literally seen no ads in that time. If one comes up that it does not block, I simply right click and zap it and never see it again.

Setting up a self-hosted install

1.   Purchase a domain and hire a web hosting provider

Locate the web hosting requirements for installs and the recommended web hosting providers. If you haven’t previously purchased a domain and domain mapping then this is where to begin.  If you want to redirect (as well as all of your permalinks) to your new domain name, then that’s what the Offsite Redirect upgrade does this.  It seamlessly forwards traffic to your new domain.  Expect to pay $6 to $15 per year for the domain name. Many web hosting providers also offer domain purchasing or you can buy your domain separately.

Once you hire a web host, they will give you the DNS information for your account. You then go into your domain management here and change the DNS records to point to the new web host. It will take 24-72 hours for that change to propagate through all the world-wide internet nameservers and then you can put together the blog on the new web host. Typically the DNS changes will settle down after 12-24 hours, but sometimes it takes longer. It just depends on how busy the internet nameserver system.

2.   Register a account and locate resources

Your password will be emailed to the address you provide.  Resources are found in the codex – Getting started with

Getting More Help

3.    Download a FTP Client

FTP is an acronym for File Transfer Protocol. It is used to moves things from your computer’s hard drive to your server.  Using an FTP client is required for uploading themes and plugins in order to customize your site. FTP clients are free and readily available on the internet.  Filezilla Client is one that’s commonly chosen as it’s a fast and reliable cross-platform FTP client with lots of useful features and an intuitive graphical user interface.

4.   Upload the most recent  self hosting version of wordpress.ORG software into your new site

Download the most recent version of software.  Upload/install and configure the WordPress software, including creating a MySQL database. Most webhosts have a one-click installer script, but they are not always running the latest version of WordPress in which case you will have to immediately do an upgrade to WordPress. This can get involved if your host does not by default give enough memory to WordPress and sometimes it requires that you create a php.ini file to override the default memory settings so that you can run the upgrade from WordPress. Set up all the different things on WordPress (time offset, permalink structure, etc.)  Resource > First Steps With WordPress

5.  Select and upload a theme

Upload a theme – themes directory If you find and install a theme of your liking from the internet (be careful of the source for that theme as there are some bad actors out there that are including malware in theme files).  It’s sad but true.

6.  Select and upload plugins

Upload plugins of your choice  – plugins directory Heed the warning re: themes above as malware may show up in plugins as well.

7.  Import your content into your new site

Export the contents out of your blog out of  it to your desktop and then import them into your new install.  The export file will contain your posts, pages, comments, custom fields, categories, and tags.  Note that you will be given the option to include attachments such as images and pdf files, etc. in the export.
There are internal file size limits, so if you have a lot of content, you might have to open the export file in a plain text editor and break it up into smaller files so that it will import. You need to read up on this as there are specific parts of the file that have to be in each of the chunks.

8.  Import your Links (blogroll) into your new site

Your Links (blogroll) must be separately exported and there are two methods you can choose from.

9.  Change the visibility of your blog to private

When your move is completed change the visibility of the blog to “private” so there is no duplicate content issue and keep it as a back-up blog. You can use the export function on your install to periodically export/import an XML file from the new blog to maintain current backup of content.

Have a blog launch party!   :)


Do you have a install
Have you considered moving your blog to

Related posts found in this blog:
Why I switched from Godaddy ( to
Become a Blogger: Free Video Tutorials
Tutorial: Setting up a self-hosted blog
WordPress Blog Import and Export

31 thoughts on “Setting up a self-hosted install

  1. Hi. Nice site. I recently moved from to a self-hosted site for I would like to transfer my followers and subscribers. Can you help me? I can’t post a comment in the forum. Here are my accounts:

    Please help! Thank you!

      • Thanks for your swift response. I have a account. Unfortunately, my blog has been suspended and I am waiting for response from the team. I created my own self-hosted site being scared that it might happen again. Because I’m suspended, I cannot post in forums so I can’t ask the staff to help me with transfer. Can you help me reach them in any other way?

        Moreover, if they really want to suspend my blog, that’s fine but I request to have it reactivated at least a week so my followers will know about my move.

        • Blogs are only suspended if you violate the Terms of Service. When you entered the Terms of Service you entered a binding legal contract. I cannot help you with this aside from saying you may be able to copy and paste any indexed content in Google’s cache into new posts. But your subscriber’s and your blog content are history now. Get over it and move on.

          • Actually, I was able to move my contents in my new blog despite of the situation. Blog posts, comments, pages, categories, etc. Only followers were not migrated. This is my main request. I hope you can help me with this since I can’t contact Support or Forums.

  2. Hi there. I have a free blog and some of our posts are appearing well on Google searches. We are now getting 250+ hits per day. This is a regional educational blogsite with 28 centres. We do have pages on a national UK website (franchise) but this is pretty static and not appearing well on searches. I want to turn the .com blogsite into a hosted .org site to enable me to add plugins, better analytics and custom design as well as getting better domain name and removing ads. I am an English Teacher with limited knowledge although I have a keen interest in SEO and have set this blog up myself. I thought that 228US dollars for a guided transfer via wordpress would be good giving my limited knowledge. Do you think this would be a good idea? I have just noticed that since Google’s Penguin algorithm change, all of a sudden my tag for “Edinburgh tutors” has made it to page one on Google which we have never had before. Am scared to rock the boat and wonder should I keep the .com version where it is and build a new .org site? Don’t want to create duplicate content so glad of any advice that you can give me please!

    • My experience based on being both a blogger and a blogger that SEO plugins on installs do not compensate for the Google juice that flows to blogs within the community. installs are stand alone islands situate in a turbulent sea where highly competitive make money bloggers and SEO gameplayers dominate traffic. I’m cheered to find that Google is bringing the hammer down on on over optimized sites. Hopefully, those who are obessed with attempting to game search engine results will be sent to their corners to whimper and whine, while those who employ natural linking strategy will see their sites rise in the SERPs.

      I’s my strongly held opinion that if one lacks the skills it takes to set up a install on their own then they ought to remain as a blogger. See >

  3. Hi timethief,

    Great article, and seems very easy to follow. However, I’m having a wee problem, I’ve uploaded the latest wordpress software using filezilla and nothing is showing up at my domain. Just the hosts welcome page. Do you have any suggestions? Is it one of those things that take 24 – 72 hours?


  4. How are hackers more likely to get into a blog? Also, can I get the spam filter that users use?

    • Hackers of course are always looking for ways and means of finding security “holes” they can exploit. WordPress developers are busy updating versions when security vulnerabilities are discovered to patch them so these exploits cannot take place.

      The vulnerability to hacking is frequently exacerbated by bloggers. They fail to update their WordPress versions immediately when they become available, they fail to update plugins, some use obvious log-ins like “Admin”, and passwords that can easily be guessed by reading the blog.

      If you do get a self-hosted WordPress.ORG install then the Akismet plugin is available to you for use. Defensio is just as good and if you have mega spam problems you can also add the bad behavior plugin, or spam karma or GASP. If you wish to run the WordPress Akismet plugin and/or WordPress stats plugin on a WordPress.ORG install then you will need your username account to obtain the API keys.

  5. How to get to Remote publishing & check the box enable for WordPress, movable type, Metablog & Blogger XML-RPC publishing protocols. Got the directions just can’t get to the settings page in WordPress admin panel???

  6. I’m embarking on the .org installation and design for a new additional blog. Since blog will have some corporate sponsors, we have to go the .org direction which is regrettable since really we don’t plan to use any fancier, different features than what is already provided on .com version.

  7. Oh Lord! Complicated much! I’ve been toying with the idea of self-hosting, but I had no idea how much more work was involved…plus i’m still figuring out… I think I’ll stay where I am for now and learn a bit more first!! Thanks for this informative post.

    • I recommend learning how to blog with confidence on software before your make the switch. However that being said if you are sure you are into blogging for the long haul then do purchase a domain and domain mapping.

  8. Great topic (and selfishly timely for me). Have already decided to self host and am slowly moving in that direction and thus have been reading up on the topic in free time. I keep stumbling across these guys:


    Am struggling to discern if this will genuinely enable me save time & energy down the road or is not really necessary. The website keeps saying “keep your blog secure” but frankly am not entirely sure what they provide or how critical it is.

    Any thoughts or insights would be greatly appreciated!

    • I don’t understand what you want me to comment on. Studiopress is well known and respected. There isn’t anything amiss about the security on that site that I can detect.

  9. I started with a self hosted site a few months ago. I already had a hosting service for another website I maintain, so the big cost was already being paid. I have always been a DIY guy (full disclosure – I work in the IT field), so this just seemed to be the natural step. My hosting service provides a 1-click install process for WP so that was the easiest part. Most plug-ins and themes can be downloaded directly from the WP admin page – I have used an FTP client 1 time to upload a picture. The process has been so easy I plan to switch my original site to a WP in the next month.

    As for the mistakes, hacking, etc. – loss of data should be expected when using computers. It will happen eventually. The only protection is a good backup procedure. My host takes backups – so they say, I have never had to use them. I have all my posts saved on my laptop and I use Dropbox to backup all my files. I write all my posts on my laptop in Word which allows me to publish with 1 click so I have all my content saved outside the blog.

    If I am so unlucky as to have to rebuild from scratch, I will at least have the data – hopefully I will have the will.

    • Frequent backups are really always your best protection, and going a step further, keeping a copy of recent backups in a couple different locations is a good thing as well.

      For those that are self-hosted, and where their hosting provider gives them cPanel, there is a “backup wizard” which backs up not only all folders and files in your account, but also backs up your entire database – or databases if you have multiple sites in the one account. The beauty of the cPanel backup is that if something did happen and you have to restore, the restoration process will not only restore your files and folders, but also will restore your databases. I did some tweaking to a client’s site once (right after I had done a backup) and ended up destroying the site, and instead of having to work back through my changes to undo what I had done, I simply deleted everything and restored the backup. It took all of 2 minutes to have the site back up and running just as it was.


  10. I am interested, naturally, in the weaknesses that allow hacking.

    What are the most common reasons that has Richard found that allowed the 35 blogs to be hacked?

    What are the tips for avoiding hacking?

    • David, sadly the web hosts are very protective of their log files, and the log files that are accessible to the account holder really aren’t much help. I won’t mention names, but given that a huge number of sites on just a couple hosting companies (shared hosting accounts) were cracked, that leads one to believe that it was likely a server security issue. Now granted on a shared hosting server, once someone pries their way into one site, getting to the others on that shared hosting server is not that hard (after all it is “shared”), but one can’t help but think that the server configurations might have contributed to the issue.

      Here is sort of a general rundown.

      On some, there was the possibility that FTP passwords may have been guessed (they were too easy). In a couple of those instances I was able to talk the support people into looking back through their precious, top secret log files and there was evidence someone had accessed the sites via FTP around the time the sites were cracked and the site owners said they had not done any FTP’ing.

      On some, anonymous FTP access was set up for the main public_html folders (an open door with a neon sign saying come on in). Again support was able to confirm this on a number of sites. Those holes are now closed on the sites I worked on.

      A note to anyone reading this: NEVER enable anonymous FTP, and if you have to, set up a separate folder and then give the anonymous accounts access to ONLY that folder and set the permissions on that folder so that only the account owner can execute programs from that folder. Still, my suggestion is to always make sure that anonymous FTP is disabled. There simply isn’t any reason for it being enabled in most cases.

      The bulk of the sites though had good config files and there really wasn’t any reason that someone should have been able to do any PHP injections, and in the instances were I could get the support people to look though the log files, they said there was nothing out of the ordinary. Possibly they were not being completely honest, or possibly the entry to the server happened on another account/site on the server and then spread from there.

      Without access to all the log files, I’ll never know and the support people at the web hosts aren’t talking. The main reason give for this closed mouth attitude is that if they were to allow access to the log files, then nefarious types could gain information about their security measures and have a heyday.

  11. Very, very helpful information. Thank you! I’ve been playing with the idea of switching my blog to just so that I can sell my book (which I’m about to self-publish). But after reading this – I’m rethinking the whole thing. Great advice!

    • Anne,
      You are allowed to sell any book you are the author of on your blog. Although blogs cannot be equiped for ecommerce you can use a PayPal donation button and you can use a contact form.

      Affiliate marketing blogs: Blogs with the primary purpose of driving traffic to affiliate programs and get-rich-quick schemes (“Make six figures from home!!”, “20 easy steps to top profits!!”, etc). This includes multi-level marketing (MLM) blogs and pyramid schemes. To be clear, people writing their own original book, movie or game reviews and linking them to Amazon, or people linking to their own products on Etsy do NOT fall into this category. Here is a thread in the support forums that talks more about which affiliate links are OK or not OK.

      If you are in any doubt, please contact support for clarification.

      Hope this helps. :)

Comments are closed.