Setting up WordPress ready for BuddyPress
This is the second of a series of articles aimed at informing the BuddyPress and potential WordPress beginner as to how to setup a BuddyPress Social Network from scratch. If you’ve not already done so, you may be interested in reading Planning your BuddyPress Social Network.
Before installing BuddyPress it’s best to get your basic WordPress installation configured correctly, this in itself can be quite a complex task and there are going to be many aspects of this that I will not have space here to go into in detail but what I hope to achieve in this post is to give you a basic idea of what is needed and to get yourself in a position to run and install BuddyPress on a firm platform.
The first task is to get yourself a good quality WordPress host – the company that will look after your server. There are quite a few hosting companies out there that offer specialist WordPress support, too many for me to go into and there are a lot of reviews of hosting companies around the web so I do not intend to spend time going into this in too much detail, I use a company called 1and1.co.uk. I chose 1and1 because they are a reasonable size organisation, offer 24 hour telephone support and have reasonable cost hosting plans. I did not go for the cheapest company but tried to find one whose support was very accessible and responsive. My experience of 1and1 has been very good, I’ve at times had to call them at very late times and they have been there to help, you need this kind of support.
You need to remember that you are not going to be creating just the one site, you will need at least two and I would recommend that you aim on running three sites in order for you to make your network a success – one site will be your live site and the other two sites will be for testing purposes – One test site that will run every feature that is on your live site and another site that is a basic install, one for running quick and dirty tests.
That’s my set-up, I have one test site which runs every plugin that is installed in my production environment and I use this for compatibility testing for potential new plugin features – so I can perform my tests without risking my main site going down. I also have a very basic site where I first test new plugins just to see if they work and also to understand how they work without needing to worry about the complexity of trying to get them running of my main test server.
So when choosing a host and indeed a hosting package you need to remember that you will need multiple sites, a lot of disk space (social sites these days can eat up huge amounts of capacity since users can upload many images, video and audio files every week), and also BuddyPress installs tend to be pretty heavyweight so you need to make sure that the devices your install will be hosted on will have the grunt to deliver the performance that you need. This all points to you needing to choose one of the larger hosting companies.
Ease of installation is also a consideration with your hosting provider. If they specialise in WordPress like 1and1 do then the installation is a breeze, you click on the WordPress application, enter a name for your website, choose the administrator user name and password, select the domain to be used and the install happens in less than a minute. At the same time you can also choose to have SSL secure connections added to your site, I think it is wise to select this option from day one since it helps with search rankings and also with the overall security of your network, which is a major concern for those running social networks. In fact this first stage – setting up WordPress ready for BuddyPress is largely about security.
At the end of the process you will have two urls for your site:
www.yoursite.com – the url for the front end of your site, which will be configured with the WordPress default theme, and be showing the default “Hello World” first post.
www.yoursite.com/wp-admin/ – This is the administration Dashboard, you will need to login with your administrator id in order to access it.
From this point on and anywhere on this site I will refer to this location as the Dashboard.
The first thing to realise is that your choice of administrator username is important here, of primary importance is that you do not use what was the default WordPress administrator username “Admin”, every hacker knows this and from day one they will be trying to log into your site using that name and random passwords. so stay clear of that. Also, once you have set up WordPress you will need to go to your profile and change the display name to something else. No point in giving hackers clues by posting as your administrator user name all over the site. To change your display name you will need to login to your site, go to the sitename at the top left corner of the screen, if you hover your mouse above it a dropdown menu will appear with “Dashboard” as an option, choose this and when the left site menu appears choose Users and Your profile, your profile settings are here for you to change. You will need to set a new Nickname and then select this from the dropdown options in the Display Name setting.
The first thing I do when installing a new WordPress site is to install Limit Logins Reloaded. This will stop hackers from continually trying to login using random passwords. To install this Plugin (and any other plugin) go to Dashboard>>Plugins>>Add new. This takes you to the plugin installation screen and you can search for your desired plugin. Once installed you can activate it and go to Dashboard>>Settings>>Limit Login Attempts to configure it. You will need to choose how many unsuccessful login attempts result in a short term ban of access etc.
Some Basic Configuration
At this point you can configure your initial WordPress install, in Settings>>General you can make sure the language is set to your country (there are separate US and UK versions of English for example) and you can also set your date format and timezone.
Note: there is also a setting here to allow anyone to register for the site. at this point leave this unchecked (otherwise you will have spammers registering and posting spam content before you have the modules in place to prevent this from happening) when you do install BuddyPress, you will be choosing this option.
You can also go to Dashboard>>Settings>>Permalinks to set up the way the URL for your posts etc will be formulated. For BuddyPress installs you can choose any setting you like apart from the plain format, that is not recommended.
You can probably delete the default first post and page at this time by going to Dashboard>>Posts>>All Posts and Dashboard>>Pages>>All Pages.
Choosing your Theme
The WordPress theme determines the look and feel of your website so it is an important decision, there are a few BuddyPress themes out there so these are worth taking a look at. It might be an idea to set up your first WordPress test site initially with a view to evaluating themes in order to make that decision.
I spent an awful long time looking at themes and in the end I chose a theme called Graphene, I chose this because of the huge range of configuration options available within it, allowing you to change colours on just about every aspect of the site, the theme also allows for a wide variety of page layouts – 1,2,3 column etc. and importantly for me it also allowed for the creation of a site banner – typical of so many Ning sites.
The one disadvantage of Graphene is that it is not a responsive theme, meaning that the page will not automatically resize when viewed on devices with smaller screen sizes. For mobile devices this issue is resolved by the purchase of a mobile specific theme Graphene Mobile Neo, however this is a premium theme – $29.00 and in addition you need to use the Pro version of Any Mobile Theme Switcher, which again comes at extra cost but to my mind it was worth it, all of the other themes I looked had had very poor customisation options and most lacked the ability to have a site banner (Header Image). Note that these are one-off costs so you will not be expected to renew licenses every year.
To install your Theme you will need to go to the Dashboard and select Appearance>>Themes. From here you can search for themes (entering BuddyPress will bring up BuddyPress enabled Themes), view a preview of them and install/activate them. Only one theme can be active at any time. You can leave the installation of Neo and the Theme switcher until later, once you are happy with your site and definitely want to get it up and running.
Setting up a Child Theme
Once you have installed your preferred theme, you need the ability to make changes to it without future theme updates over-writing those changes, to do this you need to set up what is called a child theme, this is effectively a dummy theme directory where WordPress will look for modification files, I’ll cover more about this when I discuss branding of your site but for now you can follow these steps:
Install One Click Child Theme (by going to Plugins>>Add New)
Go to Appearance>>Child Theme in your Dashboard
Choose a suitable name for the Child Theme
Your child theme is now set up and active
Putting in place your Backup System
Site backup is critical to running your social network and it’s best to have this up and running right from the start. There are a number of good backup options available, the one I use is Updraft Plus as this is free and if you need any other the premium options(such as the site migration option) these can be bought individually at low additional cost.
You install this plugin from the Plugins>>Add New section of the Plugin directory in the Dashboard. Once you have installed and activated it you will need to configure it, so you should click on the Settings link which is available in the Plugins page or in the Settings options in the Dashboard.
Once you get to settings, you will need to decide how often to perform a backup and also how many backups to store. Currently I backup daily and I keep three days worth of backups. I also copy off a snapshot of my sites once a month as an archive in case of catastrophe!
Below these options you get to choose your backup destination and there are a wide range of options. I backup to an FTP directory in my hosting area. To do this I had to set up an FTP Account with my host and also create the backup directory.
Once you set up your FTP Account to your hosting area it is well worth installing a local FTP file manager on your Computer so that you can inspect your hosting area and copy/delete/rename files and directories in your WordPress installation. This is extremely useful when it comes to trouble shooting your install and also for making code changes.
I use FileZilla, it’s free and has all the options I need for managing my sites. You can use this to create your backup directory structure.
Testing your backup regime
Once you have installed your backup solution take a backup of your site. Then I strongly recommend that at this stage you test that it actually works by deleting your install, re-installing WordPress and restoring your build. It may seem a bit extreme but it is vital that from day one you are fully confident with your backup solution and that you understand exactly how to restore your site. At this stage you have not done a great deal of work on your site so you have little to lose if it all goes wrong.
Note: to restore your site you will need to have to hand the FTP user details for your site, you will then re-install WordPress using your hosting providers tools, you will then install your backup software, configure it, scan your backup files (to load them into the backup manager and then perform a full restore.
Installing your Anti Spam and Anti Hacking Measures
This is a very important and complex area. When I first created my social site from the minute I made available the ability for anyone to register with the site I was getting numerous spam registrations, this was because I had no anti-spam/hacking plugins installed. These plugins work in various ways, the good ones learn spam ip addresses. domains and user names and they exclude those potential users from registering for your site.
There are also anti-hacking plugins that protect against specific types of attack. I use quite a range of these plugins, I do not want to waste my time dealing with spammers so my plugin list for this purpose is quite extensive. In the last six months not a single spam registration has got through to the site. There are tow levels of protection as I see it, firstly there are the basic WordPress measures which are dealt with here then there are BuddyPress specific measures which I will cover when I discuss installing BuddyPress.
The following list is all the plugins that I use on my main sites, I run them all, not all will be required but when it comes to this area I take the view that it’s better to be safe than sorry.
This plugin checks for comment spam, when you activate the plugin you will need to sign up to the Akismet website in order to get an activation code. Whether you choose to detect for comment spam depends on whether you choose to allow comments from all or just your logged in member base, and also how strongly you are vetting your members.
Whilst not strictly anti-spam this plugin will allows you to remove the ability for members to comment on your site pages, most social networks do not allow comments on site pages in order to keep term clean and uncluttered, so this is a good option to have, the alternative would be to turn off comments on a page by page basis which can be tedious. Once activated this plugin will display a message asking you to go to the configuration page to set it up.
Protects against various forms of spam, including comment and registration spam. If you go to Dashboard>>Stop Spammers>>Protection Options all of the anti spam measures put in place by Stop Spammers are clearly explained and settable.
Prevents User Enumeration hacking attempts
Protects against higher level spammers who may have gained access to your site by including a report button on content, also prevents many spammers from registering to your site in the first place. You will need to register with Wanguard in order to get an Activation key for this plugin to work. Once you have activated it there are a range of configuration options that you can set but in general the default options are suitable for most social sites. One of the checks Wangguard puts in place is to check the new members email address comes from a valid domain name at registration. Another feature is adding a “Report User” button to BuddyPress Status updates and comments so that users can report other users in case of spam activity.
A Very rich featured anti hacking and site monitoring system, live traffic feature is a must as is the firewall, it also includes a cache service to speed up your site. When you first activate it Wordfence gives you the option to sign up to their mailing list and to take a product tour, these are recommended.
On activation you will also be asked to set up the firewall, it will ask you to backup your .htaccess file in case there are problems as it modifies this file, which controls access to your site. When configuring this do not forget to select for warning emails to be sent to admin, this is a useful feature in that it warns you exactly when your site is under heavy threat. You can then go to the Live Traffic feature and block the IP addresses of the hackers manually.
More Security Tips
Even more WordPress security tips are available here. Overall what I have specified here is more than enough to secure your servers from the vast majority of attacks your site is likely to face.
Your site is now ready to move forward onto installing BuddyPress and becoming the social network of your dreams! you now have a safe, secure platform that will fend off the hackers and spammers and is capable of being restored in the event of the worst happening. I hope you found this useful. In the next article in this series I will take you through setting up BuddyPress for the first time.