Review: GoDaddy cPanel Hosting

This is an update from an original post. Back then my web sites were hosted at GoDaddy. Now my web sites are at Namecheap.


I switched from a non-cPanel hosting plan in GoDaddy to a cPanel hosting plan in GoDaddy.  I needed extra CPU processing power for my web site which is a photography non-Wordpress Imagevue web site.  It uses mostly php and flash.  I outgrew from the non-cPanel Economy plan.  I also have two WordPress sites.

I did some shopping for hosting.  I was primarily looking for an inexpensive plan and good reputable name.  It came down to two hosting providers: GoDaddy and BlueHost.  GoDaddy had a special going at a rate of $4.49 per month for the Deluxe plan.  BlueHost had a special going for $3.99 per month for a 3 year term.  I chose GoDaddy because as a customer I was already familiar with them.  Plus I didn’t want to get locked in a 3 year term with BlueHost which I was not familiar with.  The GoDaddy rate of $4.49 was good for any yearly term whether it was 1, 2, or 3 years.  Also, I could cancel the plan GoDaddy Deluxe plan anytime and get an in-store credit.  I think BlueHost had a 30-day money back guarantee and then after that you’re locked in for the term.

The GoDaddy special does offer a free domain with the Deluxe plan.  I opted out because the free domain does not include free private registration.  The private registration is extra.

If you want to switch to GoDaddy cPanel, you’ll need a few things.  If you don’t already have one, get FileZilla.  Also, if you use BitDefender Internet Security, consider going with another Internet Security Suite.  There is one feature with cPanel that you might want to use but BitDefender will block it.  I went with Kaspersky.

Even though I was switching plans within GoDaddy using the same domain, I had to manually migrate my files from one server to another.  I had to download all the files from the old server to my computer, and then upload the files to the new server.  Same domain, but just different plans.  Going from non-cPanel to cPanel is a switch to a different plan, not an upgrade from an existing plan.  If it was an upgrade, GoDaddy would have migrated the files to the new plan.  But since it is a totally new plan, I had to migrate the files myself.

The download was quick.  Then I switched the domain from the old plan to the new plan.  By switching, all the files in the old server was deleted.  The domain switch from my old plan to the new plan was pretty quick like 5 minutes.   Then I uploaded the files to the new plan.  I had about 1.5GB of files and the uploading took overnight.

About the upload, cPanel has a couple new features for uploading, sftp and web disk.  There is plain FTP but if you’re concerned with security use sftp or web disk.  With plain FTP, your password is exposed.

If you want to use web disk, don’t use BitDefender.  I could not get web disk to connect with BitDefeneder firewall running.  With the firewall disabled, I got the connection.  There did not seem to be a setting to open specific ports in BitDefender.  So I switched to Kaspersky.  I already had an active Kaspersky license so I tried it.  And web disk worked.

Sftp is a bit tricky.  If you’re not familiar with sftp, you have to enter your IP address in cPanel in order to get the sftp connection.  Otherwise, you’re not going to get the connection.  To set you IP address, on your cPanel page, go to the Security category and click on SSH/Shell Access.  You’ll be prompted for an IP address.  To lookup your IP address, go to

If you have tons of data (I had 1.5 GB), use sftp instead of web disk.  I read that sftp is faster then web disk.

How to Hide Your Sub-Domains from your Main Domain

If you have more than one domain and you’re new to cPanel, there is one detail that might be of interest.  In cPanel, when you add the first domain, it is your main domain.  When you add a second and subsequent domains, they are sub-domains to the main domain.  As a result, if is your first and main domain and is your second and sub-domain, then you can access from by using  Moreover, you can access by using the URL notation

If you want to keep the relationship between the main and sub-domains invisible to the Internet, you’re going to need to do a few things.  First, you’re going to need to modify .htaccess for both the main domain and the sub-domain. Add the following code in the .htaccess files for both domains:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?$ [NC]
RewriteCond %{REQUEST_URI} ^/*)$
RewriteRule ^(.*)$ – [L,R=404]

Replace and with your main domain and sub-domain.  Add the code in /home/username/public_html/.htaccess and /home/username/public_html/  If one of your domains is a WordPress site, there might be tons of code in the .htacess file.  Just add the code at the bottom of the .htaccess file.

By modifying .htacess, you’re preventing from occurring.  The server should return a 404 code.

Second, check your DNS records for the main domain.  In cPanel, go to DNS Manager.  In Godaddy, you should be in the Standard DNS dashboard.  Select the edit zone link for your main domain.  Look in the A (Host) category.  Under host, if you don’t see your sub-domain, then your sub-domain cannot be reached using the notation.  If you do see your sub-domain, then you can reach your sub-domain in the notation.  If you don’t want your sub-domain to be reached by your main domain, delete the record.  In GoDaddy, just select the record and click on the Delete button.

Third, turn off directory indexing from you main domain so that a directory listing cannot be made from your main domain.  If a listing occurs, your sub-directories to your sub-domains can be exposed from you main domain.  To turn off directory indexing, go to Index Manager in cPanel.  Select /public_html/, then select No Indexing, and then click on Save.  Also, check if there an index file like index.html, index.php, etc in the public_html directory.  If there is an index file, that’s good.  There is a strange server rule that if there is no index file the server returns the directory listing.

If you want to check if someone can get a directory listing, go to  Enter your main domain in the left box and select Directory Browsing Test in the right box and see if it can get a directory listing.

That is about it.  All your sub-domains should be separate from the main domain from the view of the Internet.

How to port your WordPress site to GoDaddy cPanel

Before you port, backup your database first and then backup all your WordPress files to your host computer.

Create your addon or main domain on cPanel.  A sub-directory should be created for the web site.  Upload all the files to the sub-directory.

Then go to MySQL Database in the cPanel page.  Create a new database for the web site by entering a name and press Create Database.  Add a new user for the database.  Under Add User to Database, associate the new user to the new database and press Add.  In the next page, select all privileges.

Go back to cPanel and select phpMyAdmin.  Select the Databases tab.  Select the database that you just created.  Now click on the Import tab.  Click on the Browse button and select the database that you backed-up earlier.  It is important that you select your created database first then select Import.  If you import without selecting a database, you’ll get an error.

After the import is done, go back to cPanel and go to the File Manager.  Go to the sub-domain sub-directory and edit the file wp-config.php.  Change DB_NAME, DB_USER, and DB_PASSWORD to the database name, database username, and database user password respectively.  Change DB_HOST to ‘localhost’.

That should be it.  Your WordPress site should be up and running.

Don’t forget to modify the .htaccess file.

Migrating your email to cPanel

cPanel email is pretty good.  cPanel supports IMAP which was add-on in the old email plans.  I am not sure but GoDaddy says that the mailbox is limited to 500 MB, but when I set the file size limits of the mailbox I set it to unlimited.  I’ll see if my mailbox maxes out at 500 MB or not.

Setting up the mailbox is pretty straightforward.  The only glitch I had is switching from the old email plan to cPanel within GoDaddy.  The MX records were not set to cPanel when I setup my cPanel mailbox, so I had to set them.  If you domain is outside of GoDaddy, just point your nameservers to GoDaddy.  GoDaddy sets up the DNS records correctly for non-GoDaddy domains.

cPanel supports email forwarding and the importation of emailing data.  This is great if you lots of forwarding addresses.  If you can, try to see if you can export the email data in your old plan.  The exported data can be in CSV format.  If you can, then you can probably import them in cPanel.  If you are going to do this, there one thing that you should know.  If you’re importing email addresses from one domain, importing is not a problem.  But if your exported data contains forwarding addresses from more than one domain, you have break up your data by domain by using a spreadsheet.  This is because cPanel can only import forwarding addresses one domain at a time.  If you try to import data from many domains, you’ll need to specify which domain the addresses refers to and once you set it and import data, all the address will be refer to the specified domain.  For instance, let’s say you have and  When you import, you’ll need to specify a domain that both addresses refers to.  So if you chose, cPanel will create forwarding addresses for and  The address will not be imported.

Changing your DNS Records

If you had a non-cPanel hosting plan with GoDaddy and switched to a cPanel hosting plan with GoDaddy, you’re going to need the change your DNS records.  GoDaddy does change your DNS records when you migrate to cPanel, but not all the records.  I had to change my MX records from my old email plan to the cPanel hosting plan.

Here is the link to change your DNS records: There is one setting that I had a problem with. In the link, GoDaddy recommends creating a CNAME record for mail. I, instead, created an A record for mail. Having an MX record point to a CNAME is a violation of RFC2181. Having an MX record point to an A record, instead of a CNAME record, didn’t seem to have an adverse effect on cPanel.

If you have your domain registered somewhere else, all you have to do is just change your nameserver settings to point to the GoDaddy nameserver.  When you create an AddOn or Parked Domain on cPanel, a DNS record for that domain is created in the DNS manager with a GoDaddy nameserver assigned to it.  Just copy the nameserver settings to the nameserver setting for your non-GoDaddy-registered domain.


Email Authentication

In an earlier post, I described email authentication because GoDaddy supported it. Now, they don’t. Now that they don’t, there is not much to write about email authentication.

I am not sure why they dropped support for it, but both SPF and DKIM worked for me. When I first tried email authentication, SPF and DKIM didn’t really work. The SPF value was wrong. The DKIM only worked for the default domain. GoDaddy couldn’t help me with this problem. I eventually figured out what the SPF record was supposed to be and figured out where to find the public keys for the add-on domains.


The Time My Websites Went Down

On July 10th about 10 pm, my IMAP connection went down.  On July 11th about 10 pm, my POP connection went down.  Somewhere during that time, my websites went down.  Not only my email and websites went down, but also my cPanel account.  I contacted GoDaddy support.

According to GoDaddy support, the shared hosting server where my websites were located went down due to a hardware failure.  On July 12th at 3 pm, my websites finally went up.  My POP connection went up on July 13th at 6 am.  My POP account was down for about 32 hours and my guess is that my websites were down for about 17 hours.

What was interesting was that none of the websites that publicly monitor GoDaddy’s uptime and downtime detected any downtime.  GoDaddy’s system alerts page reported no issues.

GoDaddy did notify me when email was up.  What they didn’t tell me was that my cPanel account and email moved to a new URL address.  It took me awhile to figure out that fact.  As a result, I had to update my email settings on Outlook, and set a new bookmark on my browser to get access to my cPanel account.

Is GoDaddy a good host?

Early on, I liked GoDaddy cPanel. It was much better than the old hosting interface. cPanel had a lot of bells and whistles. Unlimited disk space, unlimited domains, unlimited email address, and IMAP.

Now I am not so enthusiastic. The server when down for 17 hours. Then GoDaddy offered a plan that if you wanted more memory (I think) for your hosting package, then you can pay an additional $2/month for the memory. Now they dropped DKIM and I think SPF.

I drew the line with the DKIM, so I looked elsewhere. I am now with Namecheap. Namecheap is more expensive ($7.48/month vs. $4.99/month), but I was able to get hosting for $7/year.

GoDaddy, 1&1, Namecheap, and

Here is my review of the Internet registrars and hosting providers. This post is updated on occasion, so what you read now, may change in the future.



GoDaddy is a pretty good domain registrar.  I have had my domains there for about ten years.  GoDaddy is not cheapest, but the biggest reason I stuck with them was that I bought domains during a promo that was grandfathered for the past ten years.

In the past, you could buy a domain and get free economy web hosting and free email with the domain. This was not just an introductory offer.  As long I kept my domains registered at GoDaddy, I would get free web hosting and free email. The nice thing about this promo is that I can use the free hosting on any domain that I registered with GoDaddy, not just the domain that gave the free hosting.  I have taken about advantage of this promo occurred about 10 years. I haven’t heard GoDaddy offer this promo again recently.

Now, things have changed. My web sites have outgrown from the free web hosting and email. I had to upgrade to better plans because the free plans were not powerful enough to drive my web sites without noticeable lags. I no longer use the free plans.

So why do I stick with GoDaddy? That’s a good question. In the past, I stuck with them because of the cheap web hosting. You can get a deluxe web hosting plan which includes cPanel for $4.49/month for one, two, and three year plans. The deluxe plan includes IMAP, unlimited disk space for email, and web hosting for unlimited domains. It is a no contract plan, but if you cancel you get in-store credit.

Now for domains, there are only two reasons to go with GoDaddy. If you use DNSSEC for your DNS, you almost have no choice but to go with GoDaddy. The reason is that there not that many registrars that support DNSSEC. GoDaddy is one of them and others include and a handful of others and that is it.

The other reason is that you can get a cheap $0.99 domain for one year. With private registrar, the total cost would be about $10.98 for the first year. I could get it cheaper at other registrars but I like the GoDaddy user interface. So spending two dollars more is worth it.

Now GoDaddy did away with the renewal coupons which is a bummer. However, you might be able to get a discount when you renew your domains on GoDaddy. The discount is not much, but I was given a $4 discount for my renewal of my domains. Also, I got private registration, business registration, ownership protection, and a 2-year certified domain for $9.99. The domain renewal cost $20.98. Pretty good.

I recently tried their Premium DNS. This service is comparable with other DNS services such as and Premium DNS supports AnyCast Global Network, DNSSEC, secondary DNS servers, and vanity nameservers. It has one interesting feature called templates. You can set the zone records on a template, and when the template is ready, you can set a domain’s zone records to the template with one click of a button. Another feature is that it keeps a history of DNS changes so you can go back check out what changes were made. The nameserver uptime is ridiculously unreal. Most good nameservers are up about 97%-98% of the time per month. GoDaddy premium nameservers are up 100% for like 3 to 4 months in a row. The GoDaddy nameservers do go down eventually.

GoDaddy customer support by phone is 24/7.   I like this.  I mostly configure my cPanel account on the weekends so support on the weekends are convenient. The average wait time is about 5 minutes and the maximum I had experienced has been 30 minutes. Before contacting support, you can see the estimated wait time on the support page. You can call support or chat with support.

GoDaddy has a two-step authentication.  With authentication is enabled, when you login, GoDaddy will send a security code to your phone.  You just need to enter the code to GoDaddy and you’re in. At first, I thought this feature was annoying because I would have to take an extra step to login. But now, I have no problem with two-step authentication. It is an extra layer protection for your domains. Note that the two-step authentication is not available for cPanel access, only for your GoDaddy account. Access to cPanel does not require logging in to your GoDaddy account.

Now for the bad stuff…

At one time, my websites went down for about 17 hours.  Not only my websites, but my email and my cPanel access went down.  My email account was down for about 32 hours.  According to support, there was a hardware failure on the shared hosting server where my cPanel account resided.  What was strange was that none of the public websites that monitor the GoDaddy’s uptime reported any downtime.  Not even GoDaddy’s system alerts page reported any problems.  GoDaddy did notify me when my email account was up, but they didn’t tell me that my cPanel account moved to a different server which had a different URL address.  I had to update the email settings on my Outlook and Android to point to the new URL address.  Fortunately, I didn’t lose any email. It seems like GoDaddy has an email spooler when the email servers go down.

Another bad thing is that cPanel support is limited for the advanced user. For basic questions, GoDaddy could probably help you. But if you have an advanced question, their knowledge is limited and may not be able to help you. One representative recommended that I search the web for a cPanel answer.

Just recently, GoDaddy dropped DKIM and SPF support from cPanel hosting. GoDaddy said that these features “never produced any effect on a customers’ accounts, so we disabled them.” There were problems with DKIM and SPF when I tried to use them. cPanel was giving me wrong SPF settings and cPanel was only showing the DKIM record for the default domain, not the add-on domains. I did figure out what the SPF setting were supposed to be. Also, I did find out where to find DKIM public keys for the add-on domains. SPF and DKIM did work on GoDaddy. Now that DKIM no longer works, I decided to search for another hosting provider that does support DKIM.



There are some good points with 1&1 and there are bad points. The good point is that 1&1 is great if everything runs smoothly. The bad point is that when things go wrong, it is difficult to fix the problem.

First the good. For a number years, 1&1 had a good price for the domains which was $10.99 per year and that came with private registration. Now, unfortunately, the price is $14.99 per year. Because of this increase, I looked elsewhere.

1&1 was pretty good with refunds. For instance, I bought a 6 month plan. About a month later, I downgraded the plan. I was refunded the difference.  In another instance, I transferred out my domains 2 to 3 days before the domains expired.  I allowed the auto renewal to occur so that the transfer would complete because the transfer took 5 days.  The transfer completed in 5 days and I was billed for renewal for 2 domains out of 5.  I called 1&1 about why was I billed on 2 but not on the other 3.  Customer service refunded me the renewal on the 2 domains.

The refund does not happen all the time. There was one time of a renewal during a domain transfer. Support said that technically 1&1 still held the domain at the time of renewal based on Who Is, even though the receiving registrar said that transfer was complete on an earlier date.

I have used 1&1 for web hosting. No problems. 1&1 does not use cPanel. Their email service does not offer SPF or DKIM email authentication.

So the bad stuff. My advice for new 1&1 users: Try to do everything using the user interface. Try not to ask customer support to do any domain management tasks.

For me, I wanted to remove some external domains. Unfortunately, their web site was down. This web site is the site to go to cancel domains and packages. It was down for about a day or two. So I called up support to remove the external domains. They removed the external domains but they also canceled one registered domain by accident. I got an email notifying me of a request to terminate the registered domain and that termination would occur the next day. From this point one, the process to get it back was crazy.

You would think getting it back would be no problem. Just cancel the termination of the domain and that’s it. With 1&1, it did not work that way. Once the wheels are in motion, there is no stopping it. For me, 1&1 accidently terminated by registered domain at about 2 pm, I called 1&1 to try to stop the termination at about 3pm, support did not see any request for termination on their computer, later I called 1&1 the next morning to check, the termination was in process to occur, I requested to stop it, support made a request to stop the termination, the termination occurred at about 12 noon, called 1&1 to get back my domain, and 1&1 said that I had to buy a one year package to get it back.

I thought 1&1 was shaking me down, but I later thought there is no other way get the domain back. Buying a package is the only way to get it back. Customer support probably couldn’t override the normal procedures and just get my domain back. They probably couldn’t get a domain without associated the domain with a package. I don’t think 1&1 support can stop a process once it has started. Unfortunately, I had to wait for the process to play out.

On the bright side, I wasn’t billed for the package and I ended up with a free package.

One important note: Customer support accidently deleting domains is not uncommon. I spoke with a person with worked at a different registrar, and he said that customer support does accidently delete domains once in a while. Accidently deleting domains is not just a 1&1 problem.



I have been looking at this registrar for some time and I recently transferred my domains to it.  I transferred the domains for $8.97 per year.

For new domains, the rate is about $10.87 per year and private registration is free for the first year and $2.88 for subsequent years. So, for the first year, the rate is $10.87. For the following years, the rate is $13.75. You can get email for free for the first year.

To get the $8.97 first year rate, go this link for the latest promos:

I am not a fan of the user interface, or the Dashboard. I don’t find it easy to navigate. I can get around it now but I still find the user interface not easy to follow. I am also not a fan of the user interface for DNS management. It is quite different from other DNS interfaces that I have used on other sites. Actually, I don’t use it at all. All my domains at Namecheap have the nameservers pointed elsewhere besides the Namecheap DNS. (Note I have one domain pointed to a Namecheap web hosting DNS which is different from the usual Namecheap DNS).

The web hosting is pretty good. When I thought of Namecheap, I thought of domains, but not web hosting. I was searching for a new provider when I decided to move away from GoDaddy. I noticed that Namecheap offered web hosting, so I gave it a try.

Here are some points about the web hosting:

  • Namecheap web hosting uses cPanel.
  • You cannot add-on a domain until you change the domain’s nameservers to Namecheap. So for a while, your web site might go down for a few minutes while you’re trying to setup your email and web site. The best thing you can do is to create a folder in your public_html directory. The created folder will be the root of your add-on domain. Upload the files to the directory. When finished uploading, switch the nameservers to Namecheap, create the add-on domain, and have the domain point to the created directory. Then quickly create your email accounts and forwarding addresses. Once you’re done, then can then switch you nameservers back to wherever you want them to be.
  • For a while, there was no user interface for managing SSL certificates. In the past, you had to contact SSL technical support to get a CSR. Once you got your new certificate from your CA, you had to email the certificate to back SSL technical support so that they can install the certificate.
    Now, there is an icon for SSL certificates. It looks like you can get a CSR and install a certificate all by yourself. I haven’t tried it since I already have my certificates installed.
  • Depending on the SSL certificate, you don’t need a dedicated IP to use SSL for your web sites.
  • The default SPF record when you enable it is wrong. I had to add one more IP address to the SPF record. Otherwise, the email will get softfails.
  • DKIM is supported. DKIM is disabled by default, but you can enable it.
    I am not totally sure about this but once enabled, you don’t have to do anything else if your DNS records is managed by Namecheap web hosting. You don’t have to add a DKIM record to your DNS records. The DKIM record is installed automatically in the nameservers.
    Now if you nameserver resides outside of Namecheap, then it is a different story. cPanel will only show the DKIM record for the default domain. For the add-on domains, you have to fish for the public keys for them.
  • The server response time is pretty good without SSL. The average response time has been around 325 milliseconds and the maximum response time has been around 1300 milliseconds.
  • If you want to change the default domain of your cPanel account, you have to chat with Namecheap to have it changed.
  • Unless your nameservers is outside of Namecheap, the DNS management for you add-on domains is through cPanel, not on the Namecheap Dashboard. I like this. I don’t like the Namecheap DNS interface, but I don’t mind the cPanel DNS interface.
  • After you upload files to the server and your website does not work, you have to set the file permissions 644 and folder permission to 755. Here is the link for the info:
  • I can use Web Disk without enabling Digest Authentication on my Windows 8 machine.
  • You can set a cPanel password longer than 14 characters. Passwords for GoDaddy cPanel was limited to 14 characters (I think). On Namecheap, the password length can be more than 24 characters.
  • The hosting server seems really fast for my flash web sites. I noticed a performance improvement when I ported my web site from GoDaddy to Namecheap.
  • There is one big drawback: The server does go down once in a while. I have my web sites monitored by Site24x7 and my server does go down once in a while for about 2 minutes at a time. My sites go down about once every 2 or 3 days.

Despite down times, I like the speed. I have tried GoDaddy, HostGator,, and Siteground. I am impressed with the speed on Namecheap.

If you’re lucky, you can get the web hosting for 5 domains for $7/year. This is not a typo. As a matter of fact, that is how much I paid for hosting this page.

Namecheap has a two-step authentication.  When authentication is enabled, when you login, Namecheap will send a security code to your phone.  You just need to enter the code to Namecheap and you’re in.

Namecheap does not have a phone number for customer support (I couldn’t find one).  Instead, you can chat with them. The response time is pretty good. When you start a chat, it’ll say that they are busy and it’ll take a while for them to get around to you. Despite the busy message, they have been pretty quick to chat with you. In a way, I prefer chatting instead of calling. Namecheap has been pretty quick to respond.

I went with to try it out.  It had a good reputation and it was cheap to transfer to domains.  The price was $8.25 for one year and it came with free private registration.

The user interface is pretty good. I like it better than Namecheap.

I tried their web hosting. Here are some points:

  • com uses cPanel.
  • Not as quick as Namecheap, but the web performance is pretty good.
  • Customer support response time is only the downer. The turnaround time for web hosting support is about a day. I couldn’t change the default domain on cPanel, so I emailed customer support for the change. They changed it…a day later.

Despite the customer service problem, would be my second choice for web hosting.

There are a couple of things to remember:

  • If you a transfer domain that was renewed within 45 days by the old registrar, will not extend a year to the domain.
  • Customer support by email is 24/7, but not by phone.  Phone support is available from 8am to 8pm Monday to Friday.

One interesting feature of is their two-step validation when you log in. You have to install an app called VIP Access by Symantec VIP on your smartphone.  Your phone will be assigned a credential ID that you have to register with  When you log in, will prompt for a security code.  To get the security code, you open the app on your smartphone. Enter the security code given by the app.  The security codes changes every 30 seconds.


How to set up a WordPress site on GoDaddy

This article assumes that your have a domain registered with GoDaddy and a hosting plan purchased from GoDaddy.

Associate your hosting package to your domain.  From the accounts page, expand Web Hosting and I think you click on Launch next to New Accounts.  You be prompted to choose your domain that the hosting will associate with.  Your FTP username will be given.  You’ll be prompted for a password.  Choose a strong password.  Jot down your username and password.  Press either OK, enter, or continue (I can’t remember which it is.)

Wait a while for the setup to complete.

Once setup is complete, go to your Hosting Details page.  From your accounts page, expand on Web Hosting and select your domain that has the new hosting.  In the Hosting Details page, select Install WordPress.  Select your username, password, and email address.  This is going to be your administrative username when you log in to your WordPress site.  This not your FTP username.  Do not use ‘admin’ as your username.  Hackers try to log in using admin.

Wait awhile for the install to complete.  Once the install is complete, click on Applications.  In the Manage Applications page, press Log In.  Enter your WordPress username and password.  You should enter in the back-end of your WordPress page.

First, install Wordfence Security plugin.  On the left side of the page, go to Plugins->Add New.  In the search box, enter Wordfence and press Search Plugin.  Go to Wordfence Security and press Install Now and press OK.  Then select Activate Plugin.  This plugin is like a firewall plugin.  It adds a layer of security to keep hackers at bay.

You might hear stories about WordPress pages being hacked.  Hackers are out there.  They might find your WordPress page before a search engine does.  So it is a good idea to keep them out.  One time I finished this WordPress web site on a Saturday night.  The hackers were doing there thing on Sunday morning trying to register accounts on my site.  On Monday I think a hacker tried to login as admin 20 times.  Wordfence locked the user out.

Back to Wordfence, go to Wordfence->Options and go down to the Alerts section.  Check everything in the section.  Go down to the Scans to include section and check Scan theme files against repository versions for changes and check  Scan plugin files against repository versions for changes.  Go up to enter your email address of alerts.  Scroll to the bottom and select Save Changes.

Go to Settings->General and uncheck Anyone can register.  While your here, set your time zone and Week Starts On.  Click on Save Changes.

Go to Settings->Permalinks.  Select anything except for default.  WordPress SEO plugin recommends post name.  Better WP Security needs the permalink setting to be other than default.  I use post name.  Select Save Changes.

Install Better WP Security plugin.  Do the same thing as you did with Wordfence except install Better WP Security.  Click on Security on the left side panel.  Click on Create Database.  This backs up your database and emails it to you.  Then select Secure My Site From Basic Attacks.  You’ll be taken to another page.  Address issues that are in red.  For me, number 5 and 6 are in red.  For number 5, click on Click here to change user 1’s ID.  Click on Change User 1 ID.  Go back to Security->Dashboard.  For number 6, click on Click here to rename it.  Click on Change Database Table Prefix.  After you select the button, jot down the table prefix in case you need to restore your database.  Note that the database that was emailed to you has a table prefix of ‘wp_’.  The prefix that you jotted down is the new prefix for your database from here on.  The table prefix is important if you need to restore a database.  Go back to Security->Dashboard.  You can address the yellow warnings.  For me, it is numbers 1, 8, and 9.  For number 1, select Subscriber and select Save Changes.  For number 8, select a range of time that you’ll not be logging in your web site.  For number 9, check Enable Default Banned List and select Add Host and Agent Blacklist.

Now,  remove the Site Admin link.  Go to Appearance->Widgets.  On the Main Sidebar, move the Meta box to the middle side of the screen.  This should get rid of the Site Admin link.

Activate the Askimet plugin.  This plugin should already be installed with WordPress.  This keeps spam away from your comments.  You just need to activate it.  Click on Create New Askimet Key.  Follow the instructions.  Note that the plugin is free.  It’s just when you register for the plugin, Askimet will prompt you for credit card information.  If you don’t want to pay a donation for the plugin, move the slider to the left to zero.  This will make the credit card fields disappear.  Otherwise, you going to pay $36 every year.

It is a good idea to backup your database every so often.  You can schedule a database backup.  Go to Security->Database Backup.  Check on Enabled Scheduled Backups and select Save Changes.  By doing this, you should receive a zip file containing your database in your email account.  The file size of the zip file is probably going to be around 250KB.

That’s about it in setting up WordPress account.  Now you need to create posts and pages.  Check out the following link to know the difference between posts and pages:  This article is a post.  The About page is a page.

The WordPress install comes with the Jetpack plugin which is a collection of tools provided by  I am currently learning to how to use it.  It is a lot of tools.  They are not important to set up your WordPress page.  They are nice to have.

I hope this was helpful.  I am thinking about creating another post on tips on maintaining a WordPress site after it is created.   Stay tuned.

How to restore your WordPress site

The following information is applicable for web hosts on GoDaddy.  Note that GoDaddy has a history feature for the file system.  GoDaddy I think backs up your web site files on a daily basis up to 30 days.  So if you need to restore your files to a previous state, go to the Hosting Details page and click on FTP Manager.  In the FTP File Manager page, click on History.  Click on the calendar icon and pick a previous day.  You should see a snapshot of the file system for that particular day.

If for some reason you need to blow away your WordPress web site and start fresh, all you need is your database.  If you can restore your wp-config.php file that would be better.

You going to need an FTP client.  I use FileZilla.  It’s free.  FileZilla comes with a client and a server.  Install the client, not the server.  Installing the server might open a security risk on your computer.  Connect to your website via FTP.  If you can, connect using a secure connection because regular FTP is unencrypted.  Because of this, you shouldn’t use regular FTP in public wifi’s such as a coffee shop.  I use use FTP with TLS/SSL.  If you don’t know your FTP username and password, contact your hosting provider.

There are two files you should to backup, your database and wp-config.php.  If you can’t back up your wp-config.php, that’s OK.  You can probably go without it.  If you can back up the file, download it to your computer using your FTP client.  The database is a bit tricky.  On GoDaddy, from your account page, go to Web Hosting and expand it.  Select your web site.  In the Hosting Details page, select Databases on the upper right side of the page.  In the Manage Databases page, click on the Actions button associated with your database and then select Back Up.  This will create a backup database, an .sql file, in the _db_backups directory in your web site.  Using your FTP client, download the _db_backups directory to your computer.

Now uninstall WordPress.  On GoDaddy, there should be a button that uninstalls WordPress.  Select it.  After uninstallation is complete, delete all the remaining files on your web site using your FTP client.  Now install WordPress.  Provide a username, password, and email address.  Note this information is going to be useless once you restore your database.

Now backup the current database.  This database was created from the re-installation.  Follow the previous instructions in backing up your current database.  By backing up the current database, the  _db_backups directory gets recreated.  Now, upload your backed up database, not the current database, to the _db_backups directory.  On GoDaddy, in the Manage Databases page, select the Action button and then select Restore.  You should see a list of databases to restore.  Select the backed up database.

That should be it.  Browse your web site and see if it works.  If you get a database connect error or get a welcome page as if you just started from brand new and don’t see your original posts, you might have a table prefix problem.  If you changed your table prefix before backing up your database, you need to modify wp-config.php to set your table prefix.  Check your backed up wp-config.php, look up $table_prefix, and see if it is set to anything other than ‘wp_’.  If it is not ‘wp_’, change $table_prefix on in wp-config.php on your web site to the $table_prefix on your backed up copy.  Don’t replace the wp-config.php on the web site with the backed up copy because the web site copy has database information specific to the current install of WordPress.  If you replace the file, the WordPress installation might lose connection to your database.  After you modified wp-config.php on your web site, save  it.  Reload your web site on your browser and you should be in business.

If you don’t know your table prefix, you can do one of two things.  One is to restore wp-config.php from the FTP History feature and look up the table prefix in there.  The other is to look up the table prefix in the database.

If you want to open a database, on GoDaddy, in the Manage Databases page, select phpMyAdmin.  You’ll be prompted for a username and password.  To get your username and password, open the wp-config.php on your web site and look up DB_USER and DB_PASSWORD.  Once you’re logged in, click on Databases.  Click on your database.  Look under the table column.  You should see a list of tables with the same prefix.  That’s your prefix.

Change the table prefix in wp-config.php and save the file.  Make sure your file permission for wp-config.php is 600.  On FileZilla, right click on wp-config.php on the web site and you should see the numeric value for the file.  Reload your website on your browser and you should be in business.

Note that your username and passwords from your restored database will be restored.  You going to need to log in again to your web site using your restored username and password.  You going to need to reinstall your plugins.  Most of your plugin settings will be restored.  For instance, if you got an API key for a plugin, once your reinstall the plugin, the plugin should see the API key from your restored database.  You should not need to get another API key.