Pick our brains...

Create a Blank WordPress Sandbox

Creation of a new, blank Wordpess sandbox is useful for wireframing or trying out new themes and/or plugins. Because we are not migrating any content from an existing site, this process is easy, and can be done with GUI tools.

Overview of Steps

  1. Create a space on the server where we will put the actual files
  2. Create a Database to store the content
  3. Add the files we will be using (WordPress Core)
  4. Setup wp-config.php
  5. Run the installer
  6. Final Tweaks for Profit!

Creating Space on the Server

Naming Convention

Sandboxes are usually located on a subdomain. Since we are making this sandbox on peacefulmedia.com, we’ll want to make sure that we make it in a way that is similar to what is already there. If we were to login to peacefulmedia.com using Filezilla, we would see that the naming convention is ‘public_html_sandbox1’ where ‘sandbox1’ is the subdomain:

Creating the Sub Domain

To create the Sub Domain, login to cPanel and navigate to the ‘Subdomains’ section:


Name the subdomain something meaningful, and be sure to pay attention to where the subdomain will be located. The subdomain creation form wants to put our new subdomain below public_html. We want the subdomain to be at the same level as the other subdomains on our server.

Once we click create, we can look at our files on the server with Filezilla and see that our subdomain is located at the same level as the other sites, and uses our naming convention. Of course navigating there using our web browser won’t work because there aren’t any files. But that is next. Good job!


Create the Database

From cPanel, we can create a new database by using the ‘MySQL Database Wizard’.

Create the database and the MySQL user who will have access to this database. Remember to write down these creds in the cred sheet as you will need them later when you configure WordPress with the wp-config.php file.

Note: In this example the DB username isn’t the same as the database name. The only reason for this is that there is a limit to the length of the username. The important thing is to write these things down in the cred sheet.


Add WordPress Core Files

You can download the latest version of WordPress from http://wordpress.org/latest.zip

Unzip this file into a folder on you local machine and then using Filezilla, upload those files to where our sandbox exists on the server. In this example ‘/home/peaceful/public_html_100kacademy


Setup wp-config.php

Open up the file wp-config-sample.php and add the information to connect to the database that we created.


Goto https://api.wordpress.org/secret-key/1.1/salt/ to get unique authentication keys.


Save this file as wp-config.php.

Now upload this file to the server.


Run the Installer

Once wp-config.php has been uploaded, WordPress can communicate with the database and we can install our test site. Simply navigate to the url where your sandbox is, in our case it is located at http://100kacademy.peacefulmedia.com.

WordPress is smart enough to determine it hasn’t been installed yet and should display the ‘5 Minute Install’ page. Simply fill out the details for the first user, (who will be the administrator) and click ‘Install WordPress’.



Final Tweaks

Allowing File Uploads

Our server at peacefulmedia.com is configured somewhat differently than you may be used to on other WordPress installations. In order to all media uploads we need to adjust the folder permissions of the uploads folder.

Out of the box, a new WordPress installation does not have the uploads folder, so we need to create it, and set the correct permissions. Using Filezilla, navigate to the wp-content folder and create a new folder called uploads:

Right click the uploads folder and select ‘File Permissions…

With these folder permissions on only the uploads folder, we can now upload media from the WP backend.

In the WP admin area, navigate to Settings > Permalinks.

Change the permalinks to something else.

Create a new file names .htaccess (notice the dot in the beginning) and paste the code that it tells you inside.

And Upload!

Password Protect to Prevent Google from Indexing

This last thing isn’t really a security issue, rather it is a way to prevent search engines from indexing our test site. This is important because of SEO related issues.

Basically, if search engines have the same content at two different urls, the both sites’ rankings will decrease. In the beginning with dummy content this isn’t an issue. however once you start adding content that is unique and coming from a client, we want to make sure this temporary site isn’t indexed.

To do this login to cPanel, and navigate to Password Protect Directories.

Select the directory we want to protect, in this example 100kacademy.peacefulmedia.com.

Set the name and create a username and password. Update your cred sheet! Since this isn’t really about security, rather just a means to keep the bots out, I don’t worry so much about ‘hard to break’ passwords. Pick something that is memorable and go with it.

Update your cred sheet!