When it comes to the web, ExpressionEngine is preferred by companies of all sizes for 5 major reasons: It is secure, reliable, supportive, easy to use, and most importantly, flexible. In this tutorial, we cover the following areas:
Install ExpressionEngine
Extra security
Installing Add-ons
Creating Upload Directory
Post-Installation Best Practices
Further reading:
ExressionEngine Search Engine Optimization
How to Use ImageSizer to Scale Lightbox Gallery Images in ExpressionEngine
How to secure your ExpressionEngine Website
Tips for optimizing ExpressionEngine website for better performance
What are the Things You Can Do With ExpressionEngine?
Step 1 - Install ExpressionEngine
.Pre-Flight Check
Important: If you need to update your installation from an earlier version, see the Update Instructions instead.
Before getting started, make sure your web host and your browser meet all the System Requirements to run ExpressionEngine.
1. Prep the Database
You’ll need an empty database and the following credentials handy to install ExpressionEngine. If you’re not sure how to create a new database or find this information, ask your web host.
MySQL Database Name
MySQL Server Address (often 127.0.0.1 or localhost or the server IP address)
MySQL Username
MySQL Password
Further reading:
ExressionEngine Search Engine Optimization
How to Use ImageSizer to Scale Lightbox Gallery Images in ExpressionEngine
How to secure your ExpressionEngine Website
Tips for optimizing ExpressionEngine website for better performance
What are the Things You Can Do With ExpressionEngine?
2. Upload the Files
Download the latest release of ExpressionEngine and unzip the files to a folder on your computer. Then use your favorite FTP client to upload the files to a publicly-accessible directory on your server.
3. Set File Permissions
You need to enable write access to the following files and folders.
For Apache, that would be 666 for files and 777 for directories, in a worst-case scenario. You should check with your web host to see if more restrictive permissions can be used to allow PHP to write to files and directories. See File Permissions for details.
For IIS, provide all permissions to the IIS user for these files and directories.
system/ee/
system/ee/* (only top-level files and directories need modifying)
system/user/config/config.php
system/user/cache/
system/user/templates/
images/avatars/
images/captchas/
images/member_photos/
images/pm_attachments/
images/signature_attachments/
images/uploads/
themes/ee/
themes/ee/* (only top-level files and directories need modifying)
themes/user/
Tip: On a Unix based system, you can use the following pattern in your terminal to set permissions recursively to what you need for folders and files. In this example, we are setting all directories in system/ee to 755 and all files therein to 644, recursively:
find system/ee \( -type d -exec chmod 755 {} \; \) -o \( -type f -exec chmod 644 {} \; \)
4. Run The Installation Wizard
Point your browser to the URL of the admin.php file you uploaded. For example: https://example.com/admin.php.
Follow the on-screen instructions to install ExpressionEngine. Once the Installation Wizard is finished, you should rename or remove the system/ee/installer/ directory from your server.
Tip: If you choose not to install the default theme, your site’s homepage will appear blank because no templates or content has been created yet.
You can now log in to your Control Panel at https://example.com/admin.php!
Further reading:
ExressionEngine Search Engine Optimization
How to Use ImageSizer to Scale Lightbox Gallery Images in ExpressionEngine
How to secure your ExpressionEngine Website
Tips for optimizing ExpressionEngine website for better performance
What are the Things You Can Do With ExpressionEngine?
Post-Installation Best Practices
Once you are confident that ExpressionEngine is working normally on your server, we recommend a few best practices for protecting your installation against common security risks.
Extra security
Making EE a little extra secure is something we like to do for all the sites we develop. No site can be 100% secure but these few techniques provide some extra protection for your site. Out of the box ExpressionEngine is solid and doesn't have any major security flaws. But with the extensibility of EE, introducing a flaw during custom modifications can happen.
Please makes sure to check permissions on the folders and files listed in the Ellislab instructions after you complete the following steps.
First is move the 'system' folder above the web root.
Here you see the web root is public_html. This means anything in the public_html directory can be seen by the public via a web browser. So pushing the 'system' folder (renamed here to sys) above web root, it is completely inaccessible to the internet.
After moving the 'system' folder we like to rename it. You can name it anything you like, for this example we are naming it 'sys'.
Once you've moved the 'system' folder or 'sys' as we renamed it, you'll want to make 2 slight changes in two files, the admin.php and index.php. Opening both of those up you'll see '$system_path = './system';'. This is targeting the old system folder before we moved it. Now that we have you'll want to change that to "$system_path = '../sys';". Notice the extra period and again the renamed folder. This allows EE to access the system folder but keeps the folder from being accessed via web browser.
$system_path = '../sys';
Next step we like to take is creating an 'admin' folder, placing the admin.php file in the folder and renaming it 'index.php'. This provides us with a cleaner, more user-friendly url for our clients. Once you move that file, open it once again and look for "$system_path = '../sys';" and change it to "$system_path = '../../sys';". This will allow the control panel to go up 2 folders to the 'sys' folder.
$system_path = '../../sys';
Installing Add-ons
Now that you have ExpressionEngine installed and ready to go we can now install a few add-ons. These add-ons are a part of our default EE installs. The following are the add-ons we are going to install.
Channel Images
WYGWAM
Installing add-ons is pretty easy, first you'll want to follow the uploading instructions for each of the add-ons; Channel Images, and WYGWAM; then log into your newly installed EE site. Once logged in click on Developer and click on Add-On Manager in the dropdown. Click install for Channel Images and WYGWAM to the right and they will install automatically.
Creating Upload Directory
After installing EE and the add-ons listed above, we want to go ahead and create a file directory for our blog. This is where any images we upload when posting to the blog will go. We also want to do this now instead of during our Channel set up so we don't have to double back to create it when we are creating any channel fields.
To create this directory, click Files.
On the File Manager page you'll notice there aren't any upload destinations created. To create one click the New button.
Make sure you have created this directory on your server (or localhost). We created our upload directory in 'assets/uploads'. Once you've done that you will need to put in a few items so that this upload destination points to that directory on your server. Name the upload directory Blog, make sure to fill in the server path and URL. For this directory we are only uploading images so the 'Allowed File Types' stays as is as well as the rest of the settings. Click the 'Save Upload Directory' button at the bottom and the upload destination has been created.
By following the 4 steps above you'll be well on your way to creating a blog section using ExpressionEngine. Be sure to check back next week as Part 2 of How to Create a Blog using ExpressionEngine will cover Channel Fields, Categories and Channels.
ExpressionEngine is a content management system, which put simply, is a group of applications that allows organizations to effortlessly create, edit, review, and publish website content, without needing to have knowledge of code. ExpressionEngine gives you the freedom to build custom and unique websites and is a very secure platform. That is where ExpressionEngine comes and takes the lead.
Post-Installation Best Practices
Increasing Security
Renaming the System Directory
Moving the System Directory Above Webroot
Renaming admin.php
Removing index.php from your URLs
Increasing Security
ExpressionEngine’s system files and directories are typically safe from direct HTTP access on a properly configured server.
However, for increased security we recommend that the system folder either be renamed or moved entirely above the public web root folder (commonly named public_html or referred to as simply “webroot”) and that admin.php be renamed as well. This document describes the renaming process.
Renaming the System Directory
This is an easily followed procedure that makes it difficult for the location of your system folder to be known.
FTP to your server and change the name of the system folder to something else that is not easily guessed. For example, let’s say you’ve renamed it to dazzle.
Open index.php and admin.php (both found in your site’s root) and update the name of the system directory in both files:
$system_path = './dazzle';
Moving the System Directory Above Webroot
This is a more advanced procedure that provides even better security, but is not supported in all environments.
FTP to your server and move the entire system folder above webroot, but still within your user’s account folder.
Open index.php and admin.php (both found in your site’s root) and update the relative path to the system directory in both files. Here’s an example:
Before
Your folder structure looked like:
+-- public_html
+-- admin.php
+-- index.php
+-- images
+-- system
+-- themes
And the paths in index.php and admin.php having:
$system_path = './system';
After
Now your your folder structure looks like:
+-- public_html
| +-- admin.php
| +-- index.php
| +-- images
¦ +-- themes
+-- system
And the path in index.php and admin.php now have:
$system_path = '../system';
Note the extra period, indicating that the system folder is now one level up, above webroot where it cannot be directly accessed from a web browser.
Note: There may also be some areas in the Control Panel where you will need to update the server path. For example:
Settings --> URL and Path Settings
Files
Renaming admin.php
In the same way that we’ve renamed the system folder (or moved it above webroot entirely) it is recommended that you rename admin.php to something less obvious as well.
FTP to your server and change the name of the admin.php file to something else that is not easily guessed. For example, let’s say you’ve renamed it to razzle.php.
Visit Settings --> URL and Path Settings and update the Control Panel URL setting. Alternatively you can open system/user/config/config.php (or whatever you have renamed the system folder to) and update the URL using the cp_url override:
$config['cp_url'] = "https://example.com/razzle.php";
Removing index.php from your URLs
ExpressionEngine is invoked whenever the web server requests the main index.php file. You can configure your server to invoke this file without having it appear in the URL. See Removing index.php from URLs for details on how to accomplish this.