Installing WordPress in cPanel (Two Methods)

There are two reliable ways to install WordPress on iWebVault cPanel hosting: the Softaculous one-click installer, and the manual installation using cPanel’s built-in tools. Both work; one is faster and one gives you more control over the process. This guide covers both, plus the post-install steps that take a fresh WordPress install from “running” to “production-ready.”

Which method should you use?

For 95% of customers, Softaculous is the right choice — it produces an identical WordPress install in a fraction of the time. Pick manual if you specifically want full control over the database name, table prefix, file structure, or want to install a specific WordPress version other than the current release.

Before you start

Two prerequisites for either method:

• Domain pointed to iWebVault. Your domain’s nameservers should be ns1.iwebvault.com and ns2.iwebvault.com, and propagation should be complete (test by opening your domain in a browser — even a “blank cPanel page” confirms DNS is pointing here).
• cPanel access. The login URL is in your welcome email, typically https://[server-hostname]:2083.

Method 1 — Softaculous (recommended)

Softaculous is an auto-installer integrated with cPanel that handles database creation, file deployment, and the WordPress configuration wizard in one form.

1. Log into cPanel and scroll to the Software section. Click Softaculous Apps Installer.
2. Find WordPress. It’s usually the first icon. Click it, then click Install Now.
3. Choose your protocol: select https:// (not http://). Critical — installing under http:// creates configuration headaches later when you enable SSL. Choose www or non-www depending on your preference (most sites use non-www).
4. Choose your domain from the dropdown.
5. “In Directory” field — leave this blank if you want WordPress at the root of your domain (e.g. yourdomain.com). Set it to blog if you want WordPress at yourdomain.com/blog. Don’t leave the default value of wp unless you actually want the URL to be yourdomain.com/wp.
6. Site name and description — use your real site name; you can change it later but it’s easier to set it right now.
7. Admin account — this is the most important field. Set:
   • Username: not admin. Pick something unique. Bots try admin first on every WordPress site they find.
   • Password: at least 16 characters, generated by your password manager.
   • Email: a real address you check. Used for password resets and security notifications.
8. Language — your preference. Defaults to English.
9. Select Plugins — uncheck “Limit Login Attempts” if Softaculous offers it; we’ll recommend a better choice below. Otherwise leave defaults.
10. Advanced Options (expand it) — change the Table Prefix from wp_ to something custom like iwv_. This is a one-time security improvement; you can’t change it easily later.
11. Click Install. Wait 30 seconds. You’ll get a success page with two URLs — one is your site, the other is the admin dashboard.

That’s it. WordPress is installed. Skip down to the post-install hardening section.

Method 2 — Manual installation

If you want full control — for example, you’re learning the stack, or your workflow requires a specific WordPress version — install manually.

2.1 Create a database

1. In cPanel, go to Databases → MySQL Databases.
2. Under Create New Database, enter a name. cPanel will prefix it with your account name (e.g. cpaneluser_wpsite). Click Create Database.
3. Scroll to Add New User. Set a username and a strong password (your password manager again). Click Create User.
4. Scroll to Add User to Database. Select the user and database you just created, click Add, then on the next screen check All Privileges and submit.

Write down (in your password manager): the full database name, full username, and password. WordPress will ask for all three in a minute.

2.2 Upload WordPress

1. Download the latest WordPress from wordpress.org/download — it’ll be a zip file.
2. In cPanel, open Files → File Manager, navigate to public_html/, and upload the zip.
3. Right-click the uploaded zip and choose Extract. This creates a wordpress/ folder.
4. Open the new folder, select all files, and use the Move button to move them up into public_html/. Delete the now-empty wordpress/ folder and the zip file.

2.3 Run the five-minute install

1. Visit your domain in a browser. WordPress will detect a fresh install and start its setup wizard.
2. Select your language and click Continue.
3. On the database connection page, enter the database name, username, and password you noted above. Database host stays as localhost. Set the table prefix to iwv_ (or any custom value) instead of wp_.
4. Click Submit, then Run the installation.
5. Set your admin username (not admin), strong password, site title, and admin email. Click Install WordPress.

Done. WordPress is running. Now make it production-ready.

Post-install hardening (do this immediately)

A default WordPress install is not production-ready until you’ve done the following five things. Each takes under five minutes.

1. Force HTTPS. If you installed via Softaculous with https://, SSL is already on. Otherwise install a free Let’s Encrypt certificate via cPanel → Security → SSL/TLS Status and enable “Force HTTPS Redirect”.
2. Install a security plugin. Wordfence (free) or Solid Security are the standard choices. Both block malicious login attempts, scan for malware, and alert on file changes.
3. Configure automatic backups. Either via cPanel’s JetBackup (included on most plans), a plugin like UpdraftPlus, or your control panel’s built-in backup tool. Don’t rely on the host as your only backup.
4. Remove the default content. WordPress ships with a “Hello world!” post, a sample page, and unused themes (Twenty Twenty-Three, Twenty Twenty-Two, etc). Delete what you won’t use.
5. Enable two-factor authentication. Built into most security plugins. Adds 10 seconds to your login and prevents about 99% of credential-stuffing attacks.

For the full security walkthrough, see our guide on hardening your WordPress site on iWebVault hosting.

Common installation issues

“Error establishing a database connection” — your database credentials are wrong. Double-check the database name, username, and password in wp-config.php. Remember cPanel prefixes the name (e.g. cpaneluser_wpsite, not just wpsite).

White screen of death after install — usually a PHP version mismatch or memory limit. Go to cPanel → Software → Select PHP Version, set PHP to 8.2 or 8.3, and the memory limit to 256M.

SSL warning after install — if your URL was set as http:// during install but you have an SSL cert active, update the Site URL under WordPress Admin → Settings → General, then run the LiteSpeed cache purge (if installed) or clear browser cache.

“Briefly unavailable for scheduled maintenance” — a previous update was interrupted. Connect via File Manager or FTP, navigate to public_html/, and delete the file called .maintenance. Site comes back instantly.

What’s next

With WordPress installed and hardened, the next things worth doing depend on your use case:

• Sending email from WordPress (contact forms, password resets, woo notifications)? Read our email deliverability guide before your first campaign.
• Building a high-traffic site? Enable the LiteSpeed Cache plugin (free, optimized for our LiteSpeed servers) and configure a CDN.
• Worried about getting hacked? The WordPress hardening guide covers the full list of security measures.

Stuck on anything specific? Open a ticket — include the error message and what you’ve tried, and we’ll get you running.