TCEA 2006 Installing a WAMP Server in 15 Minutes or Less Mark Buckner

Note – the most up-to-date documentation for this session can be found at
www.ntatd.org/mark.

Getting Started:
1. Download the latest XAMPP for Windows package from
http://www.apachefriends.org/en/. I’m using the installer version.
2. Run the installer by double-clicking on it. Take all the defaults except for the
default installation folder (unless you have a reason not to). I install it in
c:\web. The default is c:\program files\xampp, and the space in ‘program
files’ causes problems with paths in some web apps. It won’t install into the
root (c: ) folder. Wait while it installs.
3. I chose to install Apache2 and MySQL as services, but not FileZilla.
4. Test your installation. Open a web browser (I prefer Mozilla Firefox, but this
will work in any browser) and type localhost in the address bar. If you get a
page that says XAMPP, your installation worked.
5. Congratulations! You now have a working WAMP environment.

If that’s all there is to this, why is this presentation 45 minutes long?

Well, you now have a working installation, but it is not secure. To secure your WAMP,
open your web browser and go to localhost again. Click a language link at the bottom (I
chose English, obviously). Now click Security on the left-hand menu. A new page will
open and give you the security status of your server.

Securing Your Server

From http://localhost/security/index.php, you will see several security items for your
server and what their status is. Some of these are very important, some are not. We will
fix the important ones.

Background Information
1. These XAMPP pages are accessible by network for everyone – this means that
anyone on your network can view web pages on your server. Since we are
building a webserver so people can see our web pages, that doesn’t seem like
such a problem to me. The alternative under XAMPP is to set a password for
your webserver. Anyone who tries to see pages on your server will have to
type that password in to get access.

2. The MySQL admin user root has NO password – this is vitally important. If
you don’t set a root password, ANYONE can access your MySQL database as
an administrator. This means they can add data, delete data, or perform SQL
Injection attacks against your server.

3. PhpMyAdmin is freely accessible by network – this is also important. It gives

people access to PhpMyAdmin, a web-based MySQL editor.

Created on 1/11/2006 3:20:00 PM Page 1 of 3

Revised 2/7/2006
TCEA 2006 Installing a WAMP Server in 15 Minutes or Less Mark Buckner

4. A FTP server is not running or is blocked by a firewall! – This is a good thing.

We didn’t start FileZilla, so it’s not running. I prefer to leave this down
until/unless we need it.

5. PHP is NOT running in "safe mode" – I’m not comfortable with safe mode, so
I normally leave this alone. Safe mode turns off some things that most php
programmers take for granted.

6. A POP3 server like Mercury Mail is not running or is blocked by a firewall! –

We don’t have a pop3 server, so this is OK.

Now, let’s fix our security problems. Under the list of security warnings, there is a link:
http://localhost/security/xamppsecurity.php. This will help us fix our problems.

1. Click the link.

2. Set a strong password for MySQL root password (meaning not easily guessed,
with uppercase letters, lowercase letters, numbers, and/or symbols).
3. I set PhpMyAdmin authentication to http.
4. Click the password changing button.
5. If you want to require a password just to view sites on your server, set a
username and password in XAMPP DIRECTORY PROTECTION
(.htaccess).
6. Restart your servers by clicking on the orange X in your system tray, or by
going to Apache Friends->XAMPP->Control XAMPP Server Panel. When it
opens, stop MySQL and start it again. I also restarted Apache just to be safe.
7. Congrats! Your server is now fairly secure.

Let’s Do Something!

Now that we have a secure WAMP server, let’s do something fun with it. We’re going to
install a blogging (web log) program called Wordpress. It is very popular among
bloggers, and it’s easy to install and setup.

1. Download the latest stable version of Wordpress from http://wordpress.org/. I

recommend the .zip file.
2. Unzip the file. You should now have a folder called wordpress. Inside it you
should see several folders (wp-admin, wp-content, and wp-includes) and
several files.
3. Copy your wordpress folder to C:\Program Files\xampp\htdocs.
4. Now it’s time to setup our database.
a. First, we need to create a database. Open your web browser and go to
localhost. Click English.
b. Under tools on the menu, click phpMyAdmin. Enter root as your
username, and the password you set for MySQL.
c. When phpMyAdmin opens, type wordpress in the Create new database
box and press Create.

Created on 1/11/2006 3:20:00 PM Page 2 of 3

Revised 2/7/2006
TCEA 2006 Installing a WAMP Server in 15 Minutes or Less Mark Buckner

d. In the Database drop-down box on the left, choose wordpress(0).

e. Click Privileges on the right.
f. Click Add a new user.
g. User name: wordpress
h. Host: Any host
i. Password: choose a password
j. Click Check All to check all the boxes.
k. Click Go.
l. Close your web browser.
5. With our database setup, it’s time to install WordPress. In your WordPress
folder (C:\Program Files\xampp\htdocs\wordpress), open wp-config-
sample.php with notepad. At the top of the file, you will see four define
statements. These set your database config. Edit them to fit your database.
(You should only have to change the username and password) Save it as wp-
config.php when you are done.
6. Open your web browser and go to http://localhost/wordpress/wp-
admin/install.php.
7. Click First Step. Enter a title for your blog and an e-mail address.
8. Click to go to the second step. Make a note of the username and password it
gives you. Username: admin Password: a random password. Make sure you
write this down, or you won’t be able to login. You can change it later.
Congrats! You now have a working WordPress blog. Click users at the top to
change your password.

Created on 1/11/2006 3:20:00 PM Page 3 of 3

Revised 2/7/2006