Installing and Upgrading Barebones CMS

Barebones CMS is well-tested to be able to be installed on a wide variety of systems. The primary goal of the installer is to set up the main configuration file and provide feedback on your setup, taking careful note of areas where there could be problems. However, it will never get in the way of an actual installation - it is entirely feasible that an installation can succeed but not work. It is highly recommended that a programmer or a knowledgeable web designer perform installations and upgrades.


There are a number of minimum System Requirements that you must meet to use Barebones CMS. The installer automatically detects these minimum requirements during the installation process, so don't worry about it. The following instructions are geared for those who have never installed an open source web-based product before or just want to know what is involved. Let's get started.

Step 1: Download and Extract

Extracting Barebones CMS with 7-Zip.
Extracting Barebones CMS with 7-Zip.

Visit the Downloads page and download the latest version of the Barebones CMS. Then use a tool like 7-Zip or the built-in Windows ZIP extractor to extract the contents of the ZIP file that was just downloaded to a new directory.

For 7-Zip, right-click on the ZIP file, select the '7-Zip' menu item and then 'Extract to barebones-[ver]\'.

For the Windows ZIP extractor, right-click on the ZIP file, select 'Extract All...' and follow the wizard that appears.

Most tools for extracting ZIP files work more or less the same way.

Step 2: Upload

The next step is to upload the files to the web server that were extracted in the previous step. This is usually accomplished by using a FTP or SFTP client such as FileZilla. Barebones CMS works well in the root for an entire website or a subdirectory for a mini-site or just to try Barebones out.

(Optional, but recommended) Do not upload 'install.php' to a remote web host until you have locked it down so only you can access it. By default, anyone could access the installer while you are uploading and installing. In the same directory as 'install.php', create a new file called 'install_hook.php' and open the newly created file up in your favorite text editor. Copy and paste the following lines of code:

The above code restricts access to the CMS installer to just your IP address. Depending on your firewall and other settings it might not work. However, it should work for most environments.

Upload 'install_hook.php' to the server and then 'install.php'. This guarantees that the hook is in place before the main installer becomes visible to the world and locks down the installer itself.

Step 3: Install

Once all the files have been uploaded, go to the installer. The installer is contained in 'install.php'. You need to start up a web browser session and point it at the correct URL. For example, if Barebones CMS is being installed to the root of the website, the URL might look like ''. Or if it is in a subdirectory named 'testing', the URL might look like ''.

Installation wizard checklist.
Installation wizard checklist.

Once you get the right URL into the browser's address bar, the installation wizard should appear. If you get a blank screen, check to make sure there is no 'config.php' file in the same directory as 'install.php'. The installer locks itself out once the installation is complete so no one can use it for malicious purposes.

Follow the directions in the installer. A lot of things are optional and are merely included for convenience. Read each page carefully.

During installation, the installer will detect your server's settings, determine if there will be problems with using Barebones CMS, and provides a detailed explanation of how to correct each problem. You should attempt to resolve as many problems as possible before installing. Note that the installer will not get in your way should you wish to proceed with the installation and, in many cases, Barebones CMS will work just fine.

During installation, you will be offered the option to obscure the location of the login screen. This is known as security through obscurity, but it adds one more layer to keep hackers out of the system. They first have to find the login screen by randomly guessing the URL.

If you receive a "Warning: Insufficient entropy available to this host" message during installation, this indicates that the installer was unable to obtain enough entropy for creating the two primary seeds used for generating session keys later on. It may be possible for an attacker to more easily guess a session key, but the search space is still very large.

What's Next?

Learn how to use Barebones CMS

Mitigating Known Security Vulnerabilities


Every so often, the core of the CMS will be changed to include new features or fix old ones. The goal of the core Barebones CMS is to provide just enough functionality to do everything - all right from within the web browser. Since every aspect of the Barebones CMS can be extended through Widgets, Shortcodes, and Plugins, the core of the product will, ideally, very rarely change. This is great news to web developers who don't like constantly upgrading a core product not knowing whether their extensions will break (plugins, widgets, etc).

Upgrading the core product is easy. Let's get started.

Step 1: Download and Extract

Visit the Downloads page and download the latest version of the Barebones CMS. Then use a tool like 7-Zip or the built-in Windows ZIP extractor to extract the contents of the ZIP file that was just downloaded to a new directory. This is the same process as the installation procedure.

Step 2: Upload 'login.php'

Overwrite your 'login.php' with the new 'login.php'. Again, this is generally done with a FTP client such as FileZilla.

Step 3: Upload Everything Else

Upload the rest of the files. If the FTP client asks, you want to overwrite existing files.

Step 4: Flush the Cache

Log into the system and click 'Edit' to enter the editor. In the menu on the left, click 'Flush Cache'.

Flush the site cache.
Flush the site cache.

This forces the entire website to regenerate the content on the next page load.

Step 5: Delete Upgrade Cache

This step is completely optional but some people may want to make the announcement for an older version go away when running the latest version. The availability of an upgrade is retrieved once per week and cached. This information may be outdated after an upgrade is performed and appears in the left navigation menu.

The information about upgrades is cached in the file 'upgrade_cache.php'. Simply delete this file to force a refresh of the upgrade availability information on the next editor page load.

What's Next?

If you are using Release Candidate builds (clearly labeled like '1.0rc8'), you should clear your web browser file cache after upgrading to make sure the browser doesn't use outdated files. Step 4 of the upgrade process has nothing to do with the web browser cache.

Other than that, the upgrade process is complete. You may wish to visit a few pages just to make sure nothing is broken.

© CubicleSoft