The installer security screen will allow for basic password protection on the installer. The password is set at package creation time. The password input on this screen must be entered before proceeding with an install. This setting is optional and can be turned on/off via the package creation screens.

If you do not recall the password then login to the site where the package was created and click the details of the package to view the original password. To validate the password just typed you can toggle the view by clicking on the lock icon. For detail on how to override this setting visit the online FAQ for more details.

Option	Details
Locked	"Locked" means a password is protecting each step of the installer. This option is recommended on all installers that are accessible via a public URL but not required.
Unlocked	"Unlocked" means that if your installer is on a public server that anyone can access it. This is a less secure way to run your installer. If you are running the installer very quickly then removing all the installer files, then the chances of exposing it is going to be low depending on your sites access history. While it is not required to have a password set it is recommended. If your URL has little to no traffic or has never been the target of an attack then running the installer without a password is going to be relatively safe if ran quickly. However, a password is always a good idea. Also, it is absolutely required and recommended to remove all installer files after installation is completed by logging into the WordPress admin and following the Duplicator prompts.

Option

Details

Locked

"Locked" means a password is protecting each step of the installer. This option is recommended on all installers that are accessible via a public URL but not required.

Unlocked

"Unlocked" means that if your installer is on a public server that anyone can access it. This is a less secure way to run your installer. If you are running the installer very quickly then removing all the installer files, then the chances of exposing it is going to be low depending on your sites access history.

While it is not required to have a password set it is recommended. If your URL has little to no traffic or has never been the target of an attack then running the installer without a password is going to be relatively safe if ran quickly. However, a password is always a good idea. Also, it is absolutely required and recommended to remove all installer files after installation is completed by logging into the WordPress admin and following the Duplicator prompts.

Note: Even though the installer has a password protection feature, it should only be used for the short term while the installer is being used. All installer files should and must be removed after the install is completed. Files should not to be left on the server for any long duration of time to prevent any security related issues.

There are currently several modes that the installer can be in. The mode will be shown at the top of each screen. Below is an overview of the various modes.

Option	Details
Standard Install	This mode indicates that the installer and archive have been placed into an empty directory and the site is ready for a fresh/new redeployment. This is the most common mode and the mode that has been around the longest.
Standard Install Database Only	This mode indicates that the installer and archive were manually moved or transferred to a location and that only the Database will be installed at this location.
Overwrite Install	This mode indicates that the installer was started in a location that contains an existing site. With this mode the existing site will be overwritten with the contents of the archive.zip/daf and the database.sql file. This is an advanced option and users should be pre-paired to know that state of their database and archive site files ahead of time.
Overwrite Install Database Only ^pro	This mode indicates that the installer was started in a location that contains an existing site. With this mode the existing site will be overwritten with the contents of the database.sql file. This is an advanced option and users should be pre-paired to know that state of their database and site files ahead of time.

Step 1 of the installer is separated into four sections for pro and three for lite. Below is an overview of each area:

Validation

This section shows the installers system requirements and notices. All requirements must pass in order to proceed to Step 2. Each requirement will show a Pass/Fail status. Notices on the other hand are not required in order to continue with the install.

Notices are simply checks that will help you identify any possible issues that might occur. If this section shows a Good/Warn for various checks. Click on the title link and read the overview for how to solve the test.

Multisite ^pro

The multisite option allows users with a Pro Business or Gold license to perform additional multi-site tasks. All licenses can backup & migrate standalone sites and full multisite networks. Multisite Plus+ (business and above) adds the ability to install a subsite as a standalone site.

Options

The options for step 1 can help better prepare your site should your server need additional settings beyond most general configuration.

Option	Details
General Options
Extraction	Manual Archive Extraction Set the Extraction value to "Manual Archive Extraction" when the archive file has already been manually extracted on the server. This can be done through your hosts control panel such as cPanel or by your host directly. This setting can be helpful if you have a large archive files or are having issues with the installer extracting the file due to timeout issues. PHP ZipArchive This extraction method will use the PHP ZipArchive code to extract the archive zip file. Shell-Exec Unzip This extraction method will use the PHP shell_exec to call the system unzip command on the server. This is the default mode that is used if its avail on the server.
Permissions	All Files: Check the 'All Files' check-box and enter in the desired chmod command to recursively set the octal value on all the files being extracted. Typically this value is 644 on most servers and hosts. All Directories: Check the 'All Directories' check-box and enter in the desired chmod command to recursively set octal value on all the directories being extracted. Typically this value is 755 on most servers and hosts. Note: These settings only apply to Linux operating systems
Advanced Options
Safe Mode	Safe mode is designed to configure the site with specific options at install time to help over come issues that may happen during the install were the site is having issues. These options should only be used if you run into issues after you have tried to run an install. Basic: This safe mode option will disable all the plugins at install time. When this option is set you will need to re-enable all plugins after the install has full ran. Advanced: This option applies all settings used in basic and will also de-activate and reactivate your theme when logging in for the first time. This options should be used only if the Basic option did not work.
Config Files	When dealing with configuration files (.htaccess, web.config and .user.ini) the installer can apply different modes: Create New: This is the default recommended option which will create either a new .htaccess or web.config file. The new file is streamlined to help guarantee no conflicts are created during install. The config files generated with this mode will be simple and basic. The WordFence .user.ini file if present will be removed. Restore Original: This option simply renames the .htaccess__[HASH] or web.config.orig files to .htaccess or web.config. The .orig files come from the original web server where the package was built. Please note this option will cause issues with the install process if the configuration files are not properly setup to handle the new server environment. This is an advanced option and should only be used if you know how to properly configure your web servers configuration. Ignore All:* This option simply does nothing. No files are backed up, nothing is renamed or created. This advanced option assumes you already have your config files setup and know how they should behave in the new environment. When the package is build it will always create a .htaccess__[HASH] or web.config.orig. Since these files are already in the archive file they will show up when the archive is extracted. Additional Notes: Inside the archive.zip will be a copy of the original .htaccess (Apache) or the web.config (IIS) files that were setup with your packaged site. They are both renamed to .htaccess__[HASH] and web.config.orig. When using either 'Create New' or 'Restore Original' any existing config files will be backed up with a .bak extension. None of these changes are made until Step 3 is completed, to avoid any issues the .htaccess might cause during the install
File Times	When the archive is extracted should it show the current date-time or keep the original time it had when it was built. This setting will be applied to all files and directories.
Logging	The level of detail that will be sent to the log file (installer-log.txt). The recommend setting for most installs should be 'Light'. Note if you use Debug the amount of data written can be very large. Debug is only recommended for support.

Notices

To proceed with the install users must check the checkbox labeled " I have read and accept all terms & notices". This means you accept the term of using the software and are aware of any notices.

Basic/cPanel:

There are currently two options you can use to perform the database setup. The "Basic" option requires knowledge about the existing server and on most hosts will require that the database be setup ahead of time. The cPanel option is for hosts that support cPanel Software. This option will automatically show you the existing databases and users on your cPanel server and allow you to create new databases directly from the installer.

cPanel Login ^pro

The cPanel connectivity option is only available for Duplicator Pro.

Option	Details
Host	This should be the primary domain account URL that is associated with your host. Most hosts will require you to register a primary domain name. This should be the URL that you place in the host field. For example if your primary domain name is "mysite.com" then you would enter in "https://mysite.com:2083". The port 2038 is the common port number that cPanel works on. If you do not know your primary domain name please contact your hosting provider or server administrator.
Username	The cPanel username used to login to your cPanel account. This is not* the same thing as your WordPress administrator account*. If your unsure of this name please contact your hosting provider or server administrator.
Password	The password of the cPanel user
Troubleshoot	Common cPanel Connection Issues: - Your host does not use cPanel Software - Your host has disabled cPanel API access - Your host has configured cPanel to work differently (please contact your host) - View a list of valid cPanel Supported Hosts

Setup

The database setup options allow you to connect to an existing database or in the case of cPanel connect or create a new database.

Option	Details
Action	Create New Database: Will attempt to create a new database if it does not exist. When using the 'Basic' option this option will not work on many hosting providers as the ability to create new databases is normally locked down. If the database does not exist then you will need to login to your control panel and create the database. If your host supports 'cPanel' then you can use this option to create a new database after logging in via your cPanel account. Connect and Remove All Data: This options will DELETE all tables in the database you are connecting to. Please make sure you have backups of all your data before using an portion of the installer, as this option WILL remove all data. Connect and Backup Any Existing Data:^pro This options will RENAME all tables in the database you are connecting to with a prefix of "". Manual SQL Execution:^pro This options requires that you manually run your own SQL import to an existing database before running the installer. When this action is selected the dup-database__[hash].sql file found inside the dup-installer folder of the archive.zip file will NOT be ran. The database your connecting to should already be a valid WordPress installed database. This option is viable when you need to run advanced search and replace options on the database.
Host	The name of the host server that the database resides on. Many times this will be 'localhost', however each hosting provider will have it's own naming convention please check with your server administrator or host to valid for sure the name needed. To add a port number just append it to the host i.e. 'localhost:3306'.
Database	The name of the database to which this installation will connect and install the new tables and data into. Some hosts will require a prefix while others do not. Be sure to know exactly how your host requires the database name to be entered.
User	The name of a MySQL database server user. This is special account that has privileges to access a database and can read from or write to that database. This is not* the same thing as your WordPress administrator account*.
Password	The password of the MySQL database server user.

Options

Option	Details
Prefix^pro*	By default, databases are prefixed with the cPanel account's username (for example, myusername_databasename). However you can ignore this option if your host does not use the default cPanel username prefix schema. Check the 'Ignore cPanel Prefix' and the username prefixes will be ignored. This will still require you to enter in the cPanels required setup prefix if they require one. The checkbox will be set to read-only if your host has disabled prefix settings. Please see your host full requirements when using the cPanel options.
Legacy	When creating a database table, the Mysql version being used may not support the collation type of the Mysql version where the table was created. In this scenario, the installer will fallback to a legacy collation type to try and create the table. This value should only be checked if you receive an error when testing the database. For example, if the database was created on MySQL 5.7 and the tables collation type was 'utf8mb4_unicode_520_ci', however your trying to run the installer on an older MySQL 5.5 engine that does not support that type then an error will be thrown. If this option is checked then the legacy setting will try to use 'utf8mb4_unicode_520', then 'utf8mb4', then 'utf8' and so on until it runs out of options. For more information about this feature see the online FAQ question titled "What is compatibility mode & 'unknown collation' errors"
Spacing	The process will remove utf8 characters represented as 'xC2' 'xA0' and replace with a uniform space. Use this option if you find strange question marks in you posts
Mode	The MySQL mode option will allow you to set the mode for this session. It is very useful when running into conversion issues. For a full overview please see the MySQL mode documentation specific to your version.
Objects	Allow or Ignore objects for 'Views', 'Stored Procedures", and 'DEFINER' statements. Typically the defaults for these settings should be used. In the event you see an error such as "'Access denied; you need (at least one of) the SUPER privilege(s) for this operation" then changing the value for each operation should be considered.
Charset	When the database is populated from the SQL script it will use this value as part of its connection. Only change this value if you know what your databases character set should be.
Collation	When the database is populated from the SQL script it will use this value as part of its connection. Only change this value if you know what your databases collation set should be.

^{*cPanel Only Option}

Validation

Testing the database connection is important and can help isolate possible issues that may arise with database version and compatibility issues.

Option	Details
Test Database	The 'Test Database' button will help validate if the connection parameters are correct for this server and help with details about any issues that may arise.
Troubleshoot	Common Database Connection Issues: - Double check case sensitive values 'User', 'Password' & the 'Database Name' - Validate the database and database user exist on this server - Check if the database user has the correct permission levels to this database - The host 'localhost' may not work on all hosting providers - Contact your hosting provider for the exact required parameters - Visit the online resources 'Common FAQ page'

Option

Details

Test
Database

The 'Test Database' button will help validate if the connection parameters are correct for this server and help with details about any issues that may arise.

Troubleshoot

Common Database Connection Issues:
- Double check case sensitive values 'User', 'Password' & the 'Database Name'
- Validate the database and database user exist on this server
- Check if the database user has the correct permission levels to this database
- The host 'localhost' may not work on all hosting providers
- Contact your hosting provider for the exact required parameters
- Visit the online resources 'Common FAQ page'

New Settings

These are the new values (URL, Path and Title) you can update for the new location at which your site will be installed at.

Replace ^pro

This section will allow you to add as many custom search and replace items that you would like. For example you can search for other URLs to replace. Please use high caution when using this feature as it can have unintended consequences as it will search the entire database. It is recommended to only use highly unique items such as full URL or file paths with this option.

Options

Option	Details
New Admin Account
Username	A new WordPress username to create. This will create a new WordPress administrator account. Please note that usernames are not changeable from the within the UI.
Password	The new password for the new user. Must be at least 6 characters long.
Scan Options
Cleanup ^pro	The checkbox labeled Remove schedules & storage endpoints will empty the Duplicator schedule and storage settings. This is recommended to keep enabled so that you do not have unwanted schedules and storage options enabled.
Old URL	The old URL of the original values that the package was created with. These values should not be changed, unless you know the underlying reasons
Old Path	The old path of the original values that the package was created with. These values should not be changed, unless you know the underlying reasons
Site URL	For details see WordPress Site URL & Alternate Directory. If you're not sure about this value then leave it the same as the new setup URL.
Scan Tables	Select the tables to be updated. This process will update all of the 'Old Settings' with the new 'Setup' settings. Hold down the 'ctrl key' to select/deselect multiple.
Activate Plugins	These plug-ins are the plug-ins that were activated when the package was created and represent the plug-ins that will be activated after the install.
Update email domains	The domain portion of all email addresses will be updated if this option is enabled.
Full Search	Full search forces a scan of every single cell in the database. If it is not checked then only text based columns are searched which makes the update process much faster. Use this option if you have issues with data not updating correctly.
Post GUID	If your moving a site keep this value checked. For more details see the notes on GUIDS. Changing values in the posts table GUID column can change RSS readers to evaluate that the posts are new and may show them in feeds again.
Cross search ^pro	This option enables the searching and replacing of subsite domains and paths that link to each other. Check this option if hyperlinks of at least one subsite point to another subsite. Uncheck this option there if there are at least subsites and no subsites hyperlinking to each other (Checking this option in this scenario would unnecessarily load your server). Check this option If you unsure if you need this option.
Max size check for serialize objects	Large serialized objects can cause a fatal error when Duplicator attempts to transform them. If a fatal error is generated, lower this limit. If a warning of this type appears in the final report DATA-REPLACE ERROR: Serialization ENGINE: serialize data too big to convert; data len: XXX Max size: YYY DATA: ..... And you think that the serialized object is necessary you can increase the limit or set it to 0 to have no limit.
WP-Config File
Config SSL	Turn off SSL support for WordPress. This sets FORCE_SSL_ADMIN in your wp-config file to false if true, otherwise it will create the setting if not set. The "Enforce on Login" will turn off SSL support for WordPress Logins.
Config Cache	Turn off Cache support for WordPress. This sets WP_CACHE in your wp-config file to false if true, otherwise it will create the setting if not set. The "Keep Home Path" sets WPCACHEHOME in your wp-config file to nothing if true, otherwise nothing is changed.

Final Steps

Review Install Report
The install report is designed to give you a synopsis of the possible errors and warnings that may exist after the installation is completed.

Test Site
After the install is complete run through your entire site and test all pages and posts.

Final Security Cleanup
When completed with the installation please delete all installation files. Leaving these files on your server can be a security risk! You can remove all these files by logging into your WordPress admin and following the remove notification links or by deleting these file manually. Be sure these files/directories are removed. Optionally it is also recommended to remove the archive.zip/daf file.

dup-installer
installer.php
installer-backup.php
dup-installer-bootlog__[HASH].txt
archive.zip/daf

Common Quick Fix Issues:

Use a Duplicator approved hosting provider
Validate directory and file permissions (see below)
Validate web server configuration file (see below)
Clear your browsers cache
Deactivate and reactivate all plugins
Resave a plugins settings if it reports errors
Make sure your root directory is empty

Permissions:
Not all operating systems are alike. Therefore, when you move a package (zip file) from one location to another the file and directory permissions may not always stick. If this is the case then check your WordPress directories and make sure it's permissions are set to 755. For files make sure the permissions are set to 644 (this does not apply to windows servers). Also pay attention to the owner/group attributes. For a full overview of the correct file changes see the WordPress permissions codex

Web server configuration files:
For Apache web server the root .htaccess file was copied to .htaccess__[HASH]. A new stripped down .htaccess file was created to help simplify access issues. For IIS web server the web.config file was copied to web.config.orig, however no new web.config file was created. If you have not altered this file manually then resaving your permalinks and resaving your plugins should resolve most all changes that were made to the root web configuration file. If your still experiencing issues then open the .orig file and do a compare to see what changes need to be made.

Plugin Notes:
It's impossible to know how all 3rd party plugins function. The Duplicator attempts to fix the new install URL for settings stored in the WordPress options table. Please validate that all plugins retained there settings after installing. If you experience issues try to bulk deactivate all plugins then bulk reactivate them on your new duplicated site. If you run into issues were a plugin does not retain its data then try to resave the plugins settings.

Cache Systems:
Any type of cache system such as Super Cache, W3 Cache, etc. should be emptied before you create a package. Another alternative is to include the cache directory in the directory exclusion path list found in the options dialog. Including a directory such as \pathtowordpress\wp-content\w3tc\ (the w3 Total Cache directory) will exclude this directory from being packaged. In is highly recommended to always perform a cache empty when you first fire up your new site even if you excluded your cache directory.

Trying Again:
If you need to retry and reinstall this package you can easily run the process again by deleting all files except the installer and package file and then browse to the installer again.

Additional Notes:
If you have made changes to your PHP files directly this might have an impact on your duplicated site. Be sure all changes made will correspond to the sites new location. Only the package (zip file) and the installer (php file) should be in the directory where you are installing the site. Please read through our knowledge base before submitting any issues. If you have a large log file that needs evaluated please email the file, or attach it to a help ticket.

Installer Security

Step 1 of 4: Deployment

Archive

Validation

Multisite ^pro

Options

Notices

Step 2 of 4: Install Database

Basic/cPanel:

cPanel Login ^pro

Setup

Options

Validation

Step 3 of 4: Update Data

New Settings

Replace ^pro

Options

Step 4 of 4: Test Site

Final Steps

Troubleshooting Tips

Installer Security

Step 1 of 4: Deployment

Archive

Validation

Multisite pro

Options

Notices

Step 2 of 4: Install Database

Basic/cPanel:

cPanel Login pro

Setup

Options

Validation

Step 3 of 4: Update Data

New Settings

Replace pro

Options

Step 4 of 4: Test Site

Final Steps

Troubleshooting Tips

Multisite ^pro

cPanel Login ^pro

Replace ^pro