From r00tedvw.com wiki
Jump to: navigation, search

Ubuntu Installation | CentOS Installation
Installation done on a VM running Ubuntu 14.04LTS


Download required packages

On a LAMP setup make sure to download the standard packages

~$ sudo apt-get update && sudo apt-get install -y apache2 mysql-server php5-mysql php5 libapache2-mod-php5 php5-mcrypt 

If you already have LAMP installed, all WordPress needs is

~$ sudo apt-get update && sudo apt-get install -y php5-gd libssh2-php

Configure MySQL

login to db

~$ mysql -u root -p

Create mysql wordpress user

~$ mysql> CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'THISpasswordSHOULDbeCHANGED';
~$ mysql> exit

login as new user to verify account works

~$ mysql -u wordpress -p
~$ mysql> exit

create DB

~$ mysql -u root -p
~$ mysql> CREATE DATABASE wordpress;

verify DB creation


assign rights to wordpress user for new database created

~$ mysql> GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY 'wordpressuserpassword' WITH GRANT OPTION;  
~$ mysql> exit

verify permissions have been granted

~$ mysql -u wordpress -p
~$ mysql> SHOW GRANTS;
| Grants for [email protected]                                                                                   |
| GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wordpress'@'localhost' WITH GRANT OPTION                               |
2 rows in set (0.00 sec)

Download Wordpress

download the latest version from their latest version URL

~$ wget http://wordpress.org/latest.tar.gz

probably would be a good idea to rename the tarball as it's not very descriptive

~$ $ mv ./latest.tar.gz ./wordpress4.0.tar.gz

As of 10/4/2014 There are no MD5 or GPG verification methods to make sure the copy you've downloaded hasn't been tampered with. Maybe one day the devs of WordPress can join the rest of the Dev community and start taking security seriously.

create your site's directory where wordpress will live. If you're using a subsite design make sure to create the directories in the same path structure.

~$ mkdir /var/www/yoursite.com/

make sure your apache user has appropriate permissions to write to this directory

~$ chown www-data:www-data /var/www/yoursite.com/

export the downloaded tar to the site directory

~$ tar -C /var/www/yoursite.com/ -zxf wordpress4.0.tar.gz

this will create a directory called wordpress. If you dont want this and prefer the wordpress files to live in the parent directory, i'd instead do it this way

~$ tar -C /home/admin/ -zxf wordpress4.0.tar.gz
~$ sudo cp -r /home/admin/wordpress/* /var/www/yoursite.com/

Configure WordPress


within the wordpress directory, or your site directory, copy the sample config file so it becomes the base wp config file

~$ cp wp-config-sample.php wp-config.php

edit the config file to add DB info. You can also make other changes if you like, but they are not needed in a default install.

~$ vi wp-config.php
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

it would also be a good idea to SALT your authentication and cookies. go to https://api.wordpress.org/secret-key/1.1/salt/ and it will auto generate random salts. You can change these at any time to invalidate all cookies given out forcing users to log back in.
edit wp-config.php

define('AUTH_KEY',         'mMHx%-{<+&.P~c27Yw;jQ*,bp*%W4vPF#/vo_[Q`My07j*zXj27PRumC-|4mhCV)');
define('SECURE_AUTH_KEY',  'cu#`Jh,?^}jh%~#NE/:hzB<[email protected]| 4/ov|-OHrA=`/%? k15|T}k^kl2%ZaGP');
define('LOGGED_IN_KEY',    'w!Ur~brqVe~B]-M^^YQ]gc[oo9oKsg.M//TH=k#mf_#Kq>AKbMih|B(8yuE`~dlI');
define('NONCE_KEY',        '(+1vx]Q;)%&3Z}j1[${Q#/F5i465kTrOEG{hyM<|dv hfV2U%|@M6m|Fn9EnE1}^');
define('AUTH_SALT',        'W((kWAX/0`-VZ`#30)0]:&D}c0KZg|aMhF5=L6wtJotRA2}DeD;,(YC_m67aq) W');
define('SECURE_AUTH_SALT', 'D?fyi DhO&98g,R^+h[= [email protected]!:1^PoNUD4xa|ko/a}mK*0i!w3{b');
define('LOGGED_IN_SALT',   '}=JeV6A!uhkMC2hYH2Bwr-ME%|nnr!rvPH9Lt/S8Z%i>Z5s=<%x4F[NsUl3`Q.m{');
define('NONCE_SALT',       'H4{=At.DFY+rUv{~L|fKbn/]W_UY-`EcUc`Su$LU|[email protected]/>*z~g!qB+;/K|asG');

file/folder changes

installation instructions say to give the sudo user (in this example its demo) and the apache user ownership of all the wordpress files and folders

~$ sudo chown -R demo:www-data /var/www/yoursite.com/*

if you have other installations, like phpBB and mediawiki, that you dont want to mess the permissions up on, remove the -R and it will only change ownership within the parent directory. figure out what those directory permissions are first and make note of them.

~$ ls /var/www/yoursite.com/
drwxr-xr-x 13 root     root      4096 Oct  2 01:53 forums
drwxr-xr-x 13 root     root      4096 Oct  2 01:53 wiki
~$ sudo chown demo:www-data /var/www/yoursite.com/*

change the permissions on your other installations back to what they were

~$ sudo chown root:root /var/www/yoursite.com/forums
~$ sudo chown root:root /var/www/yoursite.com/wiki

finish setting the permissions for wordpress folders and subdirectories

~$ sudo chown -R r00t:www-data ./wp-admin/
~$ sudo chown -R r00t:www-data ./wp-content/
~$ sudo chown -R r00t:www-data ./wp-includes/

create the upload directory and assign permissions

~$ mkdir /var/www/yoursite.com/wp-content/uploads
~$ sudo chown :www-data /var/www/html/wp-content/uploads

Apache Configuration

If you've already got a site setup, you may already have apache configure. If not, it's fairly easy.

If you're going with a subsite configuration, the virutalhost file is going to be simple and only point to the site's root directory

~$ sudo vi /etc/apache2/sites-available/yoursite.com.conf
<VirtualHost *:80>
        ServerName yoursite.com
        ServerAdmin [email protected]
        DocumentRoot /var/www/yoursite.com
        TransferLog /var/log/apache2/yoursite.com-access_log
        ErrorLog /var/log/apache2/yoursite.com-error_log

You should disable the default site

~$ sudo a2dissite 000-default
Site 000-default disabled.
To activate the new configuration, you need to run:
  service apache2 reload

Followed by enabling your new site

~$sudo a2ensite yoursite.com
Enabling site yoursite.com.
To activate the new configuration, you need to run:
  service apache2 reload

let's go ahead and restart apache2

~$ sudo service apache2 restart
 * Restarting web server apache2

Setup Wordpress Admin

Now its time to setup the WordPress admin account through the webpage. This is as easy as going to your site's webpage


From here, you'll be asked to fill out the following information:

  • Site Title
  • Username
  • Password
  • Email

Once you input the above information and hit "Install WordPress", you're pretty much done.
Next it's a good idea to log in and verify that your credentials work. If you can, you can stop here as you're done!

optional: change dynamic url structure to pretty permalinks

add the following to your apache site config

~$ cd /etc/apache2/sites-available/
~$ sudo vi yoursite.com.conf
<Directory /var/www/yoursite.com/>
          AllowOverride All

if you haven't already, enable the rewrite module for apache2

~$ sudo a2enmod rewrite

Restart apache2

 ~$ sudo service apache2 restart
 * Restarting web server apache2

create .htaccess file and set permissions

~$ touch /var/www/yoursite.com/.htaccess
~$ sudo chown :www-data /var/www/yoursite.com/.htaccess
~$ chmod 664 /var/www/yoursite.com/.htaccess

Now log into your wordpress site and go to the following:

Settings > Permalinks

and you can choose from the following examples:

Type URL format
Default http://yoursite.com/?p=123
Day and name http://yoursite.com/2014/10/04/sample-post/
Month and name http://yoursite.com/2014/10/sample-post/
Numeric http://yoursite.com/archives/123
Post name http://yoursite.com/sample-post/

Once WordPress is done configuring the .htaccess file, you can reset the permissions for a slight security gain

~$ chmod 644 /var/www/yoursite.com/.htaccess
Personal tools

DevOps Tools
Oracle Linux
VmWare ESXI 5.1
Crypto currencies
Java Script
Raspberry Pi
Canvas LMS
Kaltura Media Server
Photoshop CS2
General Info
Meal Plans
NC Statutes