WordPress/Installation

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
(Created page with "Installation done on a VM running Ubuntu 14.04LTS")
 
 
(32 intermediate revisions by one user not shown)
Line 1: Line 1:
 +
[[WordPress/Installation|Ubuntu Installation]] | [[WordPress/Installation/CentOS|CentOS Installation]]
 +
<br>
 
Installation done on a VM running Ubuntu 14.04LTS
 
Installation done on a VM running Ubuntu 14.04LTS
 +
==Download required packages==
 +
On a LAMP setup make sure to download the standard packages
 +
~$ sudo apt-get update && sudo apt-get install -y apache2 mysql-server php5-mysql php5 libapache2-mod-php5 php5-mcrypt
 +
If you already have LAMP installed, all WordPress needs is
 +
~$ sudo apt-get update && sudo apt-get install -y php5-gd libssh2-php
 +
==Configure MySQL==
 +
login to db
 +
~$ mysql -u root -p
 +
Create mysql wordpress user
 +
~$ mysql> CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'THISpasswordSHOULDbeCHANGED';
 +
~$ mysql> exit
 +
login as new user to verify account works
 +
~$ mysql -u wordpress -p
 +
~$ mysql> exit
 +
create DB
 +
~$ mysql -u root -p
 +
~$ mysql> CREATE DATABASE wordpress;
 +
verify DB creation
 +
~$ mysql> SHOW DATABASES;
 +
assign rights to wordpress user for new database created
 +
~$ mysql> GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY 'wordpressuserpassword' WITH GRANT OPTION; 
 +
~$ mysql> exit
 +
verify permissions have been granted
 +
~$ mysql -u wordpress -p
 +
~$ mysql> SHOW GRANTS;
 +
+------------------------------------------------------------------------------------------------------------------+
 +
| Grants for wordpress@localhost                                                                                  |
 +
+------------------------------------------------------------------------------------------------------------------+
 +
| GRANT USAGE ON *.* TO 'wordpress'@'localhost' IDENTIFIED BY PASSWORD '*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' |
 +
| GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wordpress'@'localhost' WITH GRANT OPTION                              |
 +
+------------------------------------------------------------------------------------------------------------------+
 +
2 rows in set (0.00 sec)
 +
 +
==Download Wordpress==
 +
download the latest version from their latest version URL
 +
~$ wget http://wordpress.org/latest.tar.gz
 +
probably would be a good idea to rename the tarball as it's not very descriptive
 +
~$ $ mv ./latest.tar.gz ./wordpress4.0.tar.gz
 +
As of 10/4/2014 There are no MD5 or GPG verification methods to make sure the copy you've downloaded hasn't been tampered with.  Maybe one day the devs of WordPress can join the rest of the Dev community and start taking security seriously.<br>
 +
----
 +
create your site's directory where wordpress will live. If you're using a subsite design make sure to create the directories in the same path structure.
 +
~$ mkdir /var/www/yoursite.com/
 +
make sure your apache user has appropriate permissions to write to this directory
 +
~$ chown www-data:www-data /var/www/yoursite.com/
 +
export the downloaded tar to the site directory
 +
~$ tar -C /var/www/yoursite.com/ -zxf wordpress4.0.tar.gz
 +
this will create a directory called wordpress.  If you dont want this and prefer the wordpress files to live in the parent directory, i'd instead do it this way
 +
~$ tar -C /home/admin/ -zxf wordpress4.0.tar.gz
 +
~$ sudo cp -r /home/admin/wordpress/* /var/www/yoursite.com/
 +
==Configure WordPress==
 +
===config.php===
 +
within the wordpress directory, or your site directory, copy the sample config file so it becomes the base wp config file
 +
~$ cp wp-config-sample.php wp-config.php
 +
edit the config file to add DB info.  You can also make other changes if you like, but they are not needed in a default install.
 +
~$ vi wp-config.php
 +
...
 +
// ** MySQL settings - You can get this info from your web host ** //
 +
/** The name of the database for WordPress */
 +
define('DB_NAME', 'database_name_here');
 +
 +
/** MySQL database username */
 +
define('DB_USER', 'username_here');
 +
 +
/** MySQL database password */
 +
define('DB_PASSWORD', 'password_here');
 +
 +
/** MySQL hostname */
 +
define('DB_HOST', 'localhost');
 +
 +
/** Database Charset to use in creating database tables. */
 +
define('DB_CHARSET', 'utf8');
 +
it would also be a good idea to SALT your authentication and cookies.  go to https://api.wordpress.org/secret-key/1.1/salt/ and it will auto generate random salts.  You can change these at any time to invalidate all cookies given out forcing users to log back in.<br>
 +
edit wp-config.php
 +
define('AUTH_KEY',        'mMHx%-{<+&.P~c27Yw;jQ*,bp*%W4vPF#/vo_[Q`My07j*zXj27PRumC-|4mhCV)');
 +
define('SECURE_AUTH_KEY',  'cu#`Jh,?^}jh%~#NE/:hzB<iCMf$@D| 4/ov|-OHrA=`/%? k15|T}k^kl2%ZaGP');
 +
define('LOGGED_IN_KEY',    'w!Ur~brqVe~B]-M^^YQ]gc[oo9oKsg.M//TH=k#mf_#Kq>AKbMih|B(8yuE`~dlI');
 +
define('NONCE_KEY',        '(+1vx]Q;)%&3Z}j1[${Q#/F5i465kTrOEG{hyM<|dv hfV2U%|@M6m|Fn9EnE1}^');
 +
define('AUTH_SALT',        'W((kWAX/0`-VZ`#30)0]:&D}c0KZg|aMhF5=L6wtJotRA2}DeD;,(YC_m67aq) W');
 +
define('SECURE_AUTH_SALT', 'D?fyi DhO&98g,R^+h[= XyeEp+Y?WcNDUv@!:1^PoNUD4xa|ko/a}mK*0i!w3{b');
 +
define('LOGGED_IN_SALT',  '}=JeV6A!uhkMC2hYH2Bwr-ME%|nnr!rvPH9Lt/S8Z%i>Z5s=<%x4F[NsUl3`Q.m{');
 +
define('NONCE_SALT',      'H4{=At.DFY+rUv{~L|fKbn/]W_UY-`EcUc`Su$LU|wdI@qi/>*z~g!qB+;/K|asG');
 +
 +
===file/folder changes===
 +
installation instructions say to give the sudo user (in this example its demo) and the apache user ownership of all the wordpress files and folders
 +
~$ sudo chown -R demo:www-data /var/www/yoursite.com/*
 +
if you have other installations, like phpBB and mediawiki, that you dont want to mess the permissions up on, remove the -R and it will only change ownership within the parent directory.  figure out what those directory permissions are first and make note of them.
 +
~$ ls /var/www/yoursite.com/
 +
drwxr-xr-x 13 root    root      4096 Oct  2 01:53 forums
 +
drwxr-xr-x 13 root    root      4096 Oct  2 01:53 wiki
 +
~$ sudo chown demo:www-data /var/www/yoursite.com/*
 +
change the permissions on your other installations back to what they were
 +
~$ sudo chown root:root /var/www/yoursite.com/forums
 +
~$ sudo chown root:root /var/www/yoursite.com/wiki
 +
finish setting the permissions for wordpress folders and subdirectories
 +
~$ sudo chown -R r00t:www-data ./wp-admin/
 +
~$ sudo chown -R r00t:www-data ./wp-content/
 +
~$ sudo chown -R r00t:www-data ./wp-includes/
 +
create the upload directory and assign permissions
 +
~$ mkdir /var/www/yoursite.com/wp-content/uploads
 +
~$ sudo chown :www-data /var/www/html/wp-content/uploads
 +
 +
==Apache Configuration==
 +
If you've already got a site setup, you may already have apache configure.  If not, it's fairly easy.<br>
 +
<br>
 +
If you're going with a subsite configuration, the virutalhost file is going to be simple and only point to the site's root directory
 +
~$ sudo vi /etc/apache2/sites-available/yoursite.com.conf
 +
add:
 +
<VirtualHost *:80>
 +
        ServerName yoursite.com
 +
        ServerAdmin [email protected]
 +
        DocumentRoot /var/www/yoursite.com
 +
        TransferLog /var/log/apache2/yoursite.com-access_log
 +
        ErrorLog /var/log/apache2/yoursite.com-error_log
 +
</VirtualHost>
 +
You should disable the default site
 +
~$ sudo a2dissite 000-default
 +
Site 000-default disabled.
 +
To activate the new configuration, you need to run:
 +
  service apache2 reload
 +
Followed by enabling your new site
 +
~$sudo a2ensite yoursite.com
 +
Enabling site yoursite.com.
 +
To activate the new configuration, you need to run:
 +
  service apache2 reload
 +
let's go ahead and restart apache2
 +
~$ sudo service apache2 restart
 +
  * Restarting web server apache2
 +
    ...done.
 +
 +
==Setup Wordpress Admin==
 +
Now its time to setup the WordPress admin account through the webpage.  This is as easy as going to your site's webpage
 +
http://server_domain_name_or_IP
 +
From here, you'll be asked to fill out the following information:
 +
*Site Title
 +
*Username
 +
*Password
 +
*Email
 +
Once you input the above information and hit "Install WordPress", you're pretty much done.<br>
 +
Next it's a good idea to log in and verify that your credentials work.  If you can, you can stop here as you're done!
 +
 +
==optional: change dynamic url structure to pretty permalinks==
 +
add the following to your apache site config
 +
~$ cd /etc/apache2/sites-available/
 +
~$ sudo vi yoursite.com.conf
 +
<Directory /var/www/yoursite.com/>
 +
          AllowOverride All
 +
</Directory>
 +
if you haven't already, enable the rewrite module for apache2
 +
~$ sudo a2enmod rewrite
 +
Restart apache2
 +
  ~$ sudo service apache2 restart
 +
  * Restarting web server apache2
 +
    ...done.
 +
create .htaccess file and set permissions
 +
~$ touch /var/www/yoursite.com/.htaccess
 +
~$ sudo chown :www-data /var/www/yoursite.com/.htaccess
 +
~$ chmod 664 /var/www/yoursite.com/.htaccess
 +
Now log into your wordpress site and go to the following:
 +
Settings > Permalinks
 +
and you can choose from the following examples:
 +
{| class="mw-collapsible wikitable"
 +
! Type || URL format
 +
|-
 +
| Default || <nowiki>http://yoursite.com/?p=123</nowiki>
 +
|-
 +
| Day and name || <nowiki>http://yoursite.com/2014/10/04/sample-post/</nowiki>
 +
|-
 +
| Month and name || <nowiki>http://yoursite.com/2014/10/sample-post/</nowiki>
 +
|-
 +
| Numeric || <nowiki>http://yoursite.com/archives/123</nowiki>
 +
|-
 +
| Post name || <nowiki>http://yoursite.com/sample-post/</nowiki>
 +
|}
 +
Once WordPress is done configuring the .htaccess file, you can reset the permissions for a slight security gain
 +
~$ chmod 644 /var/www/yoursite.com/.htaccess

Latest revision as of 03:14, 5 February 2018

Ubuntu Installation | CentOS Installation
Installation done on a VM running Ubuntu 14.04LTS

Contents

[edit] Download required packages

On a LAMP setup make sure to download the standard packages

~$ sudo apt-get update && sudo apt-get install -y apache2 mysql-server php5-mysql php5 libapache2-mod-php5 php5-mcrypt 

If you already have LAMP installed, all WordPress needs is

~$ sudo apt-get update && sudo apt-get install -y php5-gd libssh2-php

[edit] Configure MySQL

login to db

~$ mysql -u root -p

Create mysql wordpress user

~$ mysql> CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'THISpasswordSHOULDbeCHANGED';
~$ mysql> exit

login as new user to verify account works

~$ mysql -u wordpress -p
~$ mysql> exit

create DB

~$ mysql -u root -p
~$ mysql> CREATE DATABASE wordpress;

verify DB creation

~$ mysql> SHOW DATABASES;

assign rights to wordpress user for new database created

~$ mysql> GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY 'wordpressuserpassword' WITH GRANT OPTION;  
~$ mysql> exit

verify permissions have been granted

~$ mysql -u wordpress -p
~$ mysql> SHOW GRANTS;
+------------------------------------------------------------------------------------------------------------------+
| Grants for wordpress@localhost                                                                                   |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wordpress'@'localhost' IDENTIFIED BY PASSWORD '*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' |
| GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wordpress'@'localhost' WITH GRANT OPTION                               |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

[edit] Download Wordpress

download the latest version from their latest version URL

~$ wget http://wordpress.org/latest.tar.gz

probably would be a good idea to rename the tarball as it's not very descriptive

~$ $ mv ./latest.tar.gz ./wordpress4.0.tar.gz

As of 10/4/2014 There are no MD5 or GPG verification methods to make sure the copy you've downloaded hasn't been tampered with. Maybe one day the devs of WordPress can join the rest of the Dev community and start taking security seriously.


create your site's directory where wordpress will live. If you're using a subsite design make sure to create the directories in the same path structure.

~$ mkdir /var/www/yoursite.com/

make sure your apache user has appropriate permissions to write to this directory

~$ chown www-data:www-data /var/www/yoursite.com/

export the downloaded tar to the site directory

~$ tar -C /var/www/yoursite.com/ -zxf wordpress4.0.tar.gz

this will create a directory called wordpress. If you dont want this and prefer the wordpress files to live in the parent directory, i'd instead do it this way

~$ tar -C /home/admin/ -zxf wordpress4.0.tar.gz
~$ sudo cp -r /home/admin/wordpress/* /var/www/yoursite.com/

[edit] Configure WordPress

[edit] config.php

within the wordpress directory, or your site directory, copy the sample config file so it becomes the base wp config file

~$ cp wp-config-sample.php wp-config.php

edit the config file to add DB info. You can also make other changes if you like, but they are not needed in a default install.

~$ vi wp-config.php
...
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

it would also be a good idea to SALT your authentication and cookies. go to https://api.wordpress.org/secret-key/1.1/salt/ and it will auto generate random salts. You can change these at any time to invalidate all cookies given out forcing users to log back in.
edit wp-config.php

define('AUTH_KEY',         'mMHx%-{<+&.P~c27Yw;jQ*,bp*%W4vPF#/vo_[Q`My07j*zXj27PRumC-|4mhCV)');
define('SECURE_AUTH_KEY',  'cu#`Jh,?^}jh%~#NE/:hzB<iCMf$@D| 4/ov|-OHrA=`/%? k15|T}k^kl2%ZaGP');
define('LOGGED_IN_KEY',    'w!Ur~brqVe~B]-M^^YQ]gc[oo9oKsg.M//TH=k#mf_#Kq>AKbMih|B(8yuE`~dlI');
define('NONCE_KEY',        '(+1vx]Q;)%&3Z}j1[${Q#/F5i465kTrOEG{hyM<|dv hfV2U%|@M6m|Fn9EnE1}^');
define('AUTH_SALT',        'W((kWAX/0`-VZ`#30)0]:&D}c0KZg|aMhF5=L6wtJotRA2}DeD;,(YC_m67aq) W');
define('SECURE_AUTH_SALT', 'D?fyi DhO&98g,R^+h[= XyeEp+Y?WcNDUv@!:1^PoNUD4xa|ko/a}mK*0i!w3{b');
define('LOGGED_IN_SALT',   '}=JeV6A!uhkMC2hYH2Bwr-ME%|nnr!rvPH9Lt/S8Z%i>Z5s=<%x4F[NsUl3`Q.m{');
define('NONCE_SALT',       'H4{=At.DFY+rUv{~L|fKbn/]W_UY-`EcUc`Su$LU|wdI@qi/>*z~g!qB+;/K|asG');

[edit] file/folder changes

installation instructions say to give the sudo user (in this example its demo) and the apache user ownership of all the wordpress files and folders

~$ sudo chown -R demo:www-data /var/www/yoursite.com/*

if you have other installations, like phpBB and mediawiki, that you dont want to mess the permissions up on, remove the -R and it will only change ownership within the parent directory. figure out what those directory permissions are first and make note of them.

~$ ls /var/www/yoursite.com/
drwxr-xr-x 13 root     root      4096 Oct  2 01:53 forums
drwxr-xr-x 13 root     root      4096 Oct  2 01:53 wiki
~$ sudo chown demo:www-data /var/www/yoursite.com/*

change the permissions on your other installations back to what they were

~$ sudo chown root:root /var/www/yoursite.com/forums
~$ sudo chown root:root /var/www/yoursite.com/wiki

finish setting the permissions for wordpress folders and subdirectories

~$ sudo chown -R r00t:www-data ./wp-admin/
~$ sudo chown -R r00t:www-data ./wp-content/
~$ sudo chown -R r00t:www-data ./wp-includes/

create the upload directory and assign permissions

~$ mkdir /var/www/yoursite.com/wp-content/uploads
~$ sudo chown :www-data /var/www/html/wp-content/uploads

[edit] Apache Configuration

If you've already got a site setup, you may already have apache configure. If not, it's fairly easy.

If you're going with a subsite configuration, the virutalhost file is going to be simple and only point to the site's root directory

~$ sudo vi /etc/apache2/sites-available/yoursite.com.conf
add:
<VirtualHost *:80>
        ServerName yoursite.com
        ServerAdmin [email protected]
        DocumentRoot /var/www/yoursite.com
        TransferLog /var/log/apache2/yoursite.com-access_log
        ErrorLog /var/log/apache2/yoursite.com-error_log
</VirtualHost>

You should disable the default site

~$ sudo a2dissite 000-default
Site 000-default disabled.
To activate the new configuration, you need to run:
  service apache2 reload

Followed by enabling your new site

~$sudo a2ensite yoursite.com
Enabling site yoursite.com.
To activate the new configuration, you need to run:
  service apache2 reload

let's go ahead and restart apache2

~$ sudo service apache2 restart
 * Restarting web server apache2
   ...done.

[edit] Setup Wordpress Admin

Now its time to setup the WordPress admin account through the webpage. This is as easy as going to your site's webpage

http://server_domain_name_or_IP

From here, you'll be asked to fill out the following information:

  • Site Title
  • Username
  • Password
  • Email

Once you input the above information and hit "Install WordPress", you're pretty much done.
Next it's a good idea to log in and verify that your credentials work. If you can, you can stop here as you're done!

[edit] optional: change dynamic url structure to pretty permalinks

add the following to your apache site config

~$ cd /etc/apache2/sites-available/
~$ sudo vi yoursite.com.conf
<Directory /var/www/yoursite.com/>
          AllowOverride All
</Directory>

if you haven't already, enable the rewrite module for apache2

~$ sudo a2enmod rewrite

Restart apache2

 ~$ sudo service apache2 restart
 * Restarting web server apache2
   ...done.

create .htaccess file and set permissions

~$ touch /var/www/yoursite.com/.htaccess
~$ sudo chown :www-data /var/www/yoursite.com/.htaccess
~$ chmod 664 /var/www/yoursite.com/.htaccess

Now log into your wordpress site and go to the following:

Settings > Permalinks

and you can choose from the following examples:

Type URL format
Default http://yoursite.com/?p=123
Day and name http://yoursite.com/2014/10/04/sample-post/
Month and name http://yoursite.com/2014/10/sample-post/
Numeric http://yoursite.com/archives/123
Post name http://yoursite.com/sample-post/

Once WordPress is done configuring the .htaccess file, you can reset the permissions for a slight security gain

~$ chmod 644 /var/www/yoursite.com/.htaccess
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
2020 Election
Volkswagen
Covid
NCDMV
Toolbox