WordPress/Installation/CentOS

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
Line 148: Line 148:
 
## Disable Editing in Dashboard
 
## Disable Editing in Dashboard
 
define('DISALLOW_FILE_EDIT', true);</nowiki>
 
define('DISALLOW_FILE_EDIT', true);</nowiki>
 +
 +
==2 Factor Authentication==
 +
Here is a recommended plugin for 2 factor authentication which works with Authy/Google Authenticator clients.<br>
 +
[https://wordpress.org/plugins/miniorange-2-factor-authentication/ https://wordpress.org/plugins/miniorange-2-factor-authentication/]
  
 
=Debugging=
 
=Debugging=

Revision as of 22:58, 7 February 2018

Ubuntu Installation | CentOS Installation
Installation done on CentOS 6.9

Contents

Download required packages

~$ sudo yum install mysql-server php php-mysql -y mod_ssl

Date

Make sure your date/time is set correctly

~$ date -s "5 FEB 2018 18:54:00" 

Setup MySQL

Start MySQL

~$ sudo service mysqld start

Set the root password

~$ sudo /usr/bin/mysql_secure_installation 
Enter current password for root (enter for none):
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Configure MySQL

~$ mysql -u root -p
~$ mysql> CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'THISpasswordSHOULDbeCHANGED';
~$ mysql> CREATE DATABASE wordpress;
~$ mysql> GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY 'wordpressuserpassword' WITH GRANT OPTION;

Install Wordpress

~$ sudo mkdir /opt/wordpress && sudo wget -O /opt/wordpress/wordpress-4.9.2.tar.gz https://wordpress.org/latest.tar.gz
~$ mkdir /var/www/html/website.com
~$ tar -C /var/www/html/website.com/ -zxf /opt/wordpress/wordpress-4.9.2.tar.gz
~$ sudo cp -r /var/www/html/website.com/wordpress/* /var/www/html/website.com/
~$ sudo rm -r var/www/html/website.com/wordpress/

Configure Wordpress

~$ cp /var/www/html/website.com/wp-config-sample.php /var/www/html/website.com/wp-config.php
~$ ~$ vim /var/www/html/website.com/wp-config.php
...
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

/** MySQL hostname */
define('DB_HOST', 'localhost');

it would also be a good idea to SALT your authentication and cookies. go to https://api.wordpress.org/secret-key/1.1/salt/ and it will auto generate random salts. You can change these at any time to invalidate all cookies given out forcing users to log back in.

 ~$ vim /var/www/html/website.com/wp-config.php
...
define('AUTH_KEY',         'mMHx%-{<+&.P~c27Yw;jQ*,bp*%W4vPF#/vo_[Q`My07j*zXj27PRumC-|4mhCV)');
define('SECURE_AUTH_KEY',  'cu#`Jh,?^}jh%~#NE/:hzB<iCMf$@D| 4/ov|-OHrA=`/%? k15|T}k^kl2%ZaGP');
define('LOGGED_IN_KEY',    'w!Ur~brqVe~B]-M^^YQ]gc[oo9oKsg.M//TH=k#mf_#Kq>AKbMih|B(8yuE`~dlI');
define('NONCE_KEY',        '(+1vx]Q;)%&3Z}j1[${Q#/F5i465kTrOEG{hyM<|dv hfV2U%|@M6m|Fn9EnE1}^');
define('AUTH_SALT',        'W((kWAX/0`-VZ`#30)0]:&D}c0KZg|aMhF5=L6wtJotRA2}DeD;,(YC_m67aq) W');
define('SECURE_AUTH_SALT', 'D?fyi DhO&98g,R^+h[= XyeEp+Y?WcNDUv@!:1^PoNUD4xa|ko/a}mK*0i!w3{b');
define('LOGGED_IN_SALT',   '}=JeV6A!uhkMC2hYH2Bwr-ME%|nnr!rvPH9Lt/S8Z%i>Z5s=<%x4F[NsUl3`Q.m{');
define('NONCE_SALT',       'H4{=At.DFY+rUv{~L|fKbn/]W_UY-`EcUc`Su$LU|wdI@qi/>*z~g!qB+;/K|asG');

HTTPD Configuration

If you've already got a site setup, you may already have httpd configured. If not, it's fairly easy.

If you're going with a subsite configuration, the virutalhost file is going to be simple and only point to the site's root directory.

HTTP

 ~$ sudo vim /etc/httpd/conf.d/website.com.conf
 add:
 <VirtualHost *:80>
         ServerName website.com
         ServerAdmin [email protected]
         DocumentRoot /var/www/html/website.com/
         TransferLog /var/log/httpd/website.com-access_log
         ErrorLog /var/log/httpd/website.com-error_log
 </VirtualHost>

HTTPS

 ~$ sudo vim /etc/httpd/conf.d/website.com.conf
 add:
Listen 443

<VirtualHost *:443>
        LoadModule ssl_module modules/mod_ssl.so

        ServerName website.com
        ServerAdmin [email protected]
        DocumentRoot /var/www/html/website.com
        TransferLog /var/log/httpd/website.com-access_log
        ErrorLog /var/log/httpd/website.com-error_log
        LogLevel debug

        #SSL
        SSLEngine On
        SSLCertificateFile /etc/pki/tls/certs/localhost.crt
        SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
</VirtualHost>

Update Configuration

With the site up and running, we need to configure wordpress to be able to do its own updates.

SSH Keys

First we want to create a new user and the corresponding SSH keys it will be using (no password).

~$ sudo adduser wp-user
~$ sudo su - wp-user
~$ ssh-keygen -t rsa -b 4096
hit enter through the passphrase prompts
It should then confirm it has created the keys and their location.
default is: /home/wp-user/.ssh/id_rsa and /home/wp-user/.ssh/id_rsa.pub

wp-config.php

Next we need to update the wordpress configuration file with the settings needed to use this new user and ssh keys. You will need to add the following lines:

~$ sudo vim /var/www/html/website.com/wp-config.php
...
/** Update authentication */
define('FS_METHOD', 'direct');
define('FTP_BASE', '/var/www/html/website.com/');
define('FTP_CONTENT_DIR', '/var/www/html/website.com/wp-content/');
define('FTP_PLUGIN_DIR', '/var/www/html/website.com/wp-content/plugins/');
define('FTP_THEMES_DIR', '/var/www/html/website.com/wp-content/themes/');
define('FTP_PUBKEY','/home/wp-user/.ssh/id_rsa.pub');
define('FTP_PRIKEY','/home/wp-user/.ssh/id_rsa');
define('FTP_USER','wp-user');
define('FTP_PASS','');
define('FTP_HOST','localhost:22');

Configure Folders and Permissions

Wordpress needs the appropriate permissions setup in order to load content properly, as well as to perform updates properly.

To determine what user/group your httpd uses, you can run this command.

~$ egrep -i '^user|^group' /etc/httpd/conf/httpd.conf
User apache
Group apache

Create the upload directory

~$ mkdir /var/www/html/website.com/wp-content/uploads 

Set ownership and file/folder permissions

~$ sudo chown apache:apache -R /var/www/html/website.com/*
~$ sudo find /var/www/html/website.com/ -type d -exec chmod 755 {} \;
~$ sudo find /var/www/html/website.com/  -type f -exec chmod 644 {} \; 

Hardening

Here are some basic recommended hardening steps recommended by Automattic

Disable File Editting

~$ vim /var/www/html/website.com/wp-config.php
## Disable Editing in Dashboard
define('DISALLOW_FILE_EDIT', true);

2 Factor Authentication

Here is a recommended plugin for 2 factor authentication which works with Authy/Google Authenticator clients.
https://wordpress.org/plugins/miniorange-2-factor-authentication/

Debugging

In the case that you need to debug, find these lines (or add them) and set them to true

~$ sudo vim /var/www/html/website.com/wp-config.php
...
/** If debugging is needed, set these to true */
define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);

If the errors are logged, you will see a new file called debug.log get created here

~$ ls /var/www/html/website.com/wp-content/debug.log
/var/www/html/website.com/wp-content/debug.log
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox