WordPress/Installation
Line 141: | Line 141: | ||
* Restarting web server apache2 | * Restarting web server apache2 | ||
...done. | ...done. | ||
+ | create .htaccess file and set permissions | ||
+ | ~$ touch /var/www/yoursite.com/.htaccess | ||
+ | ~$ sudo chown :www-data /var/www/yoursite.com/.htaccess | ||
+ | ~$ chmod 664 /var/www/yoursite.com/.htaccess | ||
+ | Once WordPress is done configuring the .htaccess file, you can reset the permissions for a slight security gain | ||
+ | ~$ chmod 644 /var/www/yoursite.com/.htaccess |
Revision as of 17:25, 4 October 2014
Installation done on a VM running Ubuntu 14.04LTS
Contents |
Download required packages
On a LAMP setup make sure to download the standard packages
~$ sudo apt-get update && sudo apt-get install -y apache2 mysql-server php5-mysql php5 libapache2-mod-php5 php5-mcrypt
If you already have LAMP installed, all WordPress needs is
~$ sudo apt-get update && sudo apt-get install -y php5-gd libssh2-php
Configure MySQL
login to db
~$ mysql -u root -p
Create mysql wordpress user
~$ mysql> CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'THISpasswordSHOULDbeCHANGED'; ~$ mysql> exit
login as new user to verify account works
~$ mysql -u wordpress -p ~$ mysql> exit
create DB
~$ mysql -u root -p ~$ mysql> CREATE DATABASE wordpress;
verify DB creation
~$ mysql> SHOW DATABASES;
assign rights to wiki user for new database created
~$ mysql> GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY 'phpBBuserpassword' WITH GRANT OPTION; ~$ mysql> exit
verify permissions have been granted
~$ mysql -u wordpress -p ~$ mysql> SHOW GRANTS; +------------------------------------------------------------------------------------------------------------------+ | Grants for wordpress@localhost | +------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'wordpress'@'localhost' IDENTIFIED BY PASSWORD '*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' | | GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wordpress'@'localhost' WITH GRANT OPTION | +------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)
Download Wordpress
download the latest version from their latest version URL
~$ wget http://wordpress.org/latest.tar.gz
probably would be a good idea to rename the tarball as it's not very descriptive
~$ $ mv ./latest.tar.gz ./wordpress4.0.tar.gz
As of 10/4/2014 There are no MD5 or GPG verification methods to make sure the copy you've downloaded hasn't been tampered with. Maybe one day the devs of WordPress can join the rest of the Dev community and start taking security seriously.
create your site's directory where wordpress will live. If you're using a subsite design make sure to create the directories in the same path structure.
~$ mkdir /var/www/yoursite.com/
make sure your apache user has appropriate permissions to write to this directory
~$ chown www-data:www-data /var/www/yoursite.com/
export the downloaded tar to the site directory
~$ tar -C /var/www/yoursite.com/ -zxf wordpress4.0.tar.gz
this will create a directory called wordpress. If you dont want this and prefer the wordpress files to live in the parent directory, i'd instead do it this way
~$ tar -C /home/admin/ -zxf wordpress4.0.tar.gz ~$ sudo cp -r /home/admin/wordpress/* /var/www/yoursite.com/
Configure WordPress
config.php
within the wordpress directory, or your site directory, copy the sample config file so it becomes the base wp config file
~$ cp wp-config-sample.php wp-config.php
edit the config file to add DB info. You can also make other changes if you like, but they are not needed in a default install.
~$ vi wp-config.php ... // ** MySQL settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define('DB_NAME', 'database_name_here'); /** MySQL database username */ define('DB_USER', 'username_here'); /** MySQL database password */ define('DB_PASSWORD', 'password_here'); /** MySQL hostname */ define('DB_HOST', 'localhost'); /** Database Charset to use in creating database tables. */ define('DB_CHARSET', 'utf8');
it would also be a good idea to SALT your authentication and cookies. go to https://api.wordpress.org/secret-key/1.1/salt/ and it will auto generate random salts. You can change these at any time to invalidate all cookies given out forcing users to log back in.
edit wp-config.php
define('AUTH_KEY', 'mMHx%-{<+&.P~c27Yw;jQ*,bp*%W4vPF#/vo_[Q`My07j*zXj27PRumC-|4mhCV)'); define('SECURE_AUTH_KEY', 'cu#`Jh,?^}jh%~#NE/:hzB<iCMf$@D| 4/ov|-OHrA=`/%? k15|T}k^kl2%ZaGP'); define('LOGGED_IN_KEY', 'w!Ur~brqVe~B]-M^^YQ]gc[oo9oKsg.M//TH=k#mf_#Kq>AKbMih|B(8yuE`~dlI'); define('NONCE_KEY', '(+1vx]Q;)%&3Z}j1[${Q#/F5i465kTrOEG{hyM<|dv hfV2U%|@M6m|Fn9EnE1}^'); define('AUTH_SALT', 'W((kWAX/0`-VZ`#30)0]:&D}c0KZg|aMhF5=L6wtJotRA2}DeD;,(YC_m67aq) W'); define('SECURE_AUTH_SALT', 'D?fyi DhO&98g,R^+h[= XyeEp+Y?WcNDUv@!:1^PoNUD4xa|ko/a}mK*0i!w3{b'); define('LOGGED_IN_SALT', '}=JeV6A!uhkMC2hYH2Bwr-ME%|nnr!rvPH9Lt/S8Z%i>Z5s=<%x4F[NsUl3`Q.m{'); define('NONCE_SALT', 'H4{=At.DFY+rUv{~L|fKbn/]W_UY-`EcUc`Su$LU|wdI@qi/>*z~g!qB+;/K|asG');
file/folder changes
installation instructions say to give the sudo user (in this example its demo) and the apache user ownership of all the wordpress files and folders
~$ sudo chown -R demo:www-data /var/www/yoursite.com/*
if you have other installations, like phpBB and mediawiki, that you dont want to mess the permissions up on, remove the -R and it will only change ownership within the parent directory. figure out what those directory permissions are first and make note of them.
~$ ls /var/www/yoursite.com/ drwxr-xr-x 13 root root 4096 Oct 2 01:53 forums drwxr-xr-x 13 root root 4096 Oct 2 01:53 wiki ~$ sudo chown demo:www-data /var/www/yoursite.com/*
change the permissions on your other installations back to what they were
~$ sudo chown root:root /var/www/yoursite.com/forums ~$ sudo chown root:root /var/www/yoursite.com/wiki
finish setting the permissions for wordpress folders and subdirectories
~$ sudo chown -R r00t:www-data ./wp-admin/ ~$ sudo chown -R r00t:www-data ./wp-content/ ~$ sudo chown -R r00t:www-data ./wp-includes/
create the upload directory and assign permissions
~$ mkdir /var/www/yoursite.com/wp-content/uploads ~$ sudo chown :www-data /var/www/html/wp-content/uploads
Apache Configuration
If you've already got a site setup, you may already have apache configure. If not, it's fairly easy.
If you're going with a subsite configuration, the virutalhost file is going to be simple and only point to the site's root directory ~$ sudo vi /etc/apache2/sites-available/yoursite.com.conf add: <VirtualHost *:80> ServerName yoursite.com ServerAdmin [email protected] DocumentRoot /var/www/yoursite.com TransferLog /var/log/apache2/yoursite.com-access_log ErrorLog /var/log/apache2/yoursite.com-error_log </VirtualHost>
let's go ahead and restart apache2
~$ sudo service apache2 restart * Restarting web server apache2 ...done.
Setup Wordpress Admin
Now its time to setup the WordPress admin account through the webpage. This is as easy as going to your site's webpage
http://server_domain_name_or_IP
From here, you'll be asked to fill out the following information:
- Site Title
- Username
- Password
Once you input the above information and hit "Install WordPress", you're pretty much done.
Next it's a good idea to log in and verify that your credentials work. If you can, you can stop here as you're done!
optional: change dynamic url structure to pretty permalinks
add the following to your apache site config
~$ cd /etc/apache2/sites-available/ ~$ sudo vi yoursite.conf <Directory /var/www/dev.vwconclave.com/> AllowOverride All </Directory>
if you haven't already, enable the rewrite module for apache2
~$ sudo a2enmod rewrite
Restart apache2
~$ sudo service apache2 restart * Restarting web server apache2 ...done.
create .htaccess file and set permissions
~$ touch /var/www/yoursite.com/.htaccess ~$ sudo chown :www-data /var/www/yoursite.com/.htaccess ~$ chmod 664 /var/www/yoursite.com/.htaccess
Once WordPress is done configuring the .htaccess file, you can reset the permissions for a slight security gain
~$ chmod 644 /var/www/yoursite.com/.htaccess