WordPress/Installation

Revision as of 17:13, 4 October 2014

Installation done on a VM running Ubuntu 14.04LTS

Download required packages

On a LAMP setup make sure to download the standard packages

~$ sudo apt-get update && sudo apt-get install -y apache2 mysql-server php5-mysql php5 libapache2-mod-php5 php5-mcrypt 

If you already have LAMP installed, all WordPress needs is

~$ sudo apt-get update && sudo apt-get install -y php5-gd libssh2-php

Configure MySQL

login to db

~$ mysql -u root -p

Create mysql wordpress user

~$ mysql> CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'THISpasswordSHOULDbeCHANGED';
~$ mysql> exit

login as new user to verify account works

~$ mysql -u wordpress -p
~$ mysql> exit

create DB

~$ mysql -u root -p
~$ mysql> CREATE DATABASE wordpress;

verify DB creation

~$ mysql> SHOW DATABASES;

assign rights to wiki user for new database created

~$ mysql> GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY 'phpBBuserpassword' WITH GRANT OPTION;  
~$ mysql> exit

verify permissions have been granted

~$ mysql -u wordpress -p
~$ mysql> SHOW GRANTS;
+------------------------------------------------------------------------------------------------------------------+
| Grants for wordpress@localhost                                                                                   |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wordpress'@'localhost' IDENTIFIED BY PASSWORD '*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' |
| GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wordpress'@'localhost' WITH GRANT OPTION                               |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

Download Wordpress

download the latest version from their latest version URL

~$ wget http://wordpress.org/latest.tar.gz

probably would be a good idea to rename the tarball as it's not very descriptive

~$ $ mv ./latest.tar.gz ./wordpress4.0.tar.gz

As of 10/4/2014 There are no MD5 or GPG verification methods to make sure the copy you've downloaded hasn't been tampered with. Maybe one day the devs of WordPress can join the rest of the Dev community and start taking security seriously.

create your site's directory where wordpress will live. If you're using a subsite design make sure to create the directories in the same path structure.

~$ mkdir /var/www/yoursite.com/

make sure your apache user has appropriate permissions to write to this directory

~$ chown www-data:www-data /var/www/yoursite.com/

export the downloaded tar to the site directory

~$ tar -C /var/www/yoursite.com/ -zxf wordpress4.0.tar.gz

this will create a directory called wordpress. If you dont want this and prefer the wordpress files to live in the parent directory, i'd instead do it this way

~$ tar -C /home/admin/ -zxf wordpress4.0.tar.gz
~$ sudo cp -r /home/admin/wordpress/* /var/www/yoursite.com/

Configure WordPress

config.php

within the wordpress directory, or your site directory, copy the sample config file so it becomes the base wp config file

~$ cp wp-config-sample.php wp-config.php

edit the config file to add DB info. You can also make other changes if you like, but they are not needed in a default install.

~$ vi wp-config.php
...
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

it would also be a good idea to SALT your authentication and cookies. go to https://api.wordpress.org/secret-key/1.1/salt/ and it will auto generate random salts. You can change these at any time to invalidate all cookies given out forcing users to log back in.
edit wp-config.php

define('AUTH_KEY',         'mMHx%-{<+&.P~c27Yw;jQ*,bp*%W4vPF#/vo_[Q`My07j*zXj27PRumC-|4mhCV)');
define('SECURE_AUTH_KEY',  'cu#`Jh,?^}jh%~#NE/:hzB<iCMf$@D| 4/ov|-OHrA=`/%? k15|T}k^kl2%ZaGP');
define('LOGGED_IN_KEY',    'w!Ur~brqVe~B]-M^^YQ]gc[oo9oKsg.M//TH=k#mf_#Kq>AKbMih|B(8yuE`~dlI');
define('NONCE_KEY',        '(+1vx]Q;)%&3Z}j1[${Q#/F5i465kTrOEG{hyM<|dv hfV2U%|@M6m|Fn9EnE1}^');
define('AUTH_SALT',        'W((kWAX/0`-VZ`#30)0]:&D}c0KZg|aMhF5=L6wtJotRA2}DeD;,(YC_m67aq) W');
define('SECURE_AUTH_SALT', 'D?fyi DhO&98g,R^+h[= XyeEp+Y?WcNDUv@!:1^PoNUD4xa|ko/a}mK*0i!w3{b');
define('LOGGED_IN_SALT',   '}=JeV6A!uhkMC2hYH2Bwr-ME%|nnr!rvPH9Lt/S8Z%i>Z5s=<%x4F[NsUl3`Q.m{');
define('NONCE_SALT',       'H4{=At.DFY+rUv{~L|fKbn/]W_UY-`EcUc`Su$LU|wdI@qi/>*z~g!qB+;/K|asG');

file/folder changes

installation instructions say to give the sudo user (in this example its demo) and the apache user ownership of all the wordpress files and folders

~$ sudo chown -R demo:www-data /var/www/yoursite.com/*

if you have other installations, like phpBB and mediawiki, that you dont want to mess the permissions up on, remove the -R and it will only change ownership within the parent directory. figure out what those directory permissions are first and make note of them.

~$ ls /var/www/yoursite.com/
drwxr-xr-x 13 root     root      4096 Oct  2 01:53 forums
drwxr-xr-x 13 root     root      4096 Oct  2 01:53 wiki
~$ sudo chown demo:www-data /var/www/yoursite.com/*

change the permissions on your other installations back to what they were

~$ sudo chown root:root /var/www/yoursite.com/forums
~$ sudo chown root:root /var/www/yoursite.com/wiki

finish setting the permissions for wordpress folders and subdirectories

~$ sudo chown -R r00t:www-data ./wp-admin/
~$ sudo chown -R r00t:www-data ./wp-content/
~$ sudo chown -R r00t:www-data ./wp-includes/