WordpressDebian

Enter a topic name to show or a new topic name to create; then press Enter

Installation Overview

This document describes a full installation and all the settings. It also describes how to create a backup of all the critical Wordpress files including the database and how to move that backup to a new server. When creating a new server with the backup data available it is possible to skip a number of steps in the Initial Installation.

The important installation directories used by a Wordpress system are:

/etc/wordpress
/etc/apache
/var/lib/wordpress
/var/lib/mysql
/usr/share/wordpress
/srv/www/wp-content

The various configuration files that are important to a Wordpress system are

/etc/hosts
/etc/hostname
/etc/vsftpd.conf
/etc/apache2/apache2.conf
/etc/apache2/site-available/wordpress.conf
/etc/wordpress/htaccess
/etc/wordpress/config-dev.valcom.ca.php
/usr/share/wordpress/wp-config.php

When it is necessary to use an editor I assume that the one being used is vi, but any editor may be substituted.

Initial Installation

1. Ensure the computer name and hostname are correct. To do this you must edit /etc/hostname and /etc/hosts files. The /etc/hostname file should only have the word - valcom - in it. The /etc/hosts files should have the lines below somewhere in the file (there may be others). These lines are based on the website being on the domain: dev.valcom.ca

127.0.0.1  localhost
127.0.1.1  dev.valcom.ca valcom
209.217.102.150  dev.valcom.ca valcom

2. Install the LAMP stack, Wordpress and an FTP server in Debian 8.x (Jessie). The linux prompt used here is `# where the ~ portion represents the directory where the command is executed from.

 ~# apt-get install apache2 mysql-server php5 wordpress vsftpd 

Wordpress Permissions

3. Run the commands below to set ownership and permissions required for Wordpress system. (This step may be skipped if restoring from archived files)

~# chown -R www-data.www-data /usr/share/wordpress
~# chown -R www-data.www-data /var/lib/wordpress
~# chmod -R ug+rw,o-rw /usr/share/wordpress
~# chmod -R ug+rw,o-rw /var/lib/wordpress

Create Linux User

4. This will create the linux user valcom. Ensure you provide a strong password

~# useradd valcom
~# passwd valcom
~# useradd -G www-data valcom

Wordpress and MySQL Setup

5. This step creates the Wordpress User directories, named dev.valcom.ca, and creates the MySQL database for Wordpress, which will be named wp01. (This step may be skipped if restoring from archived files)

~# cd /usr/share/doc/wordpress/examples
/usr/share/doc/wordpress/examples# gzip -d mysql*
/usr/share/doc/wordpress/examples# bash ./mysql-setup -n wp01 dev.valcom.ca

6. Next the ownership and permissions need to be fixed for the Wordpress file

~# chown -R www-data.www-data /srv/www/wp-content/dev.valcom.ca/*
~# chmod -R ug+rw,o-rw /srv/www/wp-content/dev.valcom.ca/*

Create MySQL User for Wordpress

7. Perform this step if the user wp01User does not exist in the MySQL database. You will need the password for root in MySQL

~# mysql -u root -p
mysql> CREATE USER 'wp01User'@'localhost' IDENTIFIED BY 'valcom';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'wp01User'@'localhost';
mysql> FLUSH PRIVILEGES;

Apache Configuration

8. The apache configuration needs to be updated to loosen some security protections that would block requests to Wordpress

~# vi /etc/apache2/apache2.conf
	<Directory /usr/share>
	   AllowOverride All
	   Require all granted
	</Directory>
	<Directory /srv>
	   Options Indexes FollowSymLinks
	   AllowOverride All
	   Require all granted
	</Directory>

9. The next step is to enable Wordpress as the default apache site. The first part is to create the wordpress site.

~# vi /etc/apache2/sites-available/wordpress.conf
	<VirtualHost *:80>
	     ServerName dev.valcom.ca
	     UseCanonicalName Off
	     VirtualDocumentRoot /usr/share/wordpress
	     Options All
	     # wp-content in /srv/www/wp-content/$0
	     RewriteEngine On
	     RewriteRule ^/wp-content/(.*)$ /srv/www/wp-content/dev.valcom.ca/$1
	</VirtualHost>

10. Run the following commands in sequence to add the capability for apache to perform URL rewrites and support virtuals hosts, disable the default apache site, enable Wordpress as the new default and to restart apache.

~# a2dissite 000-default
~# a2ensite wordpress
~# a2enmod rewrite && a2enmod vhost_alias
~# service apache2 stop
~# service apache2 start

Wordpress Configuration

11. Edit the file /etc/wordpress/config-dev.valcom.ca.php

~# vi /etc/wordpress/config-dev.valcom.ca.php
<?php
define('DB_NAME', 'wp01');
define('DB_USER', 'wp01User');
define('DB_PASSWORD', 'valcom');
define('DB_HOST', 'localhost');
define('SECRET_KEY', 'vn972p5M1pB6LB0ftlxpZYVIRcY4IZRPHMhnI1JToL');
define(WP_CONTENT_DIR', '/srv/www/wp-content/dev.valcom.ca');
?>

12. Edit the file /etc/wordpress/htaccess

~# vi /etc/wordpress/htaccess

* Ensure the file has the following content where the single blog section is uncommented

## 
## Configuration for a single blog hosted on / (root of the website) 
## 
<IfModule mod_rewrite.c> 
RewriteEngine On 
RewriteBase / 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule . /index.php [L] 
</IfModule> 
## 
## Configuration for a multi-site wordpress installation using subdomains 
## <IfModule mod_rewrite.c> 
#RewriteEngine On 
#RewriteBase /example.com/
#RewriteBase / 
#RewriteRule ^index\.php$ - [L] 
# uploaded files 
#RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L] 
# real files dealt directly 
#RewriteCond %{REQUEST_FILENAME} -f [OR] 
#RewriteCond %{REQUEST_FILENAME} -d 
#RewriteRule ^ - [L] 
# other go through index.php 
#RewriteRule . index.php [L] 
#</IfModule> 

13. Edit the file /usr/share/wordpress/wp-config.php

~# vi /usr/share/wordpress/wp-config.php
<?php
/**
 * The base configurations of the WordPress.
 *
 * This file has the following configurations: MySQL settings, Table Prefix,
 * Secret Keys, WordPress Language, and ABSPATH. You can find more information
 * by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
 * wp-config.php} Codex page. You can get the MySQL settings from your web host.
 *
 * This file is used by the wp-config.php creation script during the
 * installation. You don't have to use the web site, you can just copy this file
 * to "wp-config.php" and fill in the values.
 *
 * @package WordPress
 */
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wp01');
/** MySQL database username */
define('DB_USER', 'wp01User');
/** MySQL database password */
define('DB_PASSWORD', 'valcom');
/** MySQL hostname */
define('DB_HOST', 'localhost');
/** FTP username */
define( 'FTP_USER', 'wp01ftp' );
/** FTP password */
define( 'FTP_PASS', 'valcom' );
/** FTP hostname */
define( 'FTP_HOST', 'localhost' );
/** FTP ssl */
define( 'FTP_SSL', false );

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',	 'NL(CCs8#[}sg}F` 2PBmhsqjyWv:XPUt^{jerK}qEZTwplL`.}}/F?9T_Il JvS}');
define('SECURE_AUTH_KEY',  'Y+u^)#@@InterWiki("nZ0", "Vp", "Vp")@@!)k5xk0m-?b+W{v8(*3@H!19+(f!2g0hd1]mzQ=-=249/$<.Ck`-');
define('LOGGED_IN_KEY',    'jCw+p_l|8c*^hc6yJRLSKZ?bu_pz<c3oTji)%]60I<Wx?g~N%cCF-D{~--;<R17k');
define('NONCE_KEY',	'~oDV*mVFB(^u`i:3O6a!}2wu?0B4hA`>Hr8n0P&6&yI!@_&F-rQQ(PWGDM1RKk+C');
define('AUTH_SALT',	'Vc7o!D49:1r,5p;:8x+|:KXy58_V^{vPe/.plK_Cs%J :v4E+Px!D?HKS78`<Pwc');
define('SECURE_AUTH_SALT', '.MnMLF_U,]f|(DNM~c#Z 6lVy^B06ZwP$Y$MtQ1tdJp%=}Ck}8O^6!R-9+;9-H.M');
define('LOGGED_IN_SALT',   'TQ3+dz&gr/?/6TbK3wz|f:!Kz`9[sg@?SY;|(AfOex|DqhwIGt~OQP YnBS^ [5_');
define('NONCE_SALT',       '}@<>Q4x3x/w%R`_<!.II_P7,c^=EpcTImQeA1CiCS?@0 64^8)dU@~qkp--p+MeJ');
/**#@-*/
/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each a unique
 * prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp_';
/**
 * WordPress Localized Language, defaults to English.
 *
 * Change this to localize WordPress.  A corresponding MO file for the chosen
 * language must be installed to wp-content/languages. For example, install
 * de.mo to wp-content/languages and set WPLANG to 'de' to enable German
 * language support.
 */
define ('WPLANG', '');
/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 */
define('WP_DEBUG', true);
/* That's all, stop editing! Happy blogging. */
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

FTP Setup

14. Edit the file /etc/vsftpd.conf

~# vi /etc/vsftpd.conf
anonymous_enable=NO 
local_enable=YES 
write_enable=YES 
chroot_local_user=YES 

15. Create the user wp01ftp using the commands below

~# useradd -d /srv/www/wp-content/cregor.com -G www-data -M -N USER 
~# passwd USER 

Archive Wordpress System

1. These commands archive a Wordpress system and store all all files and data in a directory ready to use on a new computer or to restore to an existing configuration. This backs up all Wordpress directories, the wordpress database and configuration files related to the Wordpress system.

~# cd Documents
/root/Documents# mkdir Wordpress_BK.2015-12-20
/root/Documents# cd Wordpress_BK.2015-12-20

Save Wordpress Directories

2. The following commands will archive all Wordpress directories, including permissions and symlinks

/root/Documents/Wordpress_BK.2015-12-20# tar -czvf usr_share_wp.tar.gz /usr/share/wordpress
/root/Documents/Wordpress_BK.2015-12-20# tar -czvf var_lib_wp.tar.gz /var/lib/wordpress
/root/Documents/Wordpress_BK.2015-12-20# tar -czvf srv_www_wp.tar.gz /srv/www/wp-content/dev.valcom.ca

Save Wordpress Database from MySQL

3. The following commands will save the Wordpress database used by MySQL

/root/Documents/Wordpress_BK.2015-12-20# tar -czvf var_lib_mysql.tar.gz /var/lib/mysql/wp01

Save Configuration Files

4. The following commands will copy all the required configuration files

/root/Documents/Wordpress_BK.2015-12-20# cp -a /etc/hosts hosts
/root/Documents/Wordpress_BK.2015-12-20# cp -a /etc/hostname hostname
/root/Documents/Wordpress_BK.2015-12-20# cp -a /etc/vsftpd.conf vsftpd.conf
/root/Documents/Wordpress_BK.2015-12-20# cp -a /etc/apache2/apache2.conf apache2.conf
/root/Documents/Wordpress_BK.2015-12-20# cp -a /etc/apache2/site-available/wordpress.conf wordpress.conf
/root/Documents/Wordpress_BK.2015-12-20# cp -a /etc/wordpress/htaccess htaccess
/root/Documents/Wordpress_BK.2015-12-20# cp -a /etc/wordpress/config-dev.valcom.ca.php config-dev.valcom.ca.php
/root/Documents/Wordpress_BK.2015-12-20# cp -a /usr/share/wordpress/wp-config.php wp-config.php

Restore Wordpress System from Archive

1. The commands here will restore a configured computer or move the wordpress system to a new computer. all permissions and symlinks will be restored from when the archive was created..

~# cd /root/Documents/Wordpress_BK.2015-12-20

Restore Wordpress Directories

2. The following commands will restore the Wordpress directories. Do not forget the h argument as this is what drives the permissions and symlinks to be correct

/root/Documents/Wordpress_BK.2015-12-20# tar -xhzvf /usr_share_wp.tar.gz 
/root/Documents/Wordpress_BK.2015-12-20# tar -xhzvf /var_lib_wp.tar.gz
/root/Documents/Wordpress_BK.2015-12-20# tar -xhzvf /srv_www_wp.tar.gz

Restore Wordpress Database

3. The following commands will restorethe Wordpress database used by MySQL

/root/Documents/Wordpress_BK.2015-12-20# tar -xhzvf var_lib_mysql.tar.gz

Restore Configuration Files

4. The following commands will copy all the required configuration files back to the original directories. The host and hostname files should only be copied on a new server

/root/Documents/Wordpress_BK.2015-12-20# cp -a hosts /etc/hosts
/root/Documents/Wordpress_BK.2015-12-20# cp -a hostname /etc/hostname
/root/Documents/Wordpress_BK.2015-12-20# cp -a vsftpd.conf vsftpd.conf /etc/vsftpd.conf
/root/Documents/Wordpress_BK.2015-12-20# cp -a apache2.conf /etc/apache2/apache2.conf
/root/Documents/Wordpress_BK.2015-12-20# cp -a wordpress.conf /etc/apache2/site-available/wordpress.conf
/root/Documents/Wordpress_BK.2015-12-20# cp -a htaccess /etc/wordpress/htaccess
/root/Documents/Wordpress_BK.2015-12-20# cp -a config-dev.valcom.ca.php /etc/wordpress/config-dev.valcom.ca.php
/root/Documents/Wordpress_BK.2015-12-20# cp -a wp-config.php /usr/share/wordpress/wp-config.php

Make the New Configuration Active

1. If the /etc/hosts or /etc/hostname files were copied the system must be rebooted. Otherwise it is enough to start and stop apache and MySQL

~# service apache2 stop
~# service apache2 start
~# service mysql stop
~# service mysql start

Wordpress system Hardening

TBD


Version: 32   Revised: 2015-12-08 15:35:28 Last Updated by: 2001:470:b0ad:1:e5b6:2d69:3897:336a Rename Show Links to Topic