Difference between revisions of "Install WordPress"
| Line 112: | Line 112: | ||
Note that the <code>databasename</code>, <code>databasenameusername</code> and <code>databasenameusernamepassword</code> will be required for the WordPress configuration process. | Note that the <code>databasename</code>, <code>databasenameusername</code> and <code>databasenameusernamepassword</code> will be required for the WordPress configuration process. | ||
| − | == Install | + | ==Install WordPress == |
| − | + | Download and extract the latest version of WordPress. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
username@servername:~$ wget <nowiki>https://wordpress.org/latest.zip</nowiki> | username@servername:~$ wget <nowiki>https://wordpress.org/latest.zip</nowiki> | ||
username@servername:~$ unzip -d /var/www/example.com/public/ latest.zip | username@servername:~$ unzip -d /var/www/example.com/public/ latest.zip | ||
| Line 142: | Line 124: | ||
username@servername:~$ find /var/www/example.com/public/blog/ -type f | xargs chmod 664 | username@servername:~$ find /var/www/example.com/public/blog/ -type f | xargs chmod 664 | ||
username@servername:~$ sudo chown -R www-data /var/www/example.com/public/blog/ | username@servername:~$ sudo chown -R www-data /var/www/example.com/public/blog/ | ||
| − | |||
| − | |||
| − | === | + | Navigate to '''secure''' <tt><nowiki>https://www.example.com/blog/wp-admin/install.php</nowiki></tt> and follow the WordPress installation setup. |
| + | |||
| + | == Configure WordPress == | ||
| + | |||
| + | === Securing WordPress === | ||
| − | + | Edit <code>wp-config.php</code>: | |
| − | |||
| − | |||
username@servername:~$ nano /var/www/example.com/public/blog/wp-config.php | username@servername:~$ nano /var/www/example.com/public/blog/wp-config.php | ||
| − | |||
Note that if WordPress is installed to the root directory, <code>/var/www/example.com/public/wp-config.php</code> would be used. | Note that if WordPress is installed to the root directory, <code>/var/www/example.com/public/wp-config.php</code> would be used. | ||
| − | Above the line that reads <code>/* That's all, stop editing! Happy blogging. */</code>, add: | + | Above the line that reads <code>/* That's all, stop editing! Happy blogging. */</code>, add: |
| − | + | ||
define('FORCE_SSL_ADMIN', true); | define('FORCE_SSL_ADMIN', true); | ||
define('DISALLOW_FILE_EDIT', true); | define('DISALLOW_FILE_EDIT', true); | ||
| − | |||
<code>FORCE_SSL_ADMIN</code> forces the dashboard to always load through an encrypted session. | <code>FORCE_SSL_ADMIN</code> forces the dashboard to always load through an encrypted session. | ||
| Line 167: | Line 147: | ||
<code>DISALLOW_FILE_EDIT</code> prevents editing of PHP files from within WordPress, a potential security threat. | <code>DISALLOW_FILE_EDIT</code> prevents editing of PHP files from within WordPress, a potential security threat. | ||
| − | + | === Pretty URLs ==== | |
Log in to the WordPress dashboard. | Log in to the WordPress dashboard. | ||
| Line 173: | Line 153: | ||
Navigate to Settings->Permalinks and select the radio button 'Custom Structure'. There are many different configuration options, though probably the most popularly used is <tt>/%year%/%monthnum%/%day%/%postname%/</tt>. | Navigate to Settings->Permalinks and select the radio button 'Custom Structure'. There are many different configuration options, though probably the most popularly used is <tt>/%year%/%monthnum%/%day%/%postname%/</tt>. | ||
| − | + | === WordPress caching === | |
Caching will allow WordPress to perform considerably faster while reducing server load. | Caching will allow WordPress to perform considerably faster while reducing server load. | ||
| − | + | ==== Install [http://wordpress.org/plugins/apc/ APC Object Cache Backend] ==== | |
| + | |||
| + | Download the plugin, decompress it, and install it to the <code>/wp-content/</code> directory: | ||
| − | |||
| − | |||
username@servername:~$ wget <nowiki>https://downloads.wordpress.org/plugin/apc.2.0.6.zip</nowiki> | username@servername:~$ wget <nowiki>https://downloads.wordpress.org/plugin/apc.2.0.6.zip</nowiki> | ||
username@servername:~$ unzip apc.2.0.6.zip | username@servername:~$ unzip apc.2.0.6.zip | ||
username@servername:~$ mv apc/object-cache.php /var/www/example.com/public/blog/wp-content/ | username@servername:~$ mv apc/object-cache.php /var/www/example.com/public/blog/wp-content/ | ||
username@servername:~$ rm -rf {apc.2.0.6.zip,apc/} | username@servername:~$ rm -rf {apc.2.0.6.zip,apc/} | ||
| − | |||
Note that if WordPress is installed to the root directory, <code>/var/www/example.com/public/</code> would be used in the third step, and the same applies when installing Batcache. | Note that if WordPress is installed to the root directory, <code>/var/www/example.com/public/</code> would be used in the third step, and the same applies when installing Batcache. | ||
| − | + | ==== Install [http://wordpress.org/plugins/batcache/ Batcache] ==== | |
Download the plugin, decompress it, and install it to the <code>/wp-content/</code> directory and edit <code>wp-config.php</code>: | Download the plugin, decompress it, and install it to the <code>/wp-content/</code> directory and edit <code>wp-config.php</code>: | ||
| − | + | ||
username@servername:~$ wget <nowiki>https://downloads.wordpress.org/plugin/batcache.1.2.zip</nowiki> | username@servername:~$ wget <nowiki>https://downloads.wordpress.org/plugin/batcache.1.2.zip</nowiki> | ||
username@servername:~$ unzip batcache.1.2.zip | username@servername:~$ unzip batcache.1.2.zip | ||
| Line 198: | Line 177: | ||
username@servername:~$ sudo chown www-data /var/www/example.com/public/blog/wp-content/{object-cache.php,advanced-cache.php} | username@servername:~$ sudo chown www-data /var/www/example.com/public/blog/wp-content/{object-cache.php,advanced-cache.php} | ||
username@servername:~$ rm -rf {batcache.1.2.zip,batcache/} | username@servername:~$ rm -rf {batcache.1.2.zip,batcache/} | ||
| − | |||
===== Enable caching in <code>wp-config.php</code> ===== | ===== Enable caching in <code>wp-config.php</code> ===== | ||
| Line 204: | Line 182: | ||
Edit <code>wp-config.php</code>: | Edit <code>wp-config.php</code>: | ||
| − | |||
username@servername:~$ nano /var/www/example.com/public/wp-config.php | username@servername:~$ nano /var/www/example.com/public/wp-config.php | ||
| − | |||
Above the line that reads <code>/* That's all, stop editing! Happy blogging. */</code>, add: | Above the line that reads <code>/* That's all, stop editing! Happy blogging. */</code>, add: | ||
| − | + | ||
define('WP_CACHE', true); | define('WP_CACHE', true); | ||
| − | |||
====== Verify caching works ====== | ====== Verify caching works ====== | ||
| Line 217: | Line 192: | ||
Navigate to a blog page in a browser session that is not logged into WordPress and refresh the page several times. In the page source should be a message similar to: | Navigate to a blog page in a browser session that is not logged into WordPress and refresh the page several times. In the page source should be a message similar to: | ||
| − | |||
generated 13 seconds ago | generated 13 seconds ago | ||
generated in 0.047 seconds | generated in 0.047 seconds | ||
served from batcache in 0.000 seconds | served from batcache in 0.000 seconds | ||
expires in 287 seconds | expires in 287 seconds | ||
| − | |||
| − | + | === WYSIWYG editor blank === | |
Occasionally, installs of WordPress will result in a WYSIWYG editor that appears to not function, though it is actually functioning with white letters on a white background, and the buttons above the editor will not be present. If this happens, add <code>define('CONCATENATE_SCRIPTS', false );</code> above <code>/* That's all, stop editing! Happy blogging. */</code> in the <code>wp-config.php</code> file. | Occasionally, installs of WordPress will result in a WYSIWYG editor that appears to not function, though it is actually functioning with white letters on a white background, and the buttons above the editor will not be present. If this happens, add <code>define('CONCATENATE_SCRIPTS', false );</code> above <code>/* That's all, stop editing! Happy blogging. */</code> in the <code>wp-config.php</code> file. | ||
| − | + | === Plugins === | |
It is generally beyond the scope of this article to discuss plugins, though there are a few useful plugins which are generally desired by many users. | It is generally beyond the scope of this article to discuss plugins, though there are a few useful plugins which are generally desired by many users. | ||
| − | + | ==== Security ==== | |
The most common vectors for attack against WordPress come from old plugins. The WordPress.org plugin pages even warn users when a plugin has not been updated for over 2 years. | The most common vectors for attack against WordPress come from old plugins. The WordPress.org plugin pages even warn users when a plugin has not been updated for over 2 years. | ||
| Line 238: | Line 211: | ||
Another common vector is to brute force WordPress login sites. Installing a plugin such as [http://wordpress.org/plugins/limit-login-attempts/ Limit Login Attempts] can reduce the success rate of such attacks, and is particularly useful on sites with many users. | Another common vector is to brute force WordPress login sites. Installing a plugin such as [http://wordpress.org/plugins/limit-login-attempts/ Limit Login Attempts] can reduce the success rate of such attacks, and is particularly useful on sites with many users. | ||
| − | + | ==== Akismet ==== | |
[http://wordpress.org/plugins/akismet/ Akismet] is an anti-spam tool that is invaluable for sites that allow comments. It does require a WordPress.com user account to use and will report some site statistics back to WordPress.com. | [http://wordpress.org/plugins/akismet/ Akismet] is an anti-spam tool that is invaluable for sites that allow comments. It does require a WordPress.com user account to use and will report some site statistics back to WordPress.com. | ||
| − | + | ==== Minileven ==== | |
Minileven is a mobile theme developed for WordPress.com and made available to individual WordPress installations through the [http://wordpress.org/plugins/jetpack/ Jetpack plugin by WordPress.com]. To use this plugin, the server must integrate WordPress.com and will report back various statistics to them. For those not desiring to connect their servers to WordPress.com, it is still possible to install the theme. Install and enable the Jetpack plugin, then through the plugin Activate the Mobile Theme (Minileven), then disable the plugin. Add the Minileven theme to WordPress: | Minileven is a mobile theme developed for WordPress.com and made available to individual WordPress installations through the [http://wordpress.org/plugins/jetpack/ Jetpack plugin by WordPress.com]. To use this plugin, the server must integrate WordPress.com and will report back various statistics to them. For those not desiring to connect their servers to WordPress.com, it is still possible to install the theme. Install and enable the Jetpack plugin, then through the plugin Activate the Mobile Theme (Minileven), then disable the plugin. Add the Minileven theme to WordPress: | ||
| − | |||
username@servername:~$ cp -r /var/www/example.com/public/blog/wp-content/plugins/jetpack/modules/minileven/theme/pub/minileven/ /var/www/example.com/public/blog/wp-content/themes/ | username@servername:~$ cp -r /var/www/example.com/public/blog/wp-content/plugins/jetpack/modules/minileven/theme/pub/minileven/ /var/www/example.com/public/blog/wp-content/themes/ | ||
username@servername;~$ sudo chown -R www-data /var/www/example.com/public/blog/wp-content/themes/ | username@servername;~$ sudo chown -R www-data /var/www/example.com/public/blog/wp-content/themes/ | ||
| − | |||
Even though the plugin is disabled, WordPress will still notify through the dashboard of when the plugin has an update. After each update, copy the directory again to update Minleven, but note that the location of Minileven in the Jetpack plugin directory will change from time to time. | Even though the plugin is disabled, WordPress will still notify through the dashboard of when the plugin has an update. After each update, copy the directory again to update Minleven, but note that the location of Minileven in the Jetpack plugin directory will change from time to time. | ||
| Line 255: | Line 226: | ||
To accompany Minileven, install the [http://wordpress.org/plugins/device-theme-switcher/ Device Theme Switcher] plugin to tell WordPress which theme to serve to which devices. | To accompany Minileven, install the [http://wordpress.org/plugins/device-theme-switcher/ Device Theme Switcher] plugin to tell WordPress which theme to serve to which devices. | ||
| − | + | ==== Analytics tools ==== | |
| − | [http://piwik.org/ Piwik] is a powerful open source web analytics tool that can run on a server without using any outside services. Integrating Piwik into WordPress is easy with plugins such as [http://wordpress.org/plugins/wp-analytics-tracking/ WP Analytics Tracking], a very simple plugin to paste tracking code into a field which the plugin then adds to all WordPress pages. | + | [http://piwik.org/ Piwik] is a powerful open source web analytics tool that can run on a server without using any outside services. Integrating Piwik into WordPress is easy with plugins such as [http://wordpress.org/plugins/wp-analytics-tracking/ WP Analytics Tracking], a very simple plugin to paste tracking code (including the <code><noscript></code> image tracking code) into a field which the plugin then adds to all WordPress pages. |
| − | + | === Change default email sender === | |
| − | By default, WordPress will use the address of <tt>wordpress@example.com</tt> with the name <tt>WordPress</tt> to send emails from. This can be | + | By default, WordPress will use the address of <tt>wordpress@example.com</tt> with the name <tt>WordPress</tt> to send emails from. This can be changed through a number of methods, but perhaps the simplest is to add a statement to the <code>functions.php</code> file used by themes. For this to work, the code will have to be added to the <code>functions.php</code> file for every theme used by the site, and added again after a theme is upgraded. |
| − | |||
username@servername:~$ nano /var/www/example.com/public/blog/wp-content/themes/themename/functions.php | username@servername:~$ nano /var/www/example.com/public/blog/wp-content/themes/themename/functions.php | ||
| − | |||
Paste at the bottom of the file: | Paste at the bottom of the file: | ||
| − | + | ||
/** changing default wordpres email settings */ | /** changing default wordpres email settings */ | ||
| Line 281: | Line 250: | ||
return 'emailname'; | return 'emailname'; | ||
} | } | ||
| − | + | ||
| + | [[Category:PHP Web Packages]] | ||
== External links == | == External links == | ||
[http://arstechnica.com/information-technology/2012/12/web-served-part-5-a-blog-of-your-own/ A blog of your own | Ars Technica] | [http://arstechnica.com/information-technology/2012/12/web-served-part-5-a-blog-of-your-own/ A blog of your own | Ars Technica] | ||
Revision as of 20:33, 13 February 2014
WordPress is one of the most popular blogging platforms. It is a free, open-source software package developed in PHP by the WordPress Foundation. Over the years, so many plugins and add-ons have been developed for WordPress that it has become somewhat more of a content management system (CMS) than just a blogging platform. This article covers installing WordPress to a UNPM server.
WordPress can be installed to a website's root directory or to a sub-directory, referred to as /blog/ in this article. Installing to a subdirectory allows for using subdomains such as http://blog.example.com and for having a non-WordPress landing page for the website.
Nginx configuration
Create package-configs files
Create the package-configs files wordpress.conf and wordpress_https.conf:
username@servername:~$ sudo nano /etc/nginx/package-configs/wordpress.conf
Add the following:
location /blog/ {
try_files $uri $uri/ /blog/index.php?$args;
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
types { }
default_type text/plain;
}
location ~ (index|wp-comments-post|xmlrpc|wp-tinymce).*\.php$ {
include global-configs/php.conf;
}
location ~ wp-cron.php$ {
allow <server IP address>;
deny all;
include global-configs/php.conf;
}
location ~ \.php$ { deny all; }
}
The try_files $uri $uri/ /index.php?$args; directive setting will allow for 'pretty' URLs to work in WordPress.
The wp-cron.php file is necessary for WordPress to function properly, but it is not required that the file be publicly accessible. The <server IP address> should be the server's IP address. Note that WordPress will use an IPv6 address when one is assigned to the server. Check the /etc/hosts file to determine if one is assigned to the server. Also check the error logs regularly to determine if wp-cron.php or any other php file is being blocked when using and logging into WordPress.
Now create the corresponding https version:
username@servername:~$ sudo nano /etc/nginx/package-configs/wordpress_https.conf
Add the following:
location /blog/ {
try_files $uri $uri/ /blog/index.php?$args;
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
types { }
default_type text/plain;
}
location ~ (index|wp-comments-post|wp-login|xmlrpc|wp-tinymce|update-core|edit|post-new|edit-tags|post|profile|media-new|user-new|upload|edit-comments|comment|themes|customize|widgets|nav-menus|theme-install|plugins|admin|users|user-edit|tools|import|export|options-general|options-writing|options-reading|options-discussion|options-media|options-permalinks|media-upload).*\.php$ {
include global-configs/php_https.conf;
}
location ~ wp-cron.php$ {
allow <server IP address>;
deny all;
include global-configs/php_https.conf;
}
location ~ \.php$ { deny all; }
}
These conf files are based on WordPress 3.7.1 and no issues have yet been observed in 3.8.1. The configuration passes only the specific php files necessary to PHP-FPM for WordPress to function. If a page fails to load correctly and there are no errors in /var/www/example.com/logs/error.log, please post the issue to the UNPM server forums.
Edit sites-available file
Open the sites-available file for the domain:
username@servername:~$ sudo nano /etc/nginx/sites-available/example.com
In the HTTP server block, add:
include package-configs/wordpress.conf;
In the HTTPS server block, add:
include package-configs/wordpress_https.conf;
Test and Restart nginx
Test and restart nginx.
username@servername:~$ sudo nginx -t
username@servername:~$ sudo service nginx restart
Create WordPress database and database user
Create a WordPress database and database user:
username@servername:~$ sudo mysql -uroot -p
MariaDB [(none)]> create database databasename default character set utf8 default collate utf8_general_ci;
MariaDB [(none)]> grant all on databasename.* to 'databasenameusername'@'localhost' identified by 'databasenameusernamepassword';
MariaDB [(none)]> exit
Note that the databasename, databasenameusername and databasenameusernamepassword will be required for the WordPress configuration process.
Install WordPress
Download and extract the latest version of WordPress.
username@servername:~$ wget https://wordpress.org/latest.zip username@servername:~$ unzip -d /var/www/example.com/public/ latest.zip username@servername:~$ mv /var/www/example.com/public/wordpress /var/www/example.com/public/blog username@servername:~$ rm latest.zip username@servername:~$ find /var/www/example.com/public/blog/ -type d | xargs chmod 775 username@servername:~$ find /var/www/example.com/public/blog/ -type f | xargs chmod 664 username@servername:~$ sudo chown -R www-data /var/www/example.com/public/blog/
Navigate to secure https://www.example.com/blog/wp-admin/install.php and follow the WordPress installation setup.
Configure WordPress
Securing WordPress
Edit wp-config.php:
username@servername:~$ nano /var/www/example.com/public/blog/wp-config.php
Note that if WordPress is installed to the root directory, /var/www/example.com/public/wp-config.php would be used.
Above the line that reads /* That's all, stop editing! Happy blogging. */, add:
define('FORCE_SSL_ADMIN', true);
define('DISALLOW_FILE_EDIT', true);
FORCE_SSL_ADMIN forces the dashboard to always load through an encrypted session.
DISALLOW_FILE_EDIT prevents editing of PHP files from within WordPress, a potential security threat.
Pretty URLs =
Log in to the WordPress dashboard.
Navigate to Settings->Permalinks and select the radio button 'Custom Structure'. There are many different configuration options, though probably the most popularly used is /%year%/%monthnum%/%day%/%postname%/.
WordPress caching
Caching will allow WordPress to perform considerably faster while reducing server load.
Install APC Object Cache Backend
Download the plugin, decompress it, and install it to the /wp-content/ directory:
username@servername:~$ wget https://downloads.wordpress.org/plugin/apc.2.0.6.zip
username@servername:~$ unzip apc.2.0.6.zip
username@servername:~$ mv apc/object-cache.php /var/www/example.com/public/blog/wp-content/
username@servername:~$ rm -rf {apc.2.0.6.zip,apc/}
Note that if WordPress is installed to the root directory, /var/www/example.com/public/ would be used in the third step, and the same applies when installing Batcache.
Install Batcache
Download the plugin, decompress it, and install it to the /wp-content/ directory and edit wp-config.php:
username@servername:~$ wget https://downloads.wordpress.org/plugin/batcache.1.2.zip
username@servername:~$ unzip batcache.1.2.zip
username@servername:~$ mv batcache/advanced-cache.php /var/www/example.com/public/blog/wp-content/
username@servername:~$ sudo chown www-data /var/www/example.com/public/blog/wp-content/{object-cache.php,advanced-cache.php}
username@servername:~$ rm -rf {batcache.1.2.zip,batcache/}
Enable caching in wp-config.php
Edit wp-config.php:
username@servername:~$ nano /var/www/example.com/public/wp-config.php
Above the line that reads /* That's all, stop editing! Happy blogging. */, add:
define('WP_CACHE', true);
Verify caching works
Navigate to a blog page in a browser session that is not logged into WordPress and refresh the page several times. In the page source should be a message similar to:
generated 13 seconds ago generated in 0.047 seconds served from batcache in 0.000 seconds expires in 287 seconds
WYSIWYG editor blank
Occasionally, installs of WordPress will result in a WYSIWYG editor that appears to not function, though it is actually functioning with white letters on a white background, and the buttons above the editor will not be present. If this happens, add define('CONCATENATE_SCRIPTS', false ); above /* That's all, stop editing! Happy blogging. */ in the wp-config.php file.
Plugins
It is generally beyond the scope of this article to discuss plugins, though there are a few useful plugins which are generally desired by many users.
Security
The most common vectors for attack against WordPress come from old plugins. The WordPress.org plugin pages even warn users when a plugin has not been updated for over 2 years.
Another common vector is to brute force WordPress login sites. Installing a plugin such as Limit Login Attempts can reduce the success rate of such attacks, and is particularly useful on sites with many users.
Akismet
Akismet is an anti-spam tool that is invaluable for sites that allow comments. It does require a WordPress.com user account to use and will report some site statistics back to WordPress.com.
Minileven
Minileven is a mobile theme developed for WordPress.com and made available to individual WordPress installations through the Jetpack plugin by WordPress.com. To use this plugin, the server must integrate WordPress.com and will report back various statistics to them. For those not desiring to connect their servers to WordPress.com, it is still possible to install the theme. Install and enable the Jetpack plugin, then through the plugin Activate the Mobile Theme (Minileven), then disable the plugin. Add the Minileven theme to WordPress:
username@servername:~$ cp -r /var/www/example.com/public/blog/wp-content/plugins/jetpack/modules/minileven/theme/pub/minileven/ /var/www/example.com/public/blog/wp-content/themes/ username@servername;~$ sudo chown -R www-data /var/www/example.com/public/blog/wp-content/themes/
Even though the plugin is disabled, WordPress will still notify through the dashboard of when the plugin has an update. After each update, copy the directory again to update Minleven, but note that the location of Minileven in the Jetpack plugin directory will change from time to time.
To accompany Minileven, install the Device Theme Switcher plugin to tell WordPress which theme to serve to which devices.
Analytics tools
Piwik is a powerful open source web analytics tool that can run on a server without using any outside services. Integrating Piwik into WordPress is easy with plugins such as WP Analytics Tracking, a very simple plugin to paste tracking code (including the <noscript> image tracking code) into a field which the plugin then adds to all WordPress pages.
Change default email sender
By default, WordPress will use the address of wordpress@example.com with the name WordPress to send emails from. This can be changed through a number of methods, but perhaps the simplest is to add a statement to the functions.php file used by themes. For this to work, the code will have to be added to the functions.php file for every theme used by the site, and added again after a theme is upgraded.
username@servername:~$ nano /var/www/example.com/public/blog/wp-content/themes/themename/functions.php
Paste at the bottom of the file:
/** changing default wordpres email settings */
add_filter('wp_mail_from', 'new_mail_from');
add_filter('wp_mail_from_name', 'new_mail_from_name');
function new_mail_from($old) {
return 'address@example.com';
}
function new_mail_from_name($old) {
return 'emailname';
}