WordPress Installation
1 Aim
Install the content management system (CMS) WordPress
Environment
2 Prerequisites
2.1 LAMP
- Install the RPM task-lamp, which is a meta package for the Linux, Apache, PHP and Perl server
2.2 Apache
2.2.1 Basic Installation
- Install the basic Apache RPMs (will set up Apache with all web files in /var/www)
- apache
- apache-commons-logging
- Tell the system to start Apache at boot time
- systemctl enable httpd.service --now
2.2.2 Multi Users
The UserDir module allows user-specific web pages to be located in their own home directories and then accessed using the http://site.url/~user syntax.
- Install the RPM apache-mod_userdir, which will add the userdir shared library (.so) to the system and create the following configuration files
- /etc/httpd/conf/modules.d/00_mod_userdir.conf
- (which contains the single instruction: LoadModule userdir_module modules/mod_userdir.so)
- /etc/httpd/conf/conf.d/userdir.conf
- As provided by the RPM, userdir.conf is not activated. To make it effective, enclose the instructions in there between the directive tags <IfModule mod_userdir.c> and </IfModule>
<IfModule mod_userdir.c> UserDir public_html <Directory "/home/*/public_html"> AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS </Directory> <Directory "/home/*/public_html/cgi-bin"> Options ExecCGI SetHandler cgi-script </Directory> </IfModule>
- Create the ~users/public_html subdirectories and give them adequate permissions (0755) as apache will need to access files in there; the ~users directories also need to be searchable by apache (+x)
- systemctl restart httpd.service
2.3 MariaDB
- Install the RPM mariadb
- systemctl enable mysqld.service --now
- mysql
- CREATE DATABASE wordpress;
- CREATE USER 'wpadm'@'localhost' IDENTIFIED BY password;
- GRANT ALL ON wordpress.* TO 'wpadm'@'localhost';
- FLUSH PRIVILEGES;
3 WordPress
3.1 Download
- cd /var/tmp ; curl https://wordpress.org/latest.tar.gz --output wordpress.tar.gz
- cd /var/www/html ; tar xf /var/tmp/wordpress.tar.gz ;
- chown -R apache:apache /var/www/html/wordpress ;
- chmod o-rwx /var/www/html/wordpress/wp-config.php
- cd ~user/public_html ; tar xf /var/tmp/wordpress.tar.gz ;
- chown -R apache:apache wordpress ;
- chmod o-rwx wordpress/wp-config.php
3.2 Installation
For a general installation (i.e. in /var/www/html/wordpress/), navigate your web browser to http://localhost/wordpress and follow the instructions of the installation wizard.
For user-specific installations (i.e. in ~user/public_html/wordpress/), execute the wizard with your browswer pointing to http://localhost/~user/wordpress.
3.3 Password
WordPress provides a mechanism to protect posts with a password, which can be used for controlling access to pages such as photo galleries. The password is managed through a persistent browser cookie valid for 10 days, which means that once the password is entered, WordPress won't require to re-input it for that period. Security-wise, this 10-day validity timeframe can be an issue and one may want to reduce it, or change the type of cookie from persistent to session (i.e. valid until all instances of the browser are closed).
Surprisingly, as per version 5.4.2, this is not configurable and the change can't be done from the WordPress GUI since the type of cookie and validity are hard-coded as shown below:
File: wp-login.php
$expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS); ... setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
Either decrease the persistent cookie validity timeframe, e.g. set it for an hour only:
$expire = apply_filters('post_password_expires', time() + 3600);
or make it a session cookie by commenting out the callback registration (apply_filters) and setting expire to zero:
// $expire = apply_filters('post_password_expires', time() + ...);
$expire = 0;