How to Install WordPress on Ubuntu 18.04

Post Reply
User avatar
LHammonds
Site Admin
Site Admin
Posts: 712
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

How to Install WordPress on Ubuntu 18.04

Post: # 666Post LHammonds
Fri Jul 13, 2018 11:58 am

------------ PROJECT ON HOLD ------------
RE-DESIGNING FOR MULTI-SITE AND BETTER SECURITY

Greetings and salutations,

I hope this thread will be helpful to those who follow in my foot steps as well as getting any advice based on what I have done / documented.

This is a Work-In-Progress topic so I will be updating this thread as I learn more about Ubuntu and WordPress.

To discuss this thread, please participate here: >>> INSERT LINK <<<<

High-level overview

This thread will cover installation of a dedicated web server, Apache web service and a test and production WordPress web sites. The server will be installed inside a virtual machine running on VMware ESXi servers. If you have any advice on doing things better, please let me know. I love feedback and learning better ways of doing things!

Tools utilized in this process
Helpful links

The list below are sources of information that helped me configure this system as well as some places that might be helpful to me later on as this process continues.
Assumptions

This documentation will need to make use of some very-specific information that will most-likely be different for each person / location. And as such, I will note some of these in this section. They will be highlighted in red throughout the document as a reminder that you should plug-in your own value rather than actually using my "place-holder" value.

Under no circumstance should you use the actual values I list below. They are place-holders for the real thing. This is just a checklist template you need to have answered before you start the install process.

Wherever you see RED in this document, you need to substitute it for what your company uses. Use the list below as a template you need to have answered before you continue.
  • Web Server name: srv-wordpress
  • Fully-Qualified Domain Name (FQDN): wordpress.mydomain.com (Production)
  • Fully-Qualified Domain Name (FQDN): dev.mydomain.com (Development / Test)
  • Web Server IP address: 192.168.107.30
  • Web Server Admin ID: administrator
  • Web Server Admin Password: myadminpass
  • Email Server IP (remote): 192.168.107.25
  • Database Server IP (remote): 192.168.107.20
  • Database root Password: mydbrootpass
  • Production Database WordPress install user: wp-prod-installuser
  • Production Database WordPress install password: wp-prod-installuserpass
  • Production Database WordPress normal user: wp-prod-user
  • Production Database WordPress normal password: wp-prod-userpass
  • Test Database WordPress install user: wp-test-installuser
  • Test Database WordPress install password: wp-test-installuserpass
  • Test Database WordPress normal user: wp-test-user
  • Test Database WordPress normal password: wp-test-userpass
I also assume the reader knows how to use the VI editor. If not, you will need to beef up your skill set or use a different editor in place of it.

User avatar
LHammonds
Site Admin
Site Admin
Posts: 712
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Dedicated Server Installation

Post: # 667Post LHammonds
Fri Jul 13, 2018 11:59 am

Installation of Web Server

This documentation will assume you have installed Ubuntu Server according to this article: How To Install Ubuntu Server

Installation of Database Server

This documentation will assume you have installed a separate and dedicated MariaDB server according to this article: How To Install MariaDB

On your web server, be sure to add a host entry that points to your database server in /etc/hosts.
192.168.107.20 srv-database
You can install the database and web services on the same machine if necessary but it is best practice to keep them separated if possible.

User avatar
LHammonds
Site Admin
Site Admin
Posts: 712
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Database Creation

Post: # 668Post LHammonds
Fri Jul 13, 2018 12:00 pm

Configure MariaDB / MySQL

In this scenario, a dedicated and general-purpose database server already exists and it will be used to hold the production and test application databases.
  1. Connect to the database server using PuTTY.
  2. At the login prompt, login with your administrator account (administrator / myadminpass) and then temporarily grant yourself super user privileges by typing sudo su
  3. Type the following commands:
    mysql -u root -p Enter password: mydbrootpass
    CREATE DATABASE wp-prod CHARACTER SET utf8 COLLATE utf8_bin; CREATE USER 'wp-prod-installuser'@'%' IDENTIFIED BY 'wp-prod-installuserpass'; CREATE USER 'wp-prod-user'@'%' IDENTIFIED BY 'wp-prod-userpass'; GRANT ALL ON wp-prod.* TO 'wp-prod-installuser'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE ON wp-prod.* TO 'wp-prod-user'@'%'; FLUSH PRIVILEGES; exit
    The above commands will allow the database accounts to connect from any machine from anywhere in the world. This might be OK if your database is not accessible outside your local network or if your machine name changes or you have multiple servers that connect to the same database that use the same ID. You can make this more secure by specifying your application server when granting access. Make sure the database server will recognize the server name (via hosts file or DNS) or just use the IP address:
    CREATE USER 'wp-prod-installuser'@'srv-wordpress' IDENTIFIED BY 'wp-prod-installuserpass'; CREATE USER 'wp-prod-user'@'srv-wordpress' IDENTIFIED BY 'wp-prod-userpass'; GRANT ALL ON wp-prod.* TO 'wp-prod-installuser'@'srv-wordpress'; GRANT SELECT, INSERT, UPDATE, DELETE ON wp-prod.* TO 'wp-prod-user'@'srv-wordpress';
    or
    CREATE USER 'wp-prod-installuser'@'192.168.107.30' IDENTIFIED BY 'wp-prod-installuserpass'; CREATE USER 'wp-prod-user'@'192.168.107.30' IDENTIFIED BY 'wp-prod-userpass'; GRANT ALL ON wp-prod.* TO 'wp-prod-installuser'@'192.168.107.30'; GRANT SELECT, INSERT, UPDATE, DELETE ON wp-prod.* TO 'wp-prod-user'@'192.168.107.30';
    This will prevent anyone knowing the credentials from logging into the database from any other remote machine not specified in the grant command.

    If your application is running on the database server (typical on a developer machine / non-production scenario), create the user like this:
    CREATE USER 'wp-prod-installuser'@'localhost' IDENTIFIED BY 'wp-prod-installuserpass'; CREATE USER 'wp-prod-user'@'localhost' IDENTIFIED BY 'wp-prod-userpass'; GRANT ALL ON wp-prod.* TO 'wp-prod-installuser'@'localhost'; GRANT SELECT, INSERT, UPDATE, DELETE ON wp-prod.* TO 'wp-prod-user'@'localhost';
    This will prevent anyone knowing the credentials from logging into the database from any other remote machine.

    If you mess anything up, you can remove the database and user by issuing these commands:
    DROP USER wp-prod-installuser; DROP USER wp-prod-user; FLUSH PRIVILEGES; DROP DATABASE wp-prod;
  4. Whichever method you used to create the production database, do the same to create the test database along with the test credentials. Example:
    CREATE DATABASE wp-test CHARACTER SET utf8 COLLATE utf8_bin; CREATE USER 'wp-test-installuser'@'%' IDENTIFIED BY 'wp-test-installuserpass'; CREATE USER 'wp-test-user'@'%' IDENTIFIED BY 'wp-test-userpass'; GRANT ALL ON wp-test.* TO 'wp-test-installuser'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE ON wp-test.* TO 'wp-test-user'@'%'; FLUSH PRIVILEGES; exit

User avatar
LHammonds
Site Admin
Site Admin
Posts: 712
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Web Server Installation

Post: # 669Post LHammonds
Fri Jul 13, 2018 12:00 pm

Apache Web Server Installation

  1. Connect to the SRV-WordPress server using PuTTY.
  2. At the login prompt, login with your administrator account (administrator / myadminpass) and then temporarily grant yourself super user privilages by typing sudo su
  3. Type the following commands:

    Code: Select all

    apt-get -y install apache2 php7.2 libapache2-mod-php7.2 php7.2-mysql php-ssh2 php7.2-tidy php7.2-curl
    apt-get -y install php7.2-gd php7.2-xmlrpc php7.2-pspell php-imagick php7.2-imap php7.2-xsl
    phpenmod imap
    phpenmod json
    
  4. If you plan on utilizing email functions (and who doesn't!!!), type the following commands:

    Code: Select all

    apt-get -y install php-pear
    pear install mail
    pear install Net_SMTP
    
  5. Restart the Apache service:

    Code: Select all

    systemctl restart apache2
  6. Create a phpinfo file:

    Code: Select all

    touch /var/www/html/phpinfo.php
    chown www-data:www-data /var/www/html/phpinfo.php
    chmod 644 /var/www/html/phpinfo.php
    printf '<?php phpinfo(); ?>' >> /var/www/html/phpinfo.php
  7. To verify that Apache is running and working, open a web browser and go to http://192.168.107.30 and you should see a web page that says "It works!"
  8. To verify that PHP is running, open a web browser and go to http://192.168.107.30/phpinfo.php and you should see a long web page showing PHP configuration information along with a mysql and mysqli sections.
Add Web Site Icon

If you want a custom icon to show up to the left of URL in the address bar, you need to follow these steps.

  1. Create a 16x16 image that is 16 colors (4-bit) with dimensions of 16x16 pixels and save it as a .BMP file called favicon.bmp
  2. Use your favorite icon editor to convert the BMP image to an ICO file. (e.g. IrfanView)
  3. Copy favicon.ico to \\192.168.107.30\share
  4. Connect to the SRV-WordPress server using PuTTY.
  5. At the login prompt, login with your administrator account (administrator / myadminpass) and then temporarily grant yourself super user privilages by typing sudo su
  6. Type the following commands:

    Code: Select all

    mv /srv/samba/share/favicon.ico /var/www/html/.
    chown www-data:root /var/www/html/favicon.ico
    chmod 0755 /var/www/html/favicon.ico
    
  7. Edit /etc/apache2/sites-available/000-default.conf and add the following line:

    Code: Select all

    AddType image/x-icon .ico
    <Files favicon.ico>
        ErrorDocument 404 /favicon.ico
    </Files>
  8. Restart the Apache web service:

    Code: Select all

    service apache2 restart
  9. Once that is done, open a web browser and go to http://192.168.107.30 and refresh the page. You should see your icon to the left of the URL in the address bar.

User avatar
LHammonds
Site Admin
Site Admin
Posts: 712
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

WordPress Installation

Post: # 670Post LHammonds
Fri Jul 13, 2018 12:01 pm

Install WordPress

Now we are going to download the WordPress archive and extract it to our site and setup the correct permissions.

Code: Select all

cd /tmp
wget http://wordpress.org/latest.tar.gz
tar -xvzf /tmp/latest.tar.gz -C /var/www/html/
cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php
mkdir /var/www/html/wordpress/wp-content/uploads
chown www-data:root --recursive /var/www/html/*
find /var/www/html/. -type d -exec chmod 755 '{}' \+
find /var/www/html/. -type f -exec chmod 644 '{}' \+
chmod 0755 /var/www/html/favicon.ico
service apache2 restart
Configure WordPress

Only use the "install" user account when installing WordPress or upgrading it. When in normal operating mode, use the low-rights account that does not have the ability to alter the database.

We need to modify the configuration so it points to our database server with the correct database name and user credentials.
  1. Edit /var/www/html/wordpress/wp-config.php and make the following changes:
    define('DB_NAME', 'wordpress'); define('DB_USER', 'wordpressinstalluser'); define('DB_PASSWORD', 'wordpressinstalluserpass'); define('DB_HOST', 'srv-database');
  2. Open a web browser and go to http://192.168.107.30/wordpress
  3. You should see the initial "Welcome" page where you setup your initial settings. Do so and click the "Install WordPress" button at the bottom.

User avatar
LHammonds
Site Admin
Site Admin
Posts: 712
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Active Directory Authentication

Post: # 671Post LHammonds
Fri Jul 13, 2018 12:01 pm

Active Directory Authentication

I would like AD authentication to reduce the number of places where IDs and passwords are stored but chose not to do so because of the security risks noted in this article:

Apache and Active Directory

WordPress Plugins

Once you get logged into your WordPress dashboard, you might want to add a few plugins.

It is a simple matter of clicking on the "Plugins" link to the left on your dashboard and then click "Add New", find/select a plugin and then activate it.

Here are some plugins I like to use which suit my environment:
  • WP Mail SMTP by WPForms
  • TinyMCE Advanced by Andrew Ozz
  • TablePress by Tobias Bäthge
  • WordPress Gallery Plugin – NextGEN Gallery by Imagely
  • The Events Calendar by Modern Tribe, Inc.
  • AMP for WP – Accelerated Mobile Pages by Ahmed Kaludi, Mohammed Kaludi

User avatar
LHammonds
Site Admin
Site Admin
Posts: 712
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Web Developer Access

Post: # 672Post LHammonds
Fri Jul 13, 2018 12:02 pm

Web Developer Access

Let's say you have a user John Doe that needs access to the web files, here is how you can allow him access to upload files to the site.

Create a user called jdoe and set his home folder to the root of the web site and make him part of the group that the web service belongs to:

Code: Select all

sudo useradd -d /var/www/html -G www-data jdoe
Now set his password:

Code: Select all

sudo passwd jdoe
If jdoe already exists on your server, you can instead modify his account:

Code: Select all

sudo usermod -a -G www-data jdoe
If jdoe already exists, you probably don't want to mess with his existing home directory setting but if you do, this is how you do it:

Code: Select all

sudo usermod -d /var/www/html jdoe
The last thing to do is to make sure the web site is group-writable and to set the setgid sticky bit permission on the website's root directory to ensure any files created will inherit the group ID from the parent directory. That means when John Doe uploads an html file, it will belong to the www-data group which is the same as the web service and allows the web server to display that file rather than an access denied error.

Code: Select all

sudo chmod -R g+w /var/www/html
sudo chmod g+s /var/www/html

User avatar
LHammonds
Site Admin
Site Admin
Posts: 712
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Upgrade Manually

Post: # 673Post LHammonds
Fri Jul 13, 2018 12:02 pm

These notes are for upgrading a WordPress site in its current location.
  1. Backup the database

    Code: Select all

    mysqldump wordpress > /bak/2017-09-14-wordpress.sql
  2. Backup the web site files

    Code: Select all

    tar -cpzf /bak/2017-09-14-wordpress.tar.gz /var/www/html
  3. Get the latest version of WordPress

    Code: Select all

    cd /tmp
    wget https://wordpress.org/latest.zip
    tar xcf /tmp/latest.zip
  4. Deactivate plugins
  5. NOT FINISHED

User avatar
LHammonds
Site Admin
Site Admin
Posts: 712
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Migrate to New Host

Post: # 674Post LHammonds
Fri Jul 13, 2018 12:03 pm

Migrate Web Site to New Host

These are the steps to migrate your website to a new host (assuming the dedicated database remains on the same server).

This is what I do when upgrading the server operating system.

For example: Current production running on Ubuntu Server 14.04, new server setup on Ubuntu Server 16.04. This allows testing of the web site on a new OS, new web server, new PHP without risk of downtime if there are compatibility issues. Once everything checks out, it is a simple and quick matter of changing the server's IP address or updating the domain to point to the new IP.
  1. On the dedicated database server, backup the database. Even if you do not need to restore, it is always a good idea to ensure you have a recent backup.

    Code: Select all

    mysqldump wordpress > /bak/2017-09-14-wordpress.sql
  2. If you need to migrate the database as well, copy the .sql backup file to the new database server, create the database and import the .sql

    Code: Select all

    mysql
    SET sql_log_bin = 0;
    CREATE DATABASE wp-prod CHARACTER SET utf8 COLLATE utf8_bin;
    USE wp-prod;
    source /bak/2017-09-14-wordpress.sql
    exit
    
  3. On the old web server, backup the web site files

    Code: Select all

    tar -cpzf /bak/2017-09-14-wordpress.tar.gz /var/www/html
  4. Transfer the backup to the new server:

    Code: Select all

    scp /bak/2017-09-14-wordpress.tar.gz administrator@srv-wordpress2:/bak/.
  5. On the new web server, extract the archive:

    Code: Select all

    cd /
    tar -xzvf /bak/2017-09-14-wordpress.tar.gz
  6. Restore the web site file permissions:

    Code: Select all

    chown www-data:root --recursive /var/www/html/*
    find /var/www/html/. -type d -exec chmod 755 '{}' \+
    find /var/www/html/. -type f -exec chmod 644 '{}' \+
    chmod 0755 /var/www/html/favicon.ico
  7. If applicable, make sure to transfer over any Apache site config files located in /etc/apache2/sites-available/ and reload the configuration files:

    Code: Select all

    service apache2 reload
  8. Edit the network configuration of both servers and swap their IP addresses:

    Code: Select all

    vi /etc/network/interfaces
  9. If applicable, you can also change the internal name of the server if desired:

    Code: Select all

    vi /etc/hosts
    vi /etc/hostname
    

Post Reply