-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall.txt
More file actions
133 lines (112 loc) · 4.1 KB
/
install.txt
File metadata and controls
133 lines (112 loc) · 4.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# WordPress Linux Installation Script - Updated 2025
# Run as root (sudo su)
# Initial Setup
hostnamectl set-hostname xxxx.xxxx.xx
apt update && apt upgrade -y
apt -y install net-tools sudo wget curl unzip bash-completion git
# Web Server & Database
apt -y install apache2
apt -y install mariadb-server mariadb-client
systemctl start mariadb
mysql_secure_installation
# PHP Installation (8.3 with latest extensions)
apt install software-properties-common apt-transport-https -y
apt install -y php php8.3-{cli,common,curl,mbstring,igbinary,imagick,intl,xml,zip,apcu,memcached,opcache,redis,ssh2,mysqli,fpm}
# Apache Modules
a2enmod rewrite ssl headers http2
systemctl restart apache2
# HTTP Configuration
nano /etc/apache2/sites-enabled/000-default.conf
# Add the following inside <VirtualHost *:80>:
# <Directory /var/www/html>
# Options Indexes FollowSymLinks MultiViews
# AllowOverride All
# Require all granted
# </Directory>
# HTTPS Configuration
nano /etc/apache2/sites-available/default-ssl.conf
# Add the following inside <VirtualHost *:443>:
# <Directory /var/www/html>
# Options Indexes FollowSymLinks MultiViews
# AllowOverride All
# Require all granted
# </Directory>
# SSLEngine on
# SSLCertificateFile /path/to/signed_cert_and_intermediate_certs
# SSLCertificateKeyFile /path/to/private_key
# Protocols h2 http/1.1
# Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
# Header always set X-Frame-Options DENY
# Header always set X-Content-Type-Options nosniff
# Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Modern SSL/TLS Configuration
# Add to /etc/apache2/mods-available/ssl.conf:
# SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
# SSLHonorCipherOrder off
# SSLSessionTickets off
# SSLUseStapling On
# SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
# Enable SSL site
a2ensite default-ssl.conf
# Test and restart
apache2ctl -t
systemctl restart apache2.service mariadb.service
systemctl enable apache2.service mariadb.service
# SSL Certificate Setup (Let's Encrypt)
apt-get -y install certbot python3-certbot-apache
certbot --authenticator webroot --installer apache
# Auto-renewal via cron
crontab -e
# Add: 0 2 * * * certbot renew --quiet >> /var/log/letsencrypt.log
# WordPress Installation
mysql -u root -p
# Execute in MySQL:
# CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'secure_password_here';
# CREATE DATABASE wordpress;
# GRANT ALL ON `wordpress`.* TO `wpuser`@`localhost`;
# FLUSH PRIVILEGES;
# exit;
# Download and extract WordPress
cd /tmp
wget https://wordpress.org/latest.tar.gz
tar xpzf latest.tar.gz
# Setup WordPress directory
rm -rf /var/www/html
cp -r wordpress /var/www/html
chown -R www-data:www-data /var/www/html
find /var/www/html -type d -exec chmod 755 {} \;
find /var/www/html -type f -exec chmod 644 {} \;
# Configure WordPress
cd /var/www/html
cp wp-config-sample.php wp-config.php
nano wp-config.php
# Update the following with your database credentials:
# define('DB_NAME', 'wordpress');
# define('DB_USER', 'wpuser');
# define('DB_PASSWORD', 'secure_password_here');
# define('DB_HOST', 'localhost');
# Generate security keys and salts (uncomment and replace in wp-config.php):
# https://api.wordpress.org/secret-key/1.1/salt/
# Set proper permissions for security
chmod 644 /var/www/html/wp-config.php
chmod 600 /var/www/html/.htaccess
# Optimize PHP for WordPress
nano /etc/php/8.3/apache2/php.ini
# Recommended settings:
# memory_limit = 256M
# upload_max_filesize = 64M
# post_max_size = 64M
# max_execution_time = 300
# opcache.enable = 1
# opcache.memory_consumption = 128
# Restart services
systemctl restart apache2.service php8.3-fpm.service
# Complete WordPress setup
# Navigate to https://your-domain.com in your browser and complete the installation wizard
# Post-Installation Security
# 1. Remove default Apache index page (if not already done)
# 2. Set up automatic backups
# 3. Install WordPress security plugins (Wordfence, Sucuri, etc.)
# 4. Disable XML-RPC if not needed
# 5. Keep WordPress, themes, and plugins updated
# 6. Consider setting up a WAF (Web Application Firewall)