|
|
| (2 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| =Installing= | | =security scan= |
|
| |
|
| Following the five minute installation process: https://codex.wordpress.org/Installing_WordPress#Famous_5-Minute_Install
| | https://www.tecmint.com/wpseku-wordpress-vulnerability-security-scanner/ |
|
| |
|
| Downloaded the zip file
| |
|
| |
|
| Copied the zip file to the server
| |
|
| |
|
| Unzipped the zip file and put it in a wordpress folder along with other web/htdocs stuff
| | And now for something completely different: [[Metasploitable/VSFTP]] |
|
| |
|
| ==Database Prep==
| |
|
| |
|
| I already had a few existing databases from prior WP installations, so I had to figure out what was there and if anything needed to be cleaned out, or whatever.
| |
|
| |
|
|
| |
| ==Apache Configuration==
| |
|
| |
| Block everyone from reaching root file directory:
| |
|
| |
| <pre>
| |
| <Directory />
| |
| Options FollowSymLinks
| |
| AllowOverride None
| |
| Require all denied
| |
| </Directory>
| |
| </pre>
| |
|
| |
| Allow stuff on a directory by directory basis:
| |
|
| |
| <pre>
| |
| <Directory /usr/share>
| |
| AllowOverride None
| |
| Require all granted
| |
| </Directory>
| |
| </pre>
| |
|
| |
| wordpress specific directives:
| |
|
| |
| <pre>
| |
| # =================
| |
| # wordpress
| |
| Alias /wordpress /www/wordpress
| |
|
| |
| <Directory "/www/wordpress">
| |
|
| |
| AllowOverride All
| |
| Require all granted
| |
| Options FollowSymLinks
| |
|
| |
| </Directory>
| |
| </pre>
| |
|
| |
| =FTP issues=
| |
|
| |
| Getting tired of fixing these problems over and over.
| |
|
| |
| ==Set up FTP on your WP server==
| |
|
| |
| install/run vsftpd on Unix
| |
|
| |
| change <code>/etc/vsftpd.conf</code> to include the following line at the end:
| |
|
| |
| <pre>
| |
| listen_port=21
| |
| </pre>
| |
|
| |
| You could also change the port number that Wordpress uses.
| |
|
| |
| Once that's done, and you go to update something in Wordpress, you can give it your usual login credentials (your Unix username/password) and everything should work.
| |
|
| |
| If not, you may have a permissions problem with your server - wherever Wordpress is trying to install its extensions or updates. In that case, use chmod/chown to change ownership of your Wordpress content folder:
| |
|
| |
| <pre>
| |
| sudo chown -R charles:charles /www/wordpress/wp-content
| |
| </pre>
| |
|
| |
| ==FTP permissions==
| |
|
| |
| For a while there, I was having problems updating plugins from the WP admin panel. The problem was a permissions problem, and these are the notes on it.
| |
|
| |
| To be able to use FTP through the Wordpress admin panel, you'll need to give your web user write access to plugins. Here's what that means:
| |
|
| |
| Your web user is probably <code>www-data</code>. It depends on the web server you're using.
| |
|
| |
| Your plugins directory is in <code>/path/to/wordpress/wp-content/plugins</code>. If you install the foobar plugin in WP, it will create a folder in <code>/path/to/wordpress/wp-content/plugins/foobar</code> with the plugin. So to create/update/delete plugins from the WP admin panel, the web user has to be able to do those things.
| |
|
| |
| In practice, this means you can either make the web user the owner of the files, or you can add them to the web user's group and let anyone in the web user group edit them. I am doing the second case. I fixed this issue would be a sequence of commands like:
| |
|
| |
| <source lang="bash">
| |
| cd /path/to/wordpress/wp-content/
| |
| sudo chgrp -R www-data plugins/
| |
| sudo chmod -R g+w plugins/
| |
| </source>
| |
|
| |
| ==Vsftpd for Wordpress==
| |
|
| |
| Here's a link to my [[Vsftpd]] page, where I discuss setting up vsftpd as an FTP server for Wordpress.
| |
|
| |
|
|
| |
|
| [[Category:Wordpress]] | | [[Category:Wordpress]] |
| [[Category:PHP]] | | [[Category:PHP]] |