Wordpress
WordPress (WP, or WordPress.org) is a web content management system. It was originally created as a tool to publish blogs but has evolved to support publishing other web content, including more traditional websites, mailing lists and Internet forum, media galleries, membership sites, learning management systems, and online stores. Available as free and open-source software, WordPress is among the most popular content management systems - it was used by 43.1% of the top 10 million websites as of December 2023.
WordPress is written in the PHP language and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as "Themes".
Prerequisites
- Working webserver with vhosts
- Working SQL server
Downloading
Go to https://wordpress.org/download/ and download your local version. Read the installation guide.
Installation
Unzip the file and move to the blog vhost.
# cd /srv/www/vhosts # mkdir -p blog.example.com/httpsdocs # cd /srv/www/vhosts/blog.example.com/httpsdocs/ # cp -R <path to wordpress unzipped dir>/* . # chown -R apache:apache * # cd .. # chcon -R -t httpd_sys_rw_content_t httpsdocs/ # cd /etc/httpd/conf/vhosts.d/ # cp vhosts.con blog.example.com.conf # vi blog.example.com.conf // Edit this file for your needs.
The vhosts.conf template is used and must be changed to your needs. Start with replacing example.com to your domain.
Adding access restrictions
The IP-addresses need to be yours. LAN segment addresses must be in it. IPv6 addresses are optional. Add external addresse for you workplaces or use a private VPN to your network.
# cd /etc/httpd/conf/vhosts.d/
# vi blog.example.com.conf
<Location /wp-login.php>
Require all denied
Require ip 192.168.1.0/24
Require ip 2a02:a465:54ef::/48
Require ip fe80::/10
</Location>
<Location /login> // This is for the "Theme my login" plugin.
Require all denied
Require ip 192.168.1.0/24
Require ip 2a02:a465:54ef::/48
Require ip fe80::/10
</Location>
Configuring
# cd /srv/www/vhosts/blog.example.com/httpsdocs # vi wp-config.php
Restarting the webserver
After you configure the server you need to restart the webserver.
# httpd -t # systemctl restart httpd
You need to add blog to your DNS example.com zone. Restart the DNS.
Open in your browser: blog.example.com and follow instructions.
If you cannot connect to the sql server make the account on it manual. See here
Test your blog with the standard theme. When this works you can change your theme and can start adding plug-ins.
Plugins
A list of must have plugins.
Theme My Login
Ever wished that your WordPress login page matched the rest of your site? Your wish has come true! Theme My Login allows you to bypass the default WordPress-branded login page that looks nothing like the rest of your site. Instead, your users will be presented with the login, registration and password recovery pages right within your theme. The best part? It works right out of the box, with no configuration necessary! Take back your login page, WordPress users!
Classic editor
If you want to code in html you need the classic editor. You can install it as a plugin.
Redis Object Cache
The Redis cache must be installed and running before you can use the plugin.
To use redis, login and add Redis Object Cache to the plugins.
Now open the wp-config.php file, for example via the File Manager in DirectAdmin or your favorite FTP program. Find the following line there:
/* That's all, stop editing! Happy publishing. */
Add the following lines above and save the changes:
define('WP_REDIS_PATH', '/run/redis/redis.sock');
define('WP_REDIS_SCHEME', 'unix');
//define('WP_REDIS_HOST', '127.0.0.1');
//define('WP_REDIS_PORT', '6379');
Wordfence Security
Wordfence is the most popular WordPress firewall and security scanner, protecting over 5 million websites worldwide from attackers targeting WordPress. Wordfence Free includes an endpoint firewall and malware scanner built from the ground up to protect WordPress. Wordfence Free receives firewall rules and malware signatures created by the industry-leading Wordfence Threat Intelligence team after a 30 day delay.
WP-Optimize
WP-Optimize is trusted by more than 1 million WordPress website owners to boost performance and reduce page load times to improve your site's user experiences and SERP rankings in Google.
Disable XML-RPC
This plugin disables XML-RPC API in WordPress 3.5+, which is enabled by default.