Documentation / Guide
Setting up a VPS server for WordPress
# Introduction
In this guide we will see how to quickly and easily setup a webserver for running your WordPress website.
We will be setting up Nginx, MariyaDB and PHP 7 on a Ubuntu server, then we will setup LMD and ClamAV to reduce malware infection and configure fail2ban to block these attempts to infect the website. Finally, we will see how to quickly setup S3 based WordPress backup.
So, let's gets started.
Thank you for your feedback. Your inputs, suggestions and feedback are extremely valuable and
help us serve our customers better
# Setting up the Server - Nginx, MySQL and PHP7 & Redis
Let's start by installing easyengine, it will help us setup rest of the things.
- wget -qO ee rt.cx/ee && sudo bash ee # install easyengine
- ee stack install
- ee stack remove --mysql
- nano /etc/apt/sources.list.d/ee-repo.list to edit the file and change the value from 10.1 to 10.2 for mariadb.
- ee stack install --mysql
- mysql -V
- you can get the root password at /etc/mysql/conf.d/my.cnf
- ee site create nxt.smartinstitute.net --wpfc --php7
- nano /etc/nginx/common/wpfc-php7.conf and add aw2_vsesssion in $http_cookie line.
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php -r "if (hash_file('SHA384', 'composer-setup.php') === '93b54496392c062774670ac18b134c3b3a95e5a5e5c8f1a9f115f203b75bf9a129d5daa8ba6a13e2cc8a1da0806388a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" php composer-setup.php php -r "unlink('composer-setup.php');"
mv composer.phar /usr/local/bin/composer
Let's make sure PHPMyAdmin is properly setup
cd /var/www/22222/htdocs/db/pma composer update --no-devNow let's setup Redis
- add-apt-repository ppa:chris-lea/redis-server
- apt-get update
- apt-get install redis-server php-redis
phpRedisAdmin
- mkdir /var/www/22222/htdocs/cache/redis && cd /var/www/22222/htdocs/cache/redis
- git clone https://github.com/ErikDubbelboer/phpRedisAdmin.git
- cd phpRedisAdmin
- git clone https://github.com/nrk/predis.git vendor
WordPress Object Cache
- cd /var/www/example.com/htdocs/wp-content
- wget https://raw.githubusercontent.com/alleyinteractive/wp-redis/master/object-cache.php
- chown www-data: object-cache.php
- nano /var/www/yourdomain.ltd/conf/nginx/xmlrpc.conf
- And to add the following content in this .conf file :
location = /xmlrpc.php { deny all; access_log off; log_not_found off; }Disbale Cache-Control This step is very specific for our use case (ie if you are using awesome studio plugin) , please ignore if not applicable to you.
- nano /etc/nginx/conf.d/fastcgi.conf
- On line number 9 you will find follwoing line
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
- repalce it with follwing line and save the file
fastcgi_ignore_headers Expires Set-Cookie;
- And run the command
service nginx reload
Thank you for your feedback. Your inputs, suggestions and feedback are extremely valuable and
help us serve our customers better
# Enable SSL
Let's enable SSL using letsencrypt
- ee site update nxt.smartinstitute.net --letsencrypt
- which ee #to find the exact path of ee
- crontab -e
- update cron line to 0 0 * * 0 /usr/local/bin/ee site update --le=renew --all 2>> /var/log/ee/renew.log # Renew all letsencrypt SSL cert. Set by EasyEngine
Thank you for your feedback. Your inputs, suggestions and feedback are extremely valuable and
help us serve our customers better
# Preventing Malware
We will be using Maldetect and ClamAV for virus and malware scaning to pervent infection on the server.
- wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
- tar -zxvf maldetect-current.tar.gz
- cd maldetect-1.6.2/
- ./install.sh
- apt-get install apparmor-utils
- apt-get install inotify-tools
- apt-get install clamav
- apt-get install clamav-daemon
- aa-complain clamd
- service clamav-daemon start
- nano /usr/local/maldetect/conf.maldet
- nano /usr/local/maldetect/monitor_paths
- nano /usr/local/maldetect/ignore_file_ext
- service maldet start
Thank you for your feedback. Your inputs, suggestions and feedback are extremely valuable and
help us serve our customers better
# Secure Your Server using Fail2ban
We use Fail2ban to parse log files and block IP address of malicious requests, just set up the fail2ban.
apt-get install fail2banAfter that simply add the following lines to jail.conf file.
jail.conf -------------- [wordpress] enabled = true port = http,https filter = wordpress-auth logpath = /var/log/nginx/access.log /var/log/nginx/wpoets.com.access.log maxretry = 2 bantime = 3600 [wordpress-extras] enabled = true port = http,https filter = wordpress-extras logpath = /var/log/nginx/access.log /var/log/nginx/wpoets.com.access.log maxretry = 1 bantime = 43200you will need to adjust the logpath above to point to actual log path on your server. maxretry is used to define the number of attempts before banning and bantime is used to define the number of seconds to ban the IP address. Now create wordpress-auth.conf and wordpress-extras.conf file within filter.d folder using code mentioned below, you can put your own regex pattern in failregex key.
wordpress-auth.conf --------------------- [Definition] failregex = <HOST>.*POST.*(wp-login\.php|xmlrpc\.php).* 403 <HOST>.*POST.*\/wp-content\/.*\.php ignoreregex =
wordpress-extras.conf ---------------------------- [Definition] failregex = <HOST>.*POST.*\/wp-content\/.*\.php <HOST>.*POST.*\/wp-includes\/js\/.*\.php <HOST>.*GET.*\/Purchase-2017 <HOST>.*GET.*\/Holidays-Card <HOST>.*GET.*\/Outstanding-INVOICE-VVX <HOST>.*GET.*\/oboskej <HOST>.*GET.*\/vlnoeiw <HOST>.*GET.*\/vlaofr <HOST>.*GET.*\/ljysix <HOST>.*GET.*\/journal\/y5eh2\.php <HOST>.*GET.*\/blnoitez <HOST>.*GET.*\/updatecorex\/ <HOST>.*GET.*\/wp-caches\.php <HOST>.*POST.*(wp-login\.php|xmlrpc\.php).* 499 <HOST>.*POST.*\/wp-includes\/images\/.*\.php <HOST>.*POST.*\/wp-admin\/css\/colors\/.*\.php <HOST>.*POST.*\/wp-includes\/rest-api\/fields\/.*\.php ignoreregex =Finally just restart fail2ban using
service fail2ban restartIn case you get an error while restarting, make sure you don't have the jail.local file, in case it is present make it blank.
Thank you for your feedback. Your inputs, suggestions and feedback are extremely valuable and
help us serve our customers better
# Setting Up Backup Strategy
Thank you for your feedback. Your inputs, suggestions and feedback are extremely valuable and
help us serve our customers better
# Quickly Creating Development Environment
Prerequisites
EasyEngine v3 or aboveCreate the wordpress site by using EasyEngine for EE3 Installing
ee site create example.com --wp
for EE4
ee site create example.com --type=wp --cache
Download this script
for EE3
wget "https://raw.githubusercontent.com/WPoets/aw-setup/master/ee3-setup.sh"
for EE4
wget "https://raw.githubusercontent.com/WPoets/aw-setup/master/ee4-setup.sh"
Make it executable
for EE3
chmod u+x ee3-setup.sh
for EE4
chmod u+x ee4-setup.sh
Use below command to configure any wordpress site with Awesome Enterprise for EE3 Running the Script
./ee3-setup.sh example.com
for EE4
./ee4-setup.sh example.com
After running this command this script will ask the redis database no. enter the appropriate database no.
To add new WP user this script will promt you to register new user. enter y to add new user and follow the procedure. Adding new WP user
To enable the admin tools enter y when this script ask to enable the admin tools. Enabling the EE Admin-Tools(Only available in EE4)
Thank you for your feedback. Your inputs, suggestions and feedback are extremely valuable and
help us serve our customers better