= Multi Site WordPress = This article describes what I did to set up a multi site Wordpress system running CentOS 7 using the RPM's available from EPEL. {{{ yum install httpd wordpress mariadb-server systemctl enable mariadb systemctl enable httpd }}} Initiate and harden mariadb {{{ mysql_secure_installation }}} For production system it's best to say yes to all options except off course the password. Create the database {{{ mysql -u root -p CREATE DATABASE wordpress; CREATE USER wordpress@localhost IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON wordpress.* TO wordpress@localhost IDENTIFIED BY 'password'; FLUSH PRIVILEGES; exit }}} Edit /etc/wordpress/wp-config.php and include new salts generated here: https://api.wordpress.org/secret-key/1.1/salt/ Put in the following snippet before /* That's all, stop editing! Happy blogging. */ {{{ define( 'WP_ALLOW_MULTISITE', true ); define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', 'dev.jorritsma.cc'); define('PATH_CURRENT_SITE', '/'); define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('COOKIE_DOMAIN', $_SERVER['HTTP_HOST']); }}} Edit the WordPress configuration for Apache in /etc/httpd/conf.d/wordpress: {{{ ServerName dev.jorritsma.cc # network host #LogLevel debug DocumentRoot /usr/share/wordpress AllowOverride Options # Apache 2.4 #Require local Require all granted # add a trailing slash to /wp-admin RewriteRule ^wp-admin$ wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^(wp-(content|admin|includes).*) $1 [L] RewriteRule ^(.*\.php)$ $1 [L] RewriteRule . index.php [L] Order Deny,Allow Deny from all # stop the xmlrpc spam / ddos Order Deny,Allow Deny from all # Apache 2.4 Require local #Require ip 83.162.221.129 Require all granted }}} == Cloudflare == Cloudflare offers DDOS protection, it also hides the real identity of your server To get all your traffic directed through cloudflare the dns needs to be managed by them, so transfer these entries. Once that is done enable Edge Certificates for these domains, if you don't you'll have trouble getting the letsencrypt certificates and there will be funny ssl redirect errors for your site. == SSL certificates == it's easiest to rely on Cloudflare's edge SSL certificates. == Plugins == === Backup-Scheduler * Free multisite backup solution * https://wordpress.org/plugins/backup-scheduler/ It requires write access to some files here is the selinux context: {{{ semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex/backup-scheduler semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex/inline_styles semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex/inline_scripts semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex/translations semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex/log semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/plugins/backup-scheduler/lang semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/plugins/backup-scheduler/readme.txt }}} === cloudflare === * https://wordpress.org/plugins/cloudflare/