wiki:WordPress/MultiSite

Version 11 (modified by jorrit, 7 years ago) (diff)

--

Multi Site WordPress

This article describes what I did to set up a multi site Wordpress system running CentOS 7 using the RPM's available from EPEL.

yum install httpd wordpress mariadb-server
systemctl enable mariadb
systemctl enable httpd

Initiate and harden mariadb

mysql_secure_installation

For production system it's best to say yes to all options except off course the password.

Create the database

mysql -u root -p
CREATE DATABASE wordpress;
CREATE USER wordpress@localhost IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON wordpress.* TO wordpress@localhost IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
exit

Edit /etc/wordpress/wp-config.php and include new salts generated here: https://api.wordpress.org/secret-key/1.1/salt/

Put in the following snippet before /* That's all, stop editing! Happy blogging. */

define( 'WP_ALLOW_MULTISITE', true );
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', true);
define('DOMAIN_CURRENT_SITE', 'dev.jorritsma.cc');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);
define('COOKIE_DOMAIN', $_SERVER['HTTP_HOST']);

Edit the WordPress configuration for Apache in /etc/httpd/conf.d/wordpress:

<VirtualHost *:80>
  ServerName dev.jorritsma.cc # network host
  #LogLevel debug

  DocumentRoot /usr/share/wordpress
  <Directory /usr/share/wordpress>
    AllowOverride Options
    <IfModule mod_authz_core.c>
      # Apache 2.4
      #Require local
      Require all granted
    </IfModule>
   <IfModule mod_rewrite.c>
     # add a trailing slash to /wp-admin
     RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
     RewriteCond %{REQUEST_FILENAME} -f [OR]
     RewriteCond %{REQUEST_FILENAME} -d
     RewriteRule ^ - [L]
     RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
     RewriteRule ^(.*\.php)$ $1 [L]
     RewriteRule . index.php [L]
   </IfModule>
  </Directory>

  <Directory /usr/share/wordpress/wp-content/plugins/akismet>
    <FilesMatch "\.(php|txt)$">
      Order Deny,Allow
      Deny from all
    </FilesMatch>
  </Directory>

  # stop the xmlrpc spam / ddos
  <Files "xmlrpc.php">
    Order Deny,Allow
    Deny from all
  </Files>

  <Directory /usr/share/wordpress/wp-admin>
    <IfModule mod_authz_core.c>
      # Apache 2.4
      Require local
      #Require ip 83.162.221.129
      Require all granted
    </IfModule>
  </Directory>
</VirtualHost>

Cloudflare

Cloudflare offers DDOS protection, it also hides the real identity of your server

To get all your traffic directed through cloudflare the dns needs to be managed by them, so transfer these entries. Once that is done enable Edge Certificates for these domains, if you don't you'll have trouble getting the letsencrypt certificates and there will be funny ssl redirect errors for your site.

SSL certificates

it's easiest to rely on Cloudflare's edge SSL certificates.

Plugins

Backup-Scheduler

It requires write access to some files here is the selinux context:

semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex
semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex/backup-scheduler
semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex/inline_styles
semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex/inline_scripts
semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex/translations
semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/sedlex/log
semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/plugins/backup-scheduler/lang
semanage fcontext -a -t httpd_sys_rw_content_t /usr/share/wordpress/wp-content/plugins/backup-scheduler/readme.txt

cloudflare