Version 6 (modified by 7 years ago) (diff) | ,
---|
Multi Site WordPress
This article describes what I did to set up a multi site Wordpress system running CentOS 7 using the RPM's available from EPEL.
yum install httpd wordpress mariadb-server systemctl enable mariadb systemctl enable httpd
Initiate and harden mariadb
mysql_secure_installation
For production system it's best to say yes to all options except off course the password.
Create the database
mysql -u root -p CREATE DATABASE wordpress; CREATE USER wordpress@localhost IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON wordpress.* TO wordpress@localhost IDENTIFIED BY 'password'; FLUSH PRIVILEGES; exit
Edit /etc/wordpress/wp-settings.php and include new salts generated here: https://api.wordpress.org/secret-key/1.1/salt/
Put in the following snippet before /* That's all, stop editing! Happy blogging. */
define( 'WP_ALLOW_MULTISITE', true ); define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', 'dev.jorritsma.cc'); define('PATH_CURRENT_SITE', '/'); define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('COOKIE_DOMAIN', $_SERVER['HTTP_HOST']);
Edit the WordPress configuration for Apache in /etc/httpd/conf.d/wordpress:
<VirtualHost *:80> ServerName dev.jorritsma.cc # network host #LogLevel debug DocumentRoot /usr/share/wordpress <Directory /usr/share/wordpress> AllowOverride Options <IfModule mod_authz_core.c> # Apache 2.4 #Require local Require all granted </IfModule> <IfModule mod_rewrite.c> # add a trailing slash to /wp-admin RewriteRule ^wp-admin$ wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^(wp-(content|admin|includes).*) $1 [L] RewriteRule ^(.*\.php)$ $1 [L] RewriteRule . index.php [L] </IfModule> </Directory> <Directory /usr/share/wordpress/wp-content/plugins/akismet> <FilesMatch "\.(php|txt)$"> Order Deny,Allow Deny from all </FilesMatch> </Directory> # stop the xmlrpc spam / ddos <Files "xmlrpc.php"> Order Deny,Allow Deny from all </Files> <Directory /usr/share/wordpress/wp-admin> <IfModule mod_authz_core.c> # Apache 2.4 Require local #Require ip 83.162.221.129 Require all granted </IfModule> </Directory> </VirtualHost>
SSL certificates
It's nowadays easy to get valid SSL certificates if you chose for letsencrypt.org certificates. The certificates are free, and renewal can be fully automated.
yum install certbot-apache
Mke sure certbot can read the contents of /.well-known/acme-challenge/ by adding the following line to the apache configuration
Alias /.well-known/acme-challenge/ /var/www/html/.well-known/acme-challenge/