RedHat – WordPress Install

These steps are based on RedHat Server 64-bit

1. Download RedHat
2. Install RedHat
3. Configure RedHat
4. Install WordPress
5. Configure WordPress
6. Backup/Restore MySQL Database

Download RedHat

First we must download the RedHat DVD image, it is recommended to download straight from the official RedHat site.

For this document we will use RedHat 64-bit 7.2

Install RedHat

1. Load the computer with the DVD (created from the ISO) or VM with the ISO
2. Select the language (English & English (United States) then click the “Continue” button.
   
3. Select the “Network & Host Name”
   
   • Set Ethernet (or other network) to on
   • Name the server in “Host name” text box, by default it will say localhost.localdomain
   • For now click on the “Done” button in the top left
4. Select the “Date & Time”
   • Date & Time settings:
     
     You may need to toggle the “Network Time” on to off and back on for the network time server to update connection
   • Select your region and City
   • Click on the “Done” button in the top left
5. Select the “Installation Destination”
   Up to your discretion or company requirements (for this guide I have made assumptions):
   • Partitioning: “Automatically configure partitioning.”
     
6. Click on “Begin Installation”
7. Click on “Root Password”
   • Set and confirm the password
     
   • Click on the “Done” button in the top left
8. Click on “User Creation”
   • Fill out the Full name and user name
     
   • OPTIONAL: Check the check box to “Make this user administrator”
   • OPTIONAL BUT SUGGESTED: Keep the check box checked for “Require a password to use this account”
   • Set and confirm password
   • Click on the “Done” button in the top left
9. Click on the “Finish Configuration” button in the bottom right
10. Click on the “Reboot” button

Configure RedHat

1. Login to the server in Putty and connect to do the rest.
2. Register the server with RedHat

   sudo subscription-manager register --username <RedHat.com username> --password <RedHat.com password> --auto-attach
   sudo subscription-manager refresh
   

3. Run Yum Update

   sudo yum repolist
   sudo yum -y update
   

4. Install MariaDB

   sudo yum -y install mariadb-server mariadb
   sudo systemctl start mariadb.service
   sudo systemctl enable mariadb.service
   

   Configure Security Settings

   sudo /usr/bin/mysql_secure_installation
   

   Example is below, it is up to your discretion/company policy if remote root access should be allowed.

   [dkittell@localhost ~]$ sudo /usr/bin/mysql_secure_installation
   [sudo] password for dkittell:
   /usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
   
   NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
         SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
   
   In order to log into MariaDB to secure it, we'll need the current
   password for the root user.  If you've just installed MariaDB, and
   you haven't set the root password yet, the password will be blank,
   so you should just press enter here.
   
   Enter current password for root (enter for none):
   OK, successfully used password, moving on...
   
   Setting the root password ensures that nobody can log into the MariaDB
   root user without the proper authorisation.
   
   Set root password? [Y/n] y
   New password:
   Re-enter new password:
   Password updated successfully!
   Reloading privilege tables..
    ... Success!
   
   
   By default, a MariaDB installation has an anonymous user, allowing anyone
   to log into MariaDB without having to have a user account created for
   them.  This is intended only for testing, and to make the installation
   go a bit smoother.  You should remove them before moving into a
   production environment.
   
   Remove anonymous users? [Y/n] y
    ... Success!
   
   Normally, root should only be allowed to connect from 'localhost'.  This
   ensures that someone cannot guess at the root password from the network.
   
   Disallow root login remotely? [Y/n] n
    ... skipping.
   
   By default, MariaDB comes with a database named 'test' that anyone can
   access.  This is also intended only for testing, and should be removed
   before moving into a production environment.
   
   Remove test database and access to it? [Y/n] y
    - Dropping test database...
    ... Success!
    - Removing privileges on test database...
    ... Success!
   
   Reloading the privilege tables will ensure that all changes made so far
   will take effect immediately.
   
   Reload privilege tables now? [Y/n] y
    ... Success!
   
   Cleaning up...
   
   All done!  If you've completed all of the above steps, your MariaDB
   installation should now be secure.
   
   Thanks for using MariaDB!
   [dkittell@localhost ~]$
   

5. Install Apache2

   sudo yum -y install httpd
   sudo systemctl start httpd.service
   sudo systemctl enable httpd.service
   

   Allow HTTP and HTTPS in RedHat Firewall

   sudo firewall-cmd --permanent --zone=public --add-service=http 
   sudo firewall-cmd --permanent --zone=public --add-service=https
   sudo firewall-cmd --reload
   

   Test your Apache2 Installation
   Go to http://(IP or HostName)

6. Install PHP

   sudo yum -y install php
   sudo systemctl restart httpd.service
   sudo echo "<?PHP phpinfo() ?>" | sudo tee /var/www/html/info.php
   sudo yum -y install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel
   sudo systemctl restart httpd.service
   

   Test your PHP Installation
   Go to http://(IP or HostName)/info.php

Install WordPress

1. Download the latest released version of WordPress

   sudo mkdir /var/www/serversetup/
   sudo wget --no-check-certificate http://wordpress.org/latest.tar.gz -O /var/www/serversetup/WordPress_`date +"%m-%d-%Y"`.tar.gz
   

2. Create the database and a user for WordPress to use.
   For our purposes the values we use can be changed to suit your needs:
   • Database: Site1WPDB
   • Username: Site1WPUSR
   • Password: Site1WPUSRPWD

   sudo mysql -h localhost -u root -p
   CREATE DATABASE IF NOT EXISTS Site1WPDB;
   CREATE USER 'Site1WPUSR'@'localhost' IDENTIFIED BY 'Site1WPUSRPWD';
   GRANT ALL ON Site1WPDB.* TO 'Site1WPUSR'@'localhost';
   FLUSH PRIVILEGES;
   Exit;
   

3. sudo tar zxvf /var/www/serversetup/WordPress_`date +"%m-%d-%Y"`.tar.gz -C /var/www/serversetup
   

4. Configure WordPress
   For our purposes the values we use can be changed to suit your needs:
   • Database: Site1WPDB
   • Username: Site1WPUSR
   • Password: Site1WPUSRPWD

   cd /var/www/serversetup/wordpress
   sudo cp wp-config-sample.php wp-config.php
   sudo sed -i 's/database_name_here/Site1WPDB/g' wp-config.php
   sudo sed -i 's/username_here/Site1WPUSR/g' wp-config.php
   sudo sed -i 's/password_here/Site1WPUSRPWD/g' wp-config.php
   sudo rm -f /var/www/html/info.php
   sudo mv -v /var/www/serversetup/wordpress/* /var/www/html/
   cd ~/
   sudo echo '<IfModule mod_rewrite.c>' > .htaccess
   sudo echo 'RewriteEngine On' >> .htaccess
   sudo echo 'RewriteBase /' >> .htaccess
   sudo echo 'RewriteRule ^index.php$ - [L]' >> .htaccess
   sudo echo 'RewriteCond %{REQUEST_FILENAME} !-f' >> .htaccess
   sudo echo 'RewriteCond %{REQUEST_FILENAME} !-d' >> .htaccess
   sudo echo 'RewriteRule . /index.php [L]' >> .htaccess
   sudo echo '</IfModule>' >> .htaccess
   sudo mv .htaccess /var/www/html/
   cd /var/www/html/
   sudo groupadd www-data
   sudo useradd wpadmin
   sudo passwd wpadmin
   #Set Password For wpadmin
   sudo sudo usermod -a -G www-data wpadmin
   sudo chown wpadmin:www-data -R /var/www
   

5. Now go to http://(IP or Hostname)/ to finish the setup
   
   
   • “Site Title” is the title of the site
   • “Username” is the admin user that you will primary use for administration tasks
     Suggestion: Do not use admin, webmaster, administrator
   • “Password”, type your desired password
     If you do not have a strong password it will warn you but you can check a check box to allow the weak password – NOT RECOMMENDED
   • “Your E-mail” is the email address for the admin of the site, best to make this a distribution list of trusted individuals otherwise the email of the administrator account
   • “Privacy”, typically if the site is internal you want to uncheck the check box otherwise you want search engines to see you.
   • When ready click on the “Install WordPress” button
   • You are now ready to login

Configure WordPress

Two Factor Auth

This plugin is to add security to the WordPress site by requiring all users to use a two factor authentication so that simply having the password won’t let a potential hacker in.

Setup

1. Install from http://(IP or Hostname)/wp-admin/plugin-install.php?tab=plugin-information&plugin=two-factor-auth&TB_iframe=true&width=772&height=799
2. On the Plugins page, activate the Two Factor Auth plugin
3. Click on the Settings link, by default all user types are required to use the two factor process
4. Click on “Two Factor Auth” link just above the “Tools” menu link
   
   There are two delivery types; Email and Third Party Apps
   Note: Whether you choose Email or Third Party Apps the users will initially get emailed their one time code when they login for the first time.
5. Select “Third party apps (Duo Mobile, Google Authenticator etc)”
6. With your phone scan the QR-Code on the screen using one of the tested apps
   • Android – Duo Mobile or Google Authenticator
   • iPhone – Duo Mobile
   • Windows Phone – Windows Authenticator
7. Scroll to the bottom of the page to find “Advanced”, click on “Show advanced info” it is suggested to keep it on “TOTP (time based)”
8. Click on “Save Changes” button.
9. Log out of the site
10. Log back in, type in your username and password then click on the “Log In” button
    
    
11. Type in the six digit number on your phone app or that you recieved in your email
    
    

Support

If you forget/lose the authentication codes you need to terminal into the server and run the disable script.

mv /var/www/html/wp-content/plugins/two-factor-auth/ /var/www/html/wp-content/plugins/two-factor-auth_disabled/

Once you are able to get back in run the enable script

mv /var/www/html/wp-content/plugins/two-factor-auth_disabled/ /var/www/html/wp-content/plugins/two-factor-auth/

Backup/Restore MySQL Database

The purpose of this step is to have a quick repeatable command to backup and restore a database.
Log in a your username (not root) and run this command
For our purposes the values we use can be changed to suit your needs:

• Database: Site1WPDB
• Username: Site1WPUSR
• Password: Site1WPUSRPWD

echo '[mysqldump]'> ~/.my.cnf;
echo 'user=Site1WPUSR'>> ~/.my.cnf;
echo 'password=Site1WPUSRPWD' >> ~/.my.cnf;
chmod 0600 ~/.my.cnf

mysqldump -u Site1WPUSR Site1WPDB > ~/WordPress_DB_Backup_`date +"%m-%d-%Y_%I-%M-%S"`.sql
tar -zcvf WordPress_Site_Backup_`date +"%m-%d-%Y_%I-%M-%S"`.tar.gz /var/www/html

Make sure you modify the date of the file to what you want to restore from.

mysql -u Site1WPUSR Site1WPDB < ~/WordPress_DB_Backup_08-27-2015.sql