Ubuntu – WordPress Install

These steps are based on Ubuntu 14.10 Server 64-bit but can be applied to virtually any Debian based UNIX distribution.

1. Download Ubuntu
2. Install Ubuntu
3. Configure Ubuntu
4. Install WordPress
5. Configure WordPress
6. Backup/Restore MySQL Database

Download Ubuntu

First we must download the Ubuntu DVD image, it is recommended to download straight from the official Ubuntu.com site.
For this document we will use Ubuntu 14.10 64-bit downloaded from http://releases.ubuntu.com/releases/14.10/ubuntu-14.10-server-amd64.iso

Install Ubuntu

1. Load the computer with the DVD (created from the ISO) or VM with the ISO
2. Select the language (English)
   Note: Unless otherwise stated you can simply tap the enter/return key on your keyboard to progress to the next screen.
   
3. Select “Install Ubuntu Server”
   
   
4. Select the language again (English)
   
   
5. Select your location (United States)
   
   
6. Select a keyboard layout
   • 
     
   • 
     
   • 
     
7. Type in a hostname for the server. This should be descriptive to the server’s purpose ex. WordPressSvr1
   
   
8. Type a user’s full name, this is different than the username ex. John Doe
   
   
9. Type a username, this is the login name that you will need to use.
   
   
   • NOTE: If you receive this screen choose “Continue”, you will need to choose a different username
     
     
   • Confirm the Full name and “Continue”
     
     
   • Correct the invalid issue and “Continue”
     
     
10. Type a password, this should follow your company’s password requirements if you have any.
    
    
11. Confirm the password
    
    
12. Suggested But Optional – Encrypt home directory. If you select this option everything in the user’s directory will be encrypted.
    
    
13. Make sure the installer detected the time zone correctly, typically you select Yes
    
    
14. Similar to Microsoft Windows’ BitLocker you have the option to encrypt the entire drive and boot loader.
    
    
    Encrypt the drive and boot loader choose the third option “Guided – use entire disk and set up encrypted LVM”
    If you select this option you will get a prompt asking for an encryption key and to confirm that key.
15. Select the disk you want to use (typically only one option)
    
    
16. Confirm your choice, this is typically the last chance you have to cancel the format of the hard drive
    
    
17. Select an Encryption passphrase
    
    
18. Confirm the Encryption passphrase
    
    
19. Type the amount of the volume group to use. (Typically use the amount that’s already on the screen)
    
    
20. Confirm the write changes
    
    
21. If you need to use a HTTP proxy type it in otherwise just tap the enter/return key to continue
    
    
22. Depending on your company policies it may be best to select “No automatic updates” so an Admin can install the needed updates
    
    
23. On this screen only select “OpenSSH server”, you select by using the up and down arrows to move the cursor and then the space bar to select the item.
    
    
24. Typically you would say yes to the installation of the GRUB boot loader.
    NOTE: Even if this is not the primary operating system this is suggested
    
    
25. Ubuntu is now installed. If you are on a non-VM system remove the DVD. Tap the enter/return key to finish and reboot
    
    

Configure Ubuntu

1. If you encrypted the LVM you will start with this screen, type in the passphrase you created
   
   
2. Depending on what you typed for your hostname you may see something different from “KDUbuntu” but this is your login screen.
   Login with the username you created earlier
   
3. After you successfully login, you need to setup a root password.
   • Type “sudo passwd”
   • Type in your username’s password
   • Type in a password for root (should be different than your username’s password)
   • Confirm the password for root

   sudo passwd

   
   

4. Start ssh services with “sudo service ssh restart”

   sudo service ssh restart

5. Type “ifconfig” to get the IP address of the server, in the example below the IP is 10.0.2.15

   ifconfig

   With this IP you should now connect via Putty to make the rest of the changes.
   
   

6. Within Putty, once logged in as root run the following commands:

   sudo apt-get update && sudo apt-get upgrade && sudo apt-get check && sudo apt-get autoremove && sudo apt-get autoclean && sudo apt-get clean
   

   sudo apt-get --assume-yes install ntp

   sudo timedatectl set-timezone America/Detroit

   sudo service ntp restart && sudo ntpdate -s ntp.ubuntu.com
   

   sudo apt-get --assume-yes install apache2 apache2-mpm-prefork
   

   sed -i 's/#ServerName www.example.com/ServerName wpsvr/g' /etc/apache2/sites-available/000-default.conf
   
   sed -i 's|DocumentRoot /var/www/html|DocumentRoot /var/www/html\n<Directory /var/www/html/>\nAllowOverride All\n</Directory>|g' /etc/apache2/sites-available/000-default.conf
   

   sudo apt-get install sendmail
   

   sudo apt-get --assume-yes install vsftpd
   

   sed -i 's/anonymous_enable=YES/anonymous_enable=NO/g' /etc/vsftpd.conf
   sed -i 's/local_enable=NO/local_enable=YES/g' /etc/vsftpd.conf
   sed -i 's/#local_enable=YES/local_enable=YES/g' /etc/vsftpd.conf
   sed -i 's/#write_enable=YES/write_enable=YES/g' /etc/vsftpd.conf
   sed -i 's/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Welcome to the FTP service./g' /etc/vsftpd.conf
   ln -s /var/www/html /home/wpadmin/html
   sudo service vsftpd restart
   

   sudo apt-get --assume-yes install php5 libapache2-mod-php5 php5-mcrypt php5-cli php5-cgi php5-common php5-curl php5-dbg php5-xcache php5-gd libssh2-php
   

   mv -i /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available/
   

   php5enmod mcrypt
   

   Create Test PHP File
   echo ‘<?php phpinfo(); ?>’ > /var/www/html/testphp.php

   sed -i 's/display_errors = Off/display_errors = On/g' /etc/php5/apache2/php.ini
   

   sed -i 's/display_errors = On/display_errors = Off/g' /etc/php5/apache2/php.ini
   

   sudo /etc/init.d/apache2 restart
   

7. Load the testphp.php in a web browser
   http://(IP or Hostname)/testphp.php
8. Install MySQL, when you run the below script you will get prompted for a root password for MySQL (see screenshots)

   sudo apt-get --assume-yes install mysql-server  mysql-client libapache2-mod-auth-mysql php5-mysql phpmyadmin
   

   • Type a password for root access
     
     
   • Confirm the root password
     
     
   • Select apache2 (space bar selects) to configure PHPMyAdmin and continue
     
     
   • Select no to configure automattically and continue
     
     
   • Type the MySQL root password you just created
     
     
   • Create a default access password for PHPMyAdmin
     
     
   • Confirm the default access password
     
     
9. Run the MySQL security installation, you get will prompted screens:

   sudo /usr/bin/mysql_secure_installation
   

   • Type in the root MySQL password (tap the enter/return key)
   • Type n (tap the enter/return key)
   • Type y (tap the enter/return key) to remove anonymous access
   • Type y (tap the enter/return key) to disallow root remote access
   • Type y (tap the enter/return key) to remove the test database and the access to it
   • Type y (tap the enter/return key) to reload the priviledge tables

   sudo /etc/init.d/apache2 restart
   

Install WordPress

1. Download the latest released version of WordPress

   mkdir /var/www/serversetup/
   wget --no-check-certificate http://wordpress.org/latest.tar.gz -O /var/www/serversetup/WordPress_`date +"%m-%d-%Y"`.tar.gz
   

2. Create the database and a user for WordPress to use.
   For our purposes the values we use can be changed to suit your needs:
   • Database: Site1WPDB
   • Username: Site1WPUSR
   • Password: Site1WPUSRPWD

   mysql -h localhost -u root -p
   CREATE DATABASE IF NOT EXISTS Site1WPDB;
   CREATE USER 'Site1WPUSR'@'localhost' IDENTIFIED BY 'Site1WPUSRPWD';
   GRANT ALL ON Site1WPDB.* TO 'Site1WPUSR'@'localhost';
   FLUSH PRIVILEGES;
   Exit;
   

3. tar zxvf /var/www/serversetup/WordPress_`date +"%m-%d-%Y"`.tar.gz -C /var/www/serversetup
   

4. Configure WordPress
   For our purposes the values we use can be changed to suit your needs:
   • Database: Site1WPDB
   • Username: Site1WPUSR
   • Password: Site1WPUSRPWD

   cd /var/www/serversetup/wordpress
   cp wp-config-sample.php wp-config.php
   sed -i 's/database_name_here/Site1WPDB/g' wp-config.php
   sed -i 's/username_here/Site1WPUSR/g' wp-config.php
   sed -i 's/password_here/Site1WPUSRPWD/g' wp-config.php
   rm /var/www/html/index.html && rm /var/www/html/testphp.php
   mv -v /var/www/serversetup/wordpress/* /var/www/html/
   cd /var/www/html
   echo '<IfModule mod_rewrite.c>' > .htaccess
   echo 'RewriteEngine On' >> .htaccess
   echo 'RewriteBase /' >> .htaccess
   echo 'RewriteRule ^index.php$ - [L]' >> .htaccess
   echo 'RewriteCond %{REQUEST_FILENAME} !-f' >> .htaccess
   echo 'RewriteCond %{REQUEST_FILENAME} !-d' >> .htaccess
   echo 'RewriteRule . /index.php [L]' >> .htaccess
   echo '</IfModule>' >> .htaccess
   sudo adduser wpadmin www-data
   chown wpadmin:www-data -R /var/www
   chmod 0775 -R /var/www
   chmod g+s -R /var/www
   chmod -v 604 /var/www/html/.htaccess
   chmod -v 600 /var/www/html/wp-config.php
   chmod -R 777 /var/www/html/wp-content/uploads
   

5. Now go to http://(IP or Hostname)/ to finish the setup
   
   
   • “Site Title” is the title of the site
   • “Username” is the admin user that you will primary use for administration tasks
     Suggestion: Do not use admin, webmaster, administrator
   • “Password”, type your desired password
     If you do not have a strong password it will warn you but you can check a check box to allow the weak password – NOT RECOMMENDED
   • “Your E-mail” is the email address for the admin of the site, best to make this a distribution list of trusted individuals otherwise the email of the administrator account
   • “Privacy”, typically if the site is internal you want to uncheck the check box otherwise you want search engines to see you.
   • When ready click on the “Install WordPress” button
   • You are now ready to login

Configure WordPress

Two Factor Auth

This plugin is to add security to the WordPress site by requiring all users to use a two factor authentication so that simply having the password won’t let a potential hacker in.

Setup

1. Install from http://(IP or Hostname)/wp-admin/plugin-install.php?tab=plugin-information&plugin=two-factor-auth&TB_iframe=true&width=772&height=799
2. On the Plugins page, activate the Two Factor Auth plugin
3. Click on the Settings link, by default all user types are required to use the two factor process
4. Click on “Two Factor Auth” link just above the “Tools” menu link
   
   

   There are two delivery types; Email and Third Party Apps
   Note: Whether you choose Email or Third Party Apps the users will initially get emailed their one time code when they login for the first time.

5. Select “Third party apps (Duo Mobile, Google Authenticator etc)”
6. With your phone scan the QR-Code on the screen using one of the tested apps
   • Android – Duo Mobile or Google Authenticator
   • iPhone – Duo Mobile
   • Windows Phone – Windows Authenticator
7. Scroll to the bottom of the page to find “Advanced”, click on “Show advanced info” it is suggested to keep it on “TOTP (time based)”
8. Click on “Save Changes” button.
9. Log out of the site
10. Log back in, type in your username and password then click on the “Log In” button
    
    
11. Type in the six digit number on your phone app or that you recieved in your email
    
    

Support

If you forget/lose the authentication codes you need to terminal into the server and run the disable script.

mv /var/www/html/wp-content/plugins/two-factor-auth/ /var/www/html/wp-content/plugins/two-factor-auth_disabled/

Once you are able to get back in run the enable script

mv /var/www/html/wp-content/plugins/two-factor-auth_disabled/ /var/www/html/wp-content/plugins/two-factor-auth/

Backup/Restore MySQL Database

The purpose of this step is to have a quick repeatable command to backup and restore a database.
Log in a your username (not root) and run this command
For our purposes the values we use can be changed to suit your needs:

• Database: Site1WPDB
• Username: Site1WPUSR
• Password: Site1WPUSRPWD

echo '[mysqldump]'> ~/.my.cnf;
echo 'user=Site1WPUSR'>> ~/.my.cnf;
echo 'password=Site1WPUSRPWD' >> ~/.my.cnf;
chmod 0600 ~/.my.cnf

mysqldump -u Site1WPUSR Site1WPDB > ~/WordPress_DB_Backup_`date +"%m-%d-%Y_%I-%M-%S"`.sql
tar -zcvf WordPress_Site_Backup_`date +"%m-%d-%Y_%I-%M-%S"`.tar.gz /var/www/html

Make sure you modify the date of the file to what you want to restore from.

mysql -u Site1WPUSR Site1WPDB < ~/WordPress_DB_Backup_08-27-2015.sql