Wordpress
VM Setup
First configure a Ubuntu Linux VM using the instructions available at:
https://ubuntu.com/tutorials/install-and-configure-wordpress
Wordpress Overview
A WordPress install contains the following key items:
- The Apache configuration file, which points at the WordPress install location.
- The Wordpress install location, which includes the "wp-config.php" file that includes database credentials.
- The MySQL database accessible via above credentials.
- Optionally: Sendmail should be installed and configured to send email through an SMTP relay.
Backing Up
To backup a Wordpress install you should take a copy of:
- The Apache configuration file located at /etc/apache2/sites-enabled
- The Wordpress installation directory (and subdirectories)
- The MySQL database
Enable HTTPS Termination at Load Balancer
If you are terminating your SSL connection at a load balancer, you will need to add the following to the 'wp-config.php' file to prevent internal page references using just 'http:'. Add the following wherever you like:
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) { $_SERVER['HTTPS'] = 'on'; }
Configuring Sendmail
Based on instructions at:
https://www.twilio.com/docs/sendgrid/for-developers/sending-email/sendmail
But those instructions didn't work for me - do what I say below.
- Install sendmail - sudo apt install sendmail
- Generate SendGrid API within SendGrid account
- Configure SendMail to use SendGrid SMTP relay
Configuring SendMail to use SendGrid SMTP relay
You will edit two files within the /etc/mail directory.
Edit 'access' - insert the following line at the top of the file replacing yourAPIKey with your SendGrid API Key.
# /etc/mail/access AuthInfo:smtp.sendgrid.net "U:apikey" "P:yourAPIKey" "M:PLAIN"
Edit 'sendmail.mc' - find the following lines.
dnl # The access db is the basis for most of sendmail's checking FEATURE(`access_db', , `skip')dnl dnl #Then insert the following lines underneath them.
define(`SMART_HOST', `smtp.sendgrid.net')dnl FEATURE(`access_db')dnl define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnlFinally, we need to regenerate some files. As root:
# cd /etc/mail # m4 sendmail.mc >sendmail.cf # makemap hash access.db < access # service sendmail restart
Hardened Apache Config
{VirtualHost *:80} DocumentRoot /srv/www/wordpress {Directory /srv/www/wordpress} Options None AllowOverride None DirectoryIndex /index.php Require all granted {/Directory} {Directory /srv/fastmile/wp-admin} Options None AllowOverride None DirectoryIndex /wp-admin/index.php Require all granted {/Directory} {/VirtualHost}