Wordpress

VM Setup

First configure a Ubuntu Linux VM using the instructions available at:
https://ubuntu.com/tutorials/install-and-configure-wordpress

Wordpress Overview

A WordPress install contains the following key items:

  1. The Apache configuration file, which points at the WordPress install location.
  2. The Wordpress install location, which includes the "wp-config.php" file that includes database credentials.
  3. The MySQL database accessible via above credentials.
  4. Optionally: Sendmail should be installed and configured to send email through an SMTP relay.

Backing Up

To backup a Wordpress install you should take a copy of:

  • The Apache configuration file located at /etc/apache2/sites-enabled
  • The Wordpress installation directory (and subdirectories)
  • The MySQL database

Enable HTTPS Termination at Load Balancer

If you are terminating your SSL connection at a load balancer, you will need to add the following to the 'wp-config.php' file to prevent internal page references using just 'http:'. Add the following wherever you like:

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' )
{
        $_SERVER['HTTPS'] = 'on';
}

Configuring Sendmail

Based on instructions at:
https://www.twilio.com/docs/sendgrid/for-developers/sending-email/sendmail

But those instructions didn't work for me - do what I say below.

  1. Install sendmail - sudo apt install sendmail
  2. Generate SendGrid API within SendGrid account
  3. Configure SendMail to use SendGrid SMTP relay

Configuring SendMail to use SendGrid SMTP relay

You will edit two files within the /etc/mail directory.

Edit 'access' - insert the following line at the top of the file replacing yourAPIKey with your SendGrid API Key.

# /etc/mail/access

AuthInfo:smtp.sendgrid.net "U:apikey" "P:yourAPIKey" "M:PLAIN"

Edit 'sendmail.mc' - find the following lines.

dnl # The access db is the basis for most of sendmail's checking
FEATURE(`access_db', , `skip')dnl
dnl #
Then insert the following lines underneath them.
define(`SMART_HOST', `smtp.sendgrid.net')dnl
FEATURE(`access_db')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
Finally, we need to regenerate some files. As root:
# cd /etc/mail
# m4 sendmail.mc >sendmail.cf
# makemap hash access.db < access
# service sendmail restart

Hardened Apache Config

{VirtualHost *:80}
    DocumentRoot /srv/www/wordpress
    {Directory /srv/www/wordpress}
        Options       None
        AllowOverride None

        DirectoryIndex /index.php
        Require all granted
    {/Directory}
    {Directory /srv/fastmile/wp-admin}
        Options       None
        AllowOverride None

        DirectoryIndex /wp-admin/index.php
        Require all granted
    {/Directory}
{/VirtualHost}