Install wordpress

紀錄安裝細節,但因為 wordpress 套件 githuber-md 1.17.0 bug 修復進度緩慢,markdown 顯示上仍有問題,只發一篇文就受不了改用 hexo。

幾篇 hexo 入門文章

Prerequisite

Configure a custom hostname

Configure a custom hostname

1
hostnamectl set-hostname example-hostname

Update system’s hosts file

1
203.0.113.10 example-hostname.example.com example-hostname

The domain you assign as your system’s FQDN should have an “A” record in DNS pointing to your Linode’s IPv4 address. - Using Your System’s hosts File

SSL Certificates with Apache on Debian & Ubuntu

  1. use certbot to create SSL Certificate - Secure HTTP Traffic with Certbot
  2. Configure Apache to use the SSL Certificate
1
a2ensite example.com.conf # 啟用網站設定以測試 ssl certificate

必設欄位,其餘欄位採用預設值

1
2
3
4
ServerName example.fi
ServerAlias www.example.fi
ServerAdmin [email protected]
DocumentRoot /var/www/html/example.fi/public_html

Install a LAMP Stack

  1. Installing a LAMP Stack on Ubuntu:裝起所有套件

  2. Configuring the Apache Web Server: 設定檔預設值已涵蓋,直接啟用 ufw profile

  3. Configuring a Virtual Host for Your Domain on Apache: 使用 cerbot 產生的example.com.conf

    1
    2
    3
    4
    sudo a2ensite example.com
    sudo a2dissite 000-default.conf
    sudo apache2ctl configtest
    sudo systemctl reload apache2
  4. Configuring the MySQL Database: skip

    1
    sudo mysql_secure_installation

    參考 Before You Begin 設定 mysql (Recommended)
    參考 Using the MySQL Client

  5. Configuring PHP: skip

Configure WordPress

Follow Set up wp-config.php

1
2
3
4
sudo mkdir -p /var/www/html/example.com/public_html
sudo mv wordpress/* ../public_html/
sudo chown -R www-data:www-data /var/www/html/example.com/public_html
sudo chmod -R 755 /var/www/html/example.com/public_html

初始化設定 install.php 時使用 ufw + tailscale 以內網存取防止有心人士

1
sudo ufw allow from [IP]

調整 php.ini 增加上傳檔案大小

1
2
3
upload_max_filesize = 128M
post_max_size = 128M
memory_limit = 512M
1
sudo apachectl restart

Wordpress Plugin

  • Disabl XML-RPC
  • Elementor
  • FileBird
  • Post Grid
  • WordPress Importer
  • Githuber-MD

Trouble shooting

Tools > Site Health > The REST API encountered an unexpected resultPerformance

1
2
3
The REST API is one way that WordPress and other applications communicate with the server. For example, the block editor screen relies on the REST API to display and save your posts and pages.
When testing the REST API, an unexpected result was returned:
REST API Endpoint: https://.../wp-json/wp/v2/types/post?context=edit REST API Response: (404) Not Found

觀察到存取 /wp-json/wp/v2/posts 失敗,但加在 index.php 後能正常存取

1
http://localhost/myproject/index.php/wp-json/wp/v2/posts

依照指示設定 apache conf 並啟用 mod_rewrite

1
2
3
4
5
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
1
2
a2enmod rewrite
service apache2 restart

Reference

Security

除了 xmlrpc.php,還得限制他人存取 wp-login.phpRestrict access to wp-admin & other backend login options 提到兩種作法

  1. 只允許白名單 VPN IP 存取
  2. 採用 Cloudflare Zero Trust (建議)

將 DNS 交給 Cloudflare 代管後,如果 web server 有對外開放 port,限制只允許 Cloudflare IP addresses 存取

1
2
3
4
#!/bin/bash
for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow proto tcp from $cfip to any port 80,443 comment 'Cloudflare IP'; done

ufw reload > /dev/null

run the script weekly by cron

1
2
sudo crontab -e
# 0 0 * * 1 /your/path/cloudflare-ufw/cloudflare-ufw.sh > /dev/null 2>&1

Reference