Set up WordPress websites and security settings in CentOS

I. Preface

II. Environment

III. Basic Configuration

1. Build a LAMP Environment

2. install WordPress

3. Install phpMyAdmin

Iv. Security Configuration

1. Authentication

2. Source Control

3. encrypted access (https)

V. Test

-------------------------------------------

I. Preface

LAMP is Linux + Apache + Mysql + PHP. A group of open-source software commonly used to build dynamic websites or servers are independent programs. However, LAMP is often used together, with higher compatibility, a powerful Web application platform is formed together. With the rapid development of open source, open source code LAMP has been integrated with J2EE and. net commercial software has formed a three-pronged trend, and the software development project has a low investment cost in software, so it has received the attention of the entire IT industry. More than 70% of website traffic is provided by LAMP, which is the most powerful website solution.

WordPress is a blog platform developed in PHP. you can build your own website on servers that support PHP and MySQL databases. WordPress can also be used as a Content Management System (CMS. WordPress is a free open-source project that is licensed to be released under the GNU General Public License. WordPress is regarded as the official successor of the blog platform b2/cafelog developed by micel Valdrighi. The name "WordPress" came from Christine Selleck, a friend of Matt Mullenweg, a major developer.

PhpMyAdmin is a MySQL database management tool based on PHP and based on Web-Base architecture on the website host. It allows managers to use Web interfaces to manage MySQL databases. By using this Web interface, you can become a better way to easily input complicated SQL syntax, especially to process the import and export of a large amount of data. One of the biggest advantages is that phpMyaAdmin runs on the Web server like other PHP programs, but you can use the HTML pages generated by these programs anywhere, that is, remote management of MySQL databases, allows you to easily create, modify, and delete databases and data tables. You can also use phpMyAdmin to create common php syntaxes to facilitate the correctness of the SQL syntaxes required for compiling webpages.

II. Environment

System: redhat6.5 32-bit

IP: 192.168.2.200/24

Software Package:

Wordpress-3.9-zh_CN.zip wordpress main file

PhpMyAdmin-4.1.5-all-languages.zip phpMyAdmin main file

III. Basic Configuration

1. Build a LAMP Environment

123456789101112131415161718192021222324252627 # Service iptables stop // disable firewall and SELinux # setenforce 0 # yum install httpd mysql mysql-server php php-mysql php-gd php-xml # service httpd start # service mysqld start # Chkconfig httpd on // start upon startup # chkconfig --list |grep httpd httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off # chkconfig mysqld on # chkconfig --list |grep mysql mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off # Mysqladmin-u root-p password '000000' // set the user and password for mysql Enter password: // Press enter here. # mysql -u root -p Enter password: mysql> create database wordpress; // Create a wordpress database and prepare for installing wordpress below. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | test | | wordpress | +--------------------+ mysql> \q Bye

2. install WordPress

12 # Unzip wordpress-3.9-zh_CN.zip // Extract # mv wordpress /var/www/html/

Write the following IP address and domain name to the hosts file C: \ Windows \ System32 \ drivers \ etc \ hosts

192.168.2.10 www.yinuo.com

Client browser access http://www.yinuo.com/wordpress/

(1) Click Create configuration file.

(2) Click here to start.

(3) write the username and password and click Submit.

(4) follow the prompts to manually create a wp-config.php file, copy the text in, And then install.

12 # cd /var/www/html/wordpress/ # vim wp-config.php

(5) If the database connection error, be sure to look at the wp-config.php file 17-26 lines, do not have any errors (such ).

(6) Fill in the site information and install wordpress.

(7) You have successfully logged on.

(8) logon test.

(9th, for example, fengying.zip.

12 # unzip fengying.zip # mv fengying /var/www/html/wordpress/wp-content/themes/

3. Install phpMyAdmin

12345 # unzip phpMyAdmin-4.1.5-all-languages.zip # mv phpMyAdmin-4.1.5-all-languages /var/www/html/phpmyadmin # Rpm-qa php // view php version information php-5.3.3-22.el6.i686 http: //rpm .pbone.net/ // Download the php-mbstring corresponding to the php version at this URL.

12345678 # rpm -ivh php-mbstring-5.3.3-22.el6.i686.rpm # rpm -qa |grep php php-5.3.3-22.el6.i686 php-mbstring-5.3.3-22.el6.i686 Again, the php and php-mbstring versions must be consistent. # service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ]

Access http: // 192.168.2.10/phpmyadmin/

Enter the database account and password.

Manage databases (mysql management tool under the graphic interface ).

Iv. Security Configuration

1. Authentication

1234567891011121314151617181920212223 # vim /etc/httpd/conf/httpd.conf 338 AllowOverride all // Access needs verification # cd /var/www/html/wordpress/ # Vim. htaccess // create a verification instruction file authuserfile /var/www/html/ .htpasswd authname "nuo" authtype basic require valid-user # cd .. # Htpasswd-c. htpasswd admin // create a password file with the username admin. For security purposes, the password and description file are not in the same directory. New password: Re- type new password: Adding password for user admin # cat .htpasswd admin:OEWyxf6WFthog # ll -a drwxr-xr-x. 3 root root 4096 May 14 14:21 . drwxr-xr-x. 6 root root 4096 Mar 30 15:01 .. -rw-r--r--. 1 root root 20 May 14 14:21 .htpasswd drwxr-xr-x. 5 root root 4096 May 14 14:20 wordpress # service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ]

Client browser access http://www.yinuo.com/wordpress/

You need an account and password to access your personal homepage.

2. Source Control

1234 # vim /etc/httpd/conf/httpd.conf 343 Order allow,deny 344 Allow from all 345 deny from X.X.X.X

X. X indicates the IP address that denies access.

3. encrypted access (https)

123456789101112 # cd /etc/pki # ll drwxr-xr-x. 6 root root 4096 Mar 30 14:59 CA drwxr-xr-x. 4 root root 4096 Mar 30 14:57 ca-trust drwxr-xr-x. 2 root root 4096 Mar 30 15:41 entitlement drwxr-xr-x. 2 root root 4096 Mar 30 14:57 java drwxr-xr-x. 2 root root 4096 Mar 30 14:58 nssdb drwxr-xr-x. 2 root root 4096 Mar 30 15:15 product drwxr-xr-x. 2 root root 4096 Mar 30 14:55 rpm-gpg drwx------. 2 root root 4096 Aug 15 2013 rsyslog drwxr-xr-x. 5 root root 4096 Mar 30 14:59 tls # vim tls/openssl.cnf

123456789101112131415161718192021222324252627282930313233343536373839 # cd /etc/pki/CA/ # touch index.txt # touch serial # echo 00 >serial # openssl genrsa 1024 >private/cakey.pem Generating RSA private key, 1024 bit long modulus .................++++++ .........................................++++++ e is 65537 (0x10001) # ll private/cakey.pem -rw-r--r--. 1 root root 887 May 14 14:38 private /cakey .pem # openssl req -new -key private/cakey.pem -x509 -out cacert.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.' , the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HeNan Locality Name (eg, city) [Default City]:ZhengZhou Organization Name (eg, company) [Default Company Ltd]:ZZU Organizational Unit Name (eg, section) []:tec Common Name (eg, your name or your server's hostname ) []:rootca.net.org Email Address []: # mkdir -pv /etc/httpd/certs # cd /etc/httpd/certs/ # openssl genrsa 1024 >httpd.key Generating RSA private key, 1024 bit long modulus .......++++++ ....++++++ e is 65537 (0x10001) # ll -rw-r--r--. 1 root root 887 May 14 14:42 httpd.key # chmod 600 httpd.key # ll -rw-------. 1 root root 887 May 14 14:42 httpd.key # Vim/etc/pki/tls/openssl. cnf // low-line command mode: 85,87 s/match/optional

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 # openssl req -new -key httpd.key -out httpd.crq You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.' , the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HeNan Locality Name (eg, city) [Default City]:ZhengZhou Organization Name (eg, company) [Default Company Ltd]:abc Organizational Unit Name (eg, section) []:tec Common Name (eg, your name or your server's hostname ) []:www.abc.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # ll -rw-r--r--. 1 root root 651 May 14 14:46 httpd.crq -rw-------. 1 root root 887 May 14 14:42 httpd.key # openssl ca -in httpd.crq -out httpd.cert Using configuration from /etc/pki/tls/openssl .cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 0 (0x0) Validity Not Before: May 14 21:46:54 2014 GMT Not After : May 14 21:46:54 2015 GMT Subject: countryName = CN stateOrProvinceName = ZhengZhou organizationName = abc organizationalUnitName = tec commonName = www.abc.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 0A:8A:11:6A:C4:86:4B:66:DC:C3:10:B5:D4:CE:C2:AB:E8:8A:8B:DE X509v3 Authority Key Identifier: keyid:79:AB:D7:17:BC:30:27:1F:59:08:6F:01:70:A2:33:53:55:99:27:E1 Certificate is to be certified until May 14 21:46:54 2015 GMT (365 days) Sign the certificate? [y /n ]:y 1 out of 1 certificate requests certified, commit? [y /n ]y Write out database with 1 new entries Data Base Updated # cd /etc/pki/CA/ # cat index.txt V 150514214654Z 00 unknown /C =CN /ST =ZhengZhou /O =abc /OU =tec /CN =www.abc.com # yum install mod_ssl # vim /etc/httpd/conf.d/ssl.conf 105 SSLCertificateFile /etc/httpd/certs/httpd .cert 112 SSLCertificateKeyFile /etc/httpd/certs/httpd .key 121 SSLCertificateChainFile /etc/pki/CA/cacert .pem # Service httpd configtest // syntax Test Syntax OK # vim /etc/httpd/conf/httpd.conf 136 # Listen 80 // close port 80 and only allow https access # service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] # netstat -tupln |grep httpd tcp 0 0 :::443 :::* LISTEN 25167 /httpd

V. Test

Client browser access https://www.yinuo.com/wordpress/

View and install the certificate.

Homepage display

This article from the "one promise thousands of gold" blog, please be sure to keep this source http://yinuoqianjin.blog.51cto.com/8360868/1352804