Andyroo

[Solved] WordPress 5.2.2 on Buster from scratch

Sun Aug 25, 2019 8:00 pm

This is MY solution for installing WordPress 5.2.2 on Buster 2019-07-10 from scratch on a TEST / PLAY / LEARNING machine - apologies for those that have covered LAMP installs but I owe two users this as one post :lol:

NOTE: See this post for a few bits that may need adding for full theme capability support.

Its NOT the most secure install but:

1) Is simple enough to get the site up for internal learning and breaking
2) Allows you to add extra sites as required but that is beyond this post - in fact I would not do it this way for multiple sites :lol:
3) I have noted the odd hole in security that can be tightened

All of this is done via SSH and remote web browser as I can then use the Mac copy / paste for the WordPress keys to make my life easy...

I installed the new image onto boot media - I used Buster Lite with SSH access on a 500Gb HHD on a Pi 3B v1.2 (set for USB boot) for this using Etcher - see elsewhere for that process

Code: Select all

sudo raspi-config
to set the system name (watcher is used in this example) and set the Pi password (also interface use but thats irrelevant for this document)
Note as the system name has changed a reboot is suggested and done here before a full upgrade to the latest release base:

Code: Select all

sudo apt update
sudo apt -y dist-upgrade
sudo apt autoremove
I then manually rebooted to make sure all modules / kernel changes are loaded then installed Apache and PHP - this command loads the latest versions of both

Code: Select all

sudo apt -y install default-mysql-client default-mysql-server apache2 php php-mysql
At this point you should be able to browse to http://watcher.local (or you can use http://<IP addess> if DNS is not handling the .local correctly on your LAN) and get the Apache default page to show the web server is running OK.

I create a very simple test php script to test PHP - I know that technically this is under the wrong owner (i.e. root not www-data) but it does not matter for this script :?

Code: Select all

sudo nano /var/www/html/index.php

Code: Select all

<?php
phpinfo();
?>
Browsing to http://watcher.local/index.php lets you check php is running OK

Now its SQL work time. First task is to create a database and then the user for WordPress. NOTE - press return for the password (i.e. none) in the next step

Code: Select all

sudo mysql -u root -p
The prompt should change to MariaDB [(none)]> to show you are in the database console
a) Create database first called WPDB (OK not very original)

Code: Select all

CREATE DATABASE WPDB DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
Above will report Query OK, 1 row affected

b) Create a user for this machine only (again not the most original)

Code: Select all

CREATE USER 'WPDBAccount'@'localhost' IDENTIFIED BY 'WPDBUserPassword';
Above will report Query OK, 0 rows affected

Standard rights for WordPress users are for all abilities - THIS IS A SECURITY RISK so try and LIMIT THE PRIVILEGES TO THOSE NEEDED BY WordPress and plugins
See https://mariadb.com/kb/en/library/show-privileges/ for a full list of privlages

c) Give access to the database for the user

Code: Select all

GRANT ALL PRIVILEGES ON WPDB.* TO 'WPDBAccount'@'localhost';

Code: Select all

--> Optional - check rights are set correctly for those who think you need a flush privileges at this point
SHOW GRANTS for 'WPDBAccount'@'localhost';
--> +--------------------------------------------------------------------------------------------------------------------+
--> | Grants for [email protected]                                                                                   |
--> +--------------------------------------------------------------------------------------------------------------------+
--> | GRANT USAGE ON *.* TO 'WPDBAccount'@'localhost' IDENTIFIED BY PASSWORD '*0B98EE34260737CF4BF16FCFF7D8A847D4A91D39' |
--> | GRANT ALL PRIVILEGES ON `WPDB`.* TO 'WPDBAccount'@'localhost'                                                      |
--> +--------------------------------------------------------------------------------------------------------------------+
Now leave SQL

Code: Select all

QUIT;
You should now be back at the terminal so its time to download the latest version of WP from their site and extract it into the folder 'wordpress'

Code: Select all

cd /var/www/html/
sudo tar -xzvf latest.tar.gz
I like to put it under html but still in a 'wordpress' directory to allow me to put other sites under their name.
I create a .htaccess file for WordPress (settings / permalinks) and Apache rewrite modules -

Code: Select all

sudo touch ./wordpress/.htaccess
I create an update directory (at least one WordPress update has fallen over without this before)

Code: Select all

sudo mkdir ./wordpress/wp-content/upgrade
Next I create a default config file

Code: Select all

sudo cp ./wordpress/wp-config-sample.php ./wordpress/wp-config.php
and then set the ownership and blanket rights to the wordpress folder --> THIS IS A SECURITY RISK <--

Code: Select all

sudo chown -R www-data:www-data ./wordpress
sudo chmod -R 755 ./wordpress
NOTE it is better to limit these with

Code: Select all

sudo find ./wordpress/ -type d -exec chmod 750 {} \;
sudo find ./wordpress/ -type f -exec chmod 640 {} \;
but these can and do break plugins - it may be a trial and error to start with if you go this way[/b]

Even though this is a test machine I still generate secure keys for Wordpress and its cookie generation
Thank you Automatic for a simple generator :D

Code: Select all

curl -s https://api.wordpress.org/secret-key/1.1/salt/
Copy those as you will need them in a moment (cmd key vs ctrl key on a Mac is fun)

Code: Select all

nano ./wordpress/wp-config.php
Change the MySQL settings (just above the keys) as follows

Code: Select all

--> define( 'DB_NAME', 'WPDB' );
define( 'DB_USER', 'WPDBAccount' );
define( 'DB_PASSWORD', 'WPDBUserPassword' );
define( 'DB_HOST', 'localhost' );
define( 'DB_CHARSET', 'utf8' );
define( 'DB_COLLATE', 'utf8_unicode_ci' );
Remove the default keys and replace them with the ones copied from above (remember nano covers the whole screen) and save the changes

Then tidy up by removing the download as its not needed anymore - I would always download again to keep up to date with security patches etc (you may want to keep it for testing or rebuilds - your option)

Code: Select all

sudo rm latest.tar.gz
Now we can link Apache to this 'site' so I edit the default Apache site to point to WordPress (not best practise but this is a test box)

Code: Select all

sudo nano /etc/apache2/sites-available/000-default.conf 
Change the text starting DocumentRoot to read

Code: Select all

         DocumentRoot /var/www/html/wordpress
         <Directory /var/www/html/wordpress/>
                 AllowOverride All
         </Directory>
and then I check everything with the config is OK

Code: Select all

sudo apache2ctl configtest
and the expected Error AH00558 - Could not determine server name comes up and is fine at this point
So I enable the rewrite module for WordPress URLs to look nice and restart Apache to make it active

Code: Select all

sudo a2enmod rewrite
sudo systemctl restart apache2
Now just go to the url of the computer http://watcher.local and complete the install of Wordpress

CAVEATS:

1) This is not suitable for running live sites on as the box has no certificates, firewall or fail2ban etc as a minimum
2) Do not blame me if it breaks :lol: THIS IS A PLAY MACHINE
3) I am not interested in doing one for NGINX or lighttpd etc
4) Its bound to be different to your way but it run fine.
5) I know I used sudo a lot - helps me remember security / rights :lol:
6) Yes I know I've used /var/www/html/wordpress. I could have dropped a level to /var/www/wordpress but what the heck as I know it has code in it and not just services / programs etc - THIS IS A PLAY MACHINE so I'm not fussed :lol:
7) Yes I know I edited the default Apache site - THIS IS A PLAY MACHINE and I'm not running multiple sites on it or even a named site
8) Do not blame me for the default 2019 theme - I know it sucks :lol: :P :lol:
9) No I am not interested in documenting a more secure machine - too many plugins etc need odd rights and my networking is weak
10) No idea if multi-site or sub-domains would work in this build
Last edited by Andyroo on Sat Sep 07, 2019 11:14 pm, edited 3 times in total.

User avatar
DougieLawson
Posts: 36572
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: [Solved] WordPress 5.2.2 on Buster from scratch

Sun Aug 25, 2019 9:49 pm

You should write that up as a pull request for the Raspberry Pi Foundation docs (that are now a bit out or date).

https://github.com/RaspberryPiLearning/ ... -wordpress
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

Andyroo

Re: [Solved] WordPress 5.2.2 on Buster from scratch

Tue Aug 27, 2019 4:53 pm

DougieLawson wrote:
Sun Aug 25, 2019 9:49 pm
You should write that up as a pull request for the Raspberry Pi Foundation docs (that are now a bit out or date).

https://github.com/RaspberryPiLearning/ ... -wordpress
Well I’ve read up on pull requests (never having done one before) and think I understand what to do :? So I’ll have a read of my notes and boot up a Stretch machine as well to see if it is any different there (php being the obvious thought) and see if I can find anything else on security in WordPress that can be addressed for beginners and have a go :o

Do I need to OK it with the Foundation / Trading teams first or is that part of the ‘pull’ question / promotion process (I assume it is)?

User avatar
DougieLawson
Posts: 36572
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: [Solved] WordPress 5.2.2 on Buster from scratch

Tue Aug 27, 2019 9:48 pm

The RPF/RP(T)Ltd get your pull-request and approve it at that time (after you submit it). No need to ask first, it's why the docs are on Github so that all of us can offer improvements. If you write it up it saves time for everyone.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

Andyroo

Re: [Solved] WordPress 5.2.2 on Buster from scratch

Sat Sep 07, 2019 11:11 pm

Playing around within WP I've found a few issues that do not stop you running most things but its not as clean as I would like / expect.

I'll work through these over the next few days and update the original instructions where possible.

Currently these are 'wrong' going by the Site Health Status screen:

1) REST API - now needed for the block editor. May not be an issue for older themes not using Gutenberg. Is an issue for mobile App posting
2) Scheduled events are not running. Need to link the wp-cron.php script into crontab
3) PHP module bcmath missing (recommended only)
4) PHP module curl missing (rec only)
5) PHP module imagick missing (rec only)
6) PHP module gd missing (REQUIRED)

Note that imagick may also require ImageMagick and Ghost Script installing :o

There are piles of other bits covered in the handbook for hosting if anyone wants to dig in and let me know feel free but remember this is for internal home use.

Number two is interesting - it may not be an issue for sites that are visited regularly (as it can be hooked into the page read functions) but it can stop old posts, pages etc being deleted out of the trash and security / general updates (core and plugins) being detected or actioned.

Note one thing I am keep to play around with links back to the PHP memory limits as currently my Buster 3B+ Pi (1Gb) is reporting:
MiB Mem : 969.7 total, 511.3 free, 153.6 used, 304.9 buff/cache with 2Gb swap space allocated on hard disk (unused).

WooCommerce troubleshooting state take this to 256Mb for PHP in either wp-config.php or .htaccess so this maybe an issue in some cases on the older Pi boards long term with newer more reactive PHP / Gutenberg themes especially if running of SD cards.

Return to “Beginners”