Skip to content

WordPress

What Is It?

WordPress is the world's most popular content management system (CMS). It requires a web server (Apache), PHP, and a database (MariaDB). Setting it up demonstrates the integration of multiple services.

Installation

dnf install wordpress (manual download)

Key Files and Directories

Path Purpose
/var/www/html/wordpress/ WordPress installation
/var/www/html/wordpress/wp-config.php Database and site configuration

Configuration

WordPress requires three components working together: Apache HTTPD (web server), PHP-FPM (application runtime), and MariaDB (database). Setting it up demonstrates full-stack web application deployment.

Minimal Working Configuration

1. Install prerequisites:

sudo dnf install php-mysqlnd php-fpm mariadb-server tar curl php-json httpd
systemctl start mariadb && systemctl enable mariadb
systemctl start httpd && systemctl enable httpd
systemctl start php-fpm && systemctl enable php-fpm

2. Create the database (see MariaDB for details):

mysql -u root -p
CREATE DATABASE wordpress;
CREATE USER 'admin'@'localhost' IDENTIFIED BY 'secure_password';
GRANT ALL ON wordpress.* TO 'admin'@'localhost';
FLUSH PRIVILEGES;
exit;

3. Download and install WordPress:

curl https://wordpress.org/latest.tar.gz --output wordpress.tar.gz
tar xf wordpress.tar.gz
cp -r wordpress /var/www/html/
chown -R apache:apache /var/www/html/wordpress

4. Set SELinux context:

chcon -t httpd_sys_rw_content_t /var/www/html/wordpress -R

5. Create an Apache virtual host (/etc/httpd/conf.d/wordpress.conf):

<VirtualHost *:80>
    ServerName blog.example.sysadm.ee
    DocumentRoot /var/www/html/wordpress
    ErrorLog /var/log/httpd/wordpress-error.log
    CustomLog /var/log/httpd/wordpress-access.log combined
</VirtualHost>
6. Restart Apache and navigate to the WordPress virtual host to complete the web-based installer. If DNS is not yet configured, use /etc/hosts or curl --resolve to access the site by hostname.

Manual wp-config.php Creation

As an alternative to the web installer (step 6), you can create wp-config.php manually. This is useful when automating the deployment with tools like Ansible:

cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php

Edit wp-config.php and set the database connection details to match the database you created in step 2:

define( 'DB_NAME', 'wordpress' );
define( 'DB_USER', 'admin' );
define( 'DB_PASSWORD', 'secure_password' );
define( 'DB_HOST', 'localhost' );

After saving the file, visit the site to complete the remaining installation steps (site title, admin user, etc.).

7. Consolidate PHP logs — edit /etc/php-fpm.conf and /etc/php-fpm.d/www.conf to redirect error_log to /var/log/httpd/.

Important Directives

wp-config.php
The main WordPress configuration file. Contains database connection details, authentication keys, table prefix, and debug settings. Created during installation.
DB_NAME / DB_USER / DB_PASSWORD / DB_HOST
Database connection parameters in wp-config.php. DB_HOST is typically localhost.
WP_DEBUG
Set to true in wp-config.php to enable debug output. Useful during development, disable in production.
DocumentRoot
The Apache directive pointing to the WordPress installation directory.

Common Commands

# Download WordPress
curl https://wordpress.org/latest.tar.gz --output wordpress.tar.gz
tar xf wordpress.tar.gz

# Fix ownership (Apache must own WordPress files)
chown -R apache:apache /var/www/html/wordpress

# Fix SELinux context for write access
chcon -t httpd_sys_rw_content_t /var/www/html/wordpress -R

# Test Apache configuration
apachectl configtest

# Restart services after changes
systemctl restart httpd
systemctl restart php-fpm

# Check PHP version and modules
php -v
php -m

Logging and Debugging

  • Apache logs: /var/log/httpd/wordpress-error.log and wordpress-access.log
  • PHP errors: Consolidate to /var/log/httpd/php-errors.log and /var/log/httpd/www-php-errors.log
  • WordPress debug: Set WP_DEBUG to true and WP_DEBUG_LOG to true in wp-config.php to write debug output to wp-content/debug.log
  • MariaDB: /var/log/maillog for connection issues; mysql -u admin -p wordpress to test database connectivity

Troubleshooting checklist:

  1. apachectl configtest — Apache syntax OK?
  2. systemctl status php-fpm — is PHP-FPM running?
  3. systemctl status mariadb — is the database running?
  4. Check file ownership — ls -la /var/www/html/wordpress/ should show apache:apache
  5. Check SELinux — ls -Z /var/www/html/wordpress/ should show httpd_sys_rw_content_t
  6. Browser: clear cache with Ctrl+F5 if pages appear stale

Security Considerations

  • File ownership: WordPress files should be owned by apache:apache. The web server needs read access to serve pages and write access to wp-content/ for uploads and plugin installations.
  • SELinux: Only set httpd_sys_rw_content_t on directories that genuinely need write access. The rest should use httpd_sys_content_t (read-only).
  • Database credentials: Use a strong, randomly generated password for the WordPress database user. Never use pass or other trivial passwords in production.
  • Keep WordPress updated: WordPress is a frequent target for attacks. Update core, themes, and plugins regularly.
  • WAF protection: Use ModSecurity with the OWASP Core Rule Set on Apache to filter common attacks against WordPress (SQL injection, XSS). Be aware that some WAF rules may interfere with the WordPress editor.
  • Separate database user: The WordPress database user should only have grants on the wordpress database, not global privileges.

Further Reading

  • Technologies: Apache HTTPD, MariaDB
  • SOPs: Web Server Management