English
sudo privileges.Run the command to update your system:
sudo apt update && sudo apt upgrade -yInstall Apache as the web server:
sudo apt install apache2 -yStart and enable Apache:
sudo systemctl start apache2
sudo systemctl enable apache2
Install MariaDB:
sudo apt install mariadb-server mariadb-client -yAttiva MariaDB:
sudo systemctl start mariadb
sudo systemctl enable mariadb
Run the security script:
sudo mysql_secure_installationCreate a database and user for your site:
sudo mysql -u root -p
CREATE DATABASE miosito_db;
GRANT ALL PRIVILEGES ON miosito_db.* TO 'mioutente'@'localhost' IDENTIFIED BY 'mia password';
FLUSH PRIVILEGES;
EXIT;
WordPress requires PHP. Install PHP and the necessary extensions:
sudo apt install php php-mysql php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip -y
Create a directory for your site:
sudo mkdir -p /var/www/html/miosito.comDownload WordPress and move the files to your site’s directory:
cd /tmp
wget https://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz
sudo mv wordpress/* /var/www/html/miosito.com/
Set the correct permissions:
sudo chown -R www-data:www-data /var/www/html/miosito.com
sudo chmod -R 755 /var/www/html/miosito.com
Configure the wp-config.php file:
cd /var/www/html/miosito.com
sudo cp wp-config-sample.php wp-config.php
sudo nano wp-config.php
Update the database details:
define('DB_NAME', 'miosito_db');
define('DB_USER', 'mioutente');
define('DB_PASSWORD', 'mia password');
define('DB_HOST', 'localhost');
Create a Virtual Host for your site:
sudo nano /etc/apache2/sites-available/miosito.com.conf
Add the following content:
<VirtualHost *:80>
ServerAdmin admin@tuo_dominio.com
DocumentRoot /var/www/html/
ServerName tuo_dominio.com
ServerAlias www.tuo_dominio.com
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Enable the site and the rewrite module:
sudo a2ensite miosito.com.conf
sudo a2enmod rewrite
Disable the Default site:
sudo a2dissite 000-default.conf
Restart Apache:
sudo systemctl restart apache2To add more sites, repeat the steps above, changing the directory names, database names, and configuration files.
Enabling SSL on your Apache server ensures that communications between your WordPress site and visitors are secure and encrypted. This section will guide you through the necessary steps to configure SSL using Certbot and Let’s Encrypt.
Certbot is a tool that simplifies obtaining and automatically renewing free SSL certificates provided by Let’s Encrypt.
sudo apt update
sudo apt install certbot python3-certbot-apache -yRun Certbot to automatically obtain and install an SSL certificate for your domain.
sudo certbot --apacheDuring the installation, you will be prompted for the following information:
After completing the installation, verify that the SSL certificate is active by visiting your domain with HTTPS:
You can also check the certificate status with the following command:
sudo certbot certificatesIf you are setting up multiple sites, ensure that each Virtual Host has the correct SSL settings. Here is an example configuration for a site with SSL:
sudo nano /etc/apache2/sites-available/miosito.com.confAdd or modify the Virtual Host to include SSL directives:
<VirtualHost *:443>
ServerAdmin admin@miosito.com
DocumentRoot /var/www/html/miosito.com
ServerName miosito.com
ServerAlias www.miosito.com
<Directory /var/www/html/miosito.com>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/miosito.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/miosito.com/privkey.pem
ErrorLog ${APACHE_LOG_DIR}/miosito.com_error.log
CustomLog ${APACHE_LOG_DIR}/miosito.com_access.log combined
</VirtualHost>Ensure you replace miosito.com with your actual domain and that the SSL certificate paths are correct.
To ensure all traffic uses HTTPS, configure Apache to automatically redirect HTTP requests to HTTPS.
sudo nano /etc/apache2/sites-available/miosito.com.confAdd the following Virtual Host for traffic on port 80:
<VirtualHost *:80>
ServerName miosito.com
ServerAlias www.miosito.com
Redirect permanent / https://miosito.com/
</VirtualHost>After making all changes, restart Apache to apply the new configurations:
sudo systemctl restart apache2Ensure that WordPress correctly recognizes and uses HTTPS.
wp-config.php FileAdd the following lines to your wp-config.php to enforce the use of HTTPS:
define('FORCE_SSL_ADMIN', true);
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}Log in to the WordPress dashboard and navigate to Settings > General. Update the WordPress Address (URL) and Site Address (URL) fields to use https://.
Let’s Encrypt certificates expire every 90 days, but Certbot can handle automatic renewal.
To test automatic renewal, run:
sudo certbot renew --dry-runCertbot automatically sets up a cron job to manage renewals. You can also check the cron job with:
sudo systemctl list-timersUse a service like SSL Labs to test your site’s SSL configuration and ensure it is secure.
Your WordPress site is now protected with HTTPS using a free SSL certificate!
To enhance security and organization on your server, it is advisable to configure phpMyAdmin as a separate site, accessible via a dedicated domain or subdomain. This prevents phpMyAdmin from being accessible as a subpage of other sites hosted on the same server.
If you haven’t installed phpMyAdmin yet, run the following commands:
sudo apt update
sudo apt install phpmyadmin php-mbstring php-zip php-gd php-json php-curl -yDuring installation:
To isolate phpMyAdmin, create a dedicated subdomain, for example, phpmyadmin.miosito.com.
Add a DNS record for the subdomain phpmyadmin.miosito.com pointing to your server’s IP address.
Ensure that phpMyAdmin is installed in the correct directory. Typically, phpMyAdmin is installed in /usr/share/phpmyadmin.
Create a new configuration file for the Virtual Host dedicated to phpMyAdmin.
sudo nano /etc/apache2/sites-available/phpmyadmin.miosito.com.confAdd the following content, replacing phpmyadmin.miosito.com with your subdomain:
<VirtualHost *:80>
ServerName phpmyadmin.miosito.com
DocumentRoot /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
# Add additional access restrictions if necessary
# For example, limit access to specific IP addresses
# Require ip 192.168.1.0/24
</Directory>
ErrorLog ${APACHE_LOG_DIR}/phpmyadmin_error.log
CustomLog ${APACHE_LOG_DIR}/phpmyadmin_access.log combined
</VirtualHost>Save and close the file by pressing Ctrl + O, then Ctrl + X.
Enable the new Virtual Host and ensure that the necessary Apache modules are active:
sudo a2ensite phpmyadmin.miosito.com.conf
sudo a2enmod rewrite
sudo a2enmod headers
sudo systemctl reload apache2Add an additional layer of security by requiring HTTP authentication to access phpMyAdmin.
Use htpasswd to create a password file:
sudo apt install apache2-utils -y
sudo htpasswd -c /etc/phpmyadmin/.htpasswd adminYou will be prompted to enter a password for the admin user.
Edit the Virtual Host configuration file for phpMyAdmin to add authentication:
sudo nano /etc/apache2/sites-available/phpmyadmin.miosito.com.confAdd the following lines within the <Directory /usr/share/phpmyadmin> block:
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
</Directory>Save and close the file.
Reload Apache to apply the changes:
sudo systemctl reload apache2To ensure that the connection to phpMyAdmin is secure, configure SSL for the dedicated subdomain.
Run Certbot to automatically obtain and configure an SSL certificate for the subdomain:
sudo certbot --apache -d phpmyadmin.miosito.comDuring installation, you will be prompted for the following information:
After completing the installation, visit https://phpmyadmin.miosito.com to verify that the SSL certificate is active and that the connection is secure.
To further enhance security, you can restrict access to phpMyAdmin to specific IP addresses or IP ranges.
Edit the Virtual Host configuration file for phpMyAdmin:
sudo nano /etc/apache2/sites-available/phpmyadmin.miosito.com.confAdd the following lines within the <Directory /usr/share/phpmyadmin> block:
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
# Limit access to specific IP
Require ip 192.168.1.100
</Directory>In this example, only the IP address 192.168.1.100 will be able to access phpMyAdmin. You can add more Require ip directives to include additional IP addresses or ranges.
Save and close the file, then reload Apache:
sudo systemctl reload apache21. **Access the Dedicated Subdomain:**
2. **HTTP Authentication:**
htpasswd.3. **Verify Isolation:**
Configuring phpMyAdmin as a separate site offers several advantages:
By following these steps, you will have securely and independently configured phpMyAdmin, improving your database management and overall server security.