If you haven’t already setup your Ubuntu server, please read this post, and get the Ubuntu server running on AWS’ free-tier, first.  Otherwise, proceed here for the basic WordPress setup.   If you’ve never used WordPress, then now’s your chance to see how easy it can be to host your own web site, with a world-class content-management-system (CMS).  I’ll create another post in the future, with a list of plugins to add to WordPress.  The list will include plugins to make your site secure, Search Engine Optimized (SEO), and really, really, user-friendly for one to use as their own blogging or small-business web site.


This post assumes 2 things, 1) you are comfortable working from command line (i.e, ssh), and 2) you have a running LAMP server.  Also, you should have logged in and become root, or if you’re not running these commands as root, make sure to add sudo  prior to the commands.

Step 1 – Download and Install WordPress

#!/bin/bash
sudo su  # become root
cd /var/www/html # assume default site only config
wget -c https://wordpress.org/latest.zip # download latest (apt-get install wget, if needed)
unzip latest.zip; cp -Rf wordpress/* ./; rm -Rf wordpress; rm latest.zip #extract/copy it
mv wp-config-sample.php wp-config.php
chown -R www-data:www-data /var/www/html
find /var/www/html -type d -exec chmod 775 {} \;
find /var/www/html -type f -exec chmod 664 {} \;
# now edit wp-config.php as needed
vim wp-config.php
# nano wp-config # (if you prefer)

Step 2 – Update ‘wp-config.php’ with Database and Key Info.

Now, edit wp-config.php with the database connection information; specifically the following bits are important.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');
/** MySQL database username */
define('DB_USER', 'username_here');
/** MySQL database password */
define('DB_PASSWORD', 'password_here');
/** MySQL hostname */
define('DB_HOST', 'localhost');

Also, you’ll need to generate some key’s and salt values to be used by WordPress, so following the instructions in the comment.  Go here, to generate your own set of copy, and paste-able values.

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

It should look something like this, when you’re done.

define('AUTH_KEY',         '_Eorhi`*K9}4j9V/t?gDhnW^S.f8y:3:|#4Fh{ _PM)C}~s2|$nGwiLwY-izQa++');
define('SECURE_AUTH_KEY',  'i()6ENCHv#/p)&F4@_P@sx;?[z4l)}c0Q6Q+^XTw[[0P&@||_F7@hYIjmH02bmB ');
define('LOGGED_IN_KEY',    ')e`LZ|1,^^u2TXyFi:)=Er_jnhbtuTABDPPAUD|{kL1%RuSW$/ptS>v|+p[|y0P)');
define('NONCE_KEY',        'I}+!nEYFf@t<Mt|[Y3fX$ihd7wBV-ISlOT>NDr `+f8u=E#&b.IkiEXHG>@wRB0h');
define('AUTH_SALT',        'hQ)w?X}kTex*E9RUJ#C6?z}}EX@Wn%ImeUX+b%;ZBkqRMrtn%{YQ[5}[k,#us?96');
define('SECURE_AUTH_SALT', '%3(Ii5hJ;q*)-!y==,;f^}u7SPke|5N~GPt9{{[-A|M|z,yi-tH=)IDWE-zn8Hq,');
define('LOGGED_IN_SALT',   '|.{j2j|c[]I!uh+#IY#s=Y@.40amhKLDg/$#-[L{6IH6as!PAY^**ypF=yUb{.c0');
define('NONCE_SALT',       'D*  dMd|Vaj=`PfsA13SsEX%3n2;R#|H$Z]qnt8PZhdr!+%mPP@e/#tj`dI7.4;+');

That’s it, once you’ve connected the database, and setup the auth keys, you should be able to navigate to your site, and get the WordPress installer.  If you don’t know how to setup a MySQL database for WordPress, try searching the web for creating MySQL databases using phpMyAdmin.  phpMyAdmin, should already be setup if you followed along with the installation instructions from the previous post.  Otherwise, simply type: apt-get install phpmyadmin.  Additionally, for more information about getting started with WordPress, once it is installed, please see the WordPress documentation.

Step 3 – Setup Apache2 Config, and .htaccess for Rewriting and Security

One last thing, that should be done for security, is to limit access to the WordPress Admin System, to only the IP address(es) that I require to have access.  If you’re selling subscriptions, or using many WordPress plugins that require users to login via the WordPress login functionality, then you should skip this step.  For most purposes though, this is a good idea so that no one but you can get to your WordPress admin.

Start by opening the file: vim /var/www/html/.htaccess, and paste this:

#BEGIN WordPress
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# ^^ The above is added by WordPress typically, but it cant hurt to add it, if it is missing.
# lock-down wp-config.php from the public
<Files wp-config.php>
    order allow,deny
    deny from all
</Files>
# lock-down wp-login.php to only white-listed IP addresses
<Files wp-login.php>
        order deny,allow
        deny from all
        allow from 192.168.0.1 # <- your ip goes there
        allow from 192.168.0.2 # <- and there if needed
        allow from 192.168.0.3 # <- as many times as needed
</Files>

To get your external IP address, and not the one most likely assigned by your (wireless or otherwise) router, go here, and copy/paste the IP displayed.  You will also need to make sure that your Apache virtual host is configured to allow overrides in .htaccess files to do this, edit the appropriate virtual host file under: /etc/apache2/sites-available/*.conf  and make sure the virtual host section has the following (or similar) Directory directive.  At the very least the highlighted lines should be present for the directory serving the .htaccess files.

<VirtualHost *:80>
	...
	<Directory /var/www/html>
		AllowOverride All
		Require all granted
		Order allow,deny
		allow from all
	</Directory>
</VirtualHost>

After you save these files, you’ll need to tell the apache2 service to restart/reload, with: service apache2 restart # or service apache2 reload if you prefer.  Now navigate to your sites admin pages at: http://www.yoursitehere.com/wp-admin/, and feel safe, knowing you’re the only one who can get there.

Whenever starting/stopping apache2, it’s a good idea to do a service apache2 status, and look for a response similar to:

   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: active (running) since Tue 2017-01-10 04:19:59 UTC; 2h 25min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 22688 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 23640 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
  Process: 22714 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
    Tasks: 11
   Memory: 355.1M
      CPU: 1min 16.283s
   CGroup: /system.slice/apache2.service
           ├─22732 /usr/sbin/apache2 -k start
           ├─23730 /usr/sbin/apache2 -k start
           ├─23731 /usr/sbin/apache2 -k start
           ├─23733 /usr/sbin/apache2 -k start
           ├─23734 /usr/sbin/apache2 -k start
           ├─23735 /usr/sbin/apache2 -k start
           ├─23737 /usr/sbin/apache2 -k start
           ├─23750 /usr/sbin/apache2 -k start
           ├─23752 /usr/sbin/apache2 -k start
           ├─23753 /usr/sbin/apache2 -k start
           └─23815 /usr/sbin/apache2 -k start

If you do not see this type of output, check /var/log/apache2/error.log  (or your configured error log in your apache2 config for your virtual host).  Type: tail -n 50 /var/log/apache2/error.log , to show the last 50 lines of that file.  The error information should be in the last several lines displayed, and it will tell us what is misconfigured, and if there are typos, or bad directives in all of the apache config files.  This will give us clues as to where to look next.  If there was nothing mistyped, then this should not be an issue, and you should see the correct status for apache2.  Also, you can check /var/log/apache/access.log  for the line: Started LSB: Apache2 web server.

For additional help with configuring Apache2, go to the Apache Documentation.  If you haven’t already gotten your WordPress site up for free on Amazon AWS, sign-up now.  Contact us with questions, or if we can help.