In the first part of this installing WordPress on Ubuntu series I discussed the prerequisites needed and how to create the WordPress database that will be used. In this part I’ll install WordPress and perform the initial set up.
Install Additional Packages
Shell into your web server and run the following two commands to install a couple of packages that are needed but not always installed by default.
sudo apt-get update sudo apt-get install php5-gd libssh2-php
The php5-gd package allows WordPress to perform image manipulation such as creating thumbnails of images you upload. The libssh2-php package, as you can probably guess, allows PHP to work with SSH connections.
Download and Extract WordPress
I typically place my WordPress installs in /var/www and it’s convenient to work straight from this directory so switch to it now:
Download the latest version of WordPress using wget, unlike other software the URL for the latest version of WordPress is always the same:
sudo wget https://wordpress.org/latest.zip
Now extract WordPress:
sudo unzip latest.zip
This will create a new folder call wordpress.
If you don’t have the unzip utility installed on your server you can install it with sudo apt-get install unzip.
sudo wget https://wordpress.org/latest.tar.gz tar xzvf latest.tar.gz
If you are only running one site then you could argue that leaving the directory you’ve just created as wordpress is a reasonable default but I would argue that giving it a more meaningful name is better. Typically I name my directory the same or similar to the primary domain name the site will be hosted under. For example if the URL users would access is www.example.com that is what the directory will be called. To change the name of the wordpress directory:
sudo mv wordpress www.example.com
Switch to the directory containing your WordPress install:
Copy the example configuration file to create a live configuration file and open it for editing:
sudo cp wp-config-sample.php wp-config.php sudo nano wp-config.php
If you don’t have nano installed you can either use another editor or install it with “sudo apt-get install nano“.
The sample file that ships with WordPress is exactly what we want and all it needs is for the appropriate database settings to be added. The four settings you need to edit look like this:
define('DB_NAME', 'example-wp'); define('DB_USER', 'wp-example'); define('DB_PASSWORD', 'password'); define('DB_HOST', 'localhost');
You will certainly need to set first three settings, the fourth is only necessary if you database is on a different server to your WordPress install. When you are finished save the file with Ctrl-O and exit with Ctrl-X.
Create an Uploads Folder and Set Permissions
You should be in the root directory of your WordPress install (if you are following along exactly that will be /var/www/www.example.com). If you were to do a directory listing you would see a sub-directory call wp-content which is where WordPress stores images, plugins, themes etc. Switch to this directory now and then create a new directory call uploads:
cd wp-content sudo mkdir uploads
Until now we’ve lived with all the files and directories belonging to the root user but this isn’t suitable for the live site so move back to the /var/www directory and then change the ownership of the WordPress site files.
cd /var/www sudo chown -R www-data:www-data www.example.com
The chown command simply changes the ownership of the file or directory given as the last argument. The -R switch tells the command to act recursively changing the ownership over everything below the final argument. The www-data:www-data section tells the command that the owner should be www-data and the group should be www-data.
By default the WordPress files will have permissions 644 and the folders 755 which is what we want for basic site security. You may want to change the permissions on wp-config.php to 640 since this file contains your database password but if you are the only person with a log in on the server the benefit is not great.
A Note on Security
At this point you should probably spend a bit of time thinking about what level of security you want for your site and what permissions you want to have on various files and folders. What permissions the various files and folders should have in WordPress is a source of constant debate because there are so many competing factors.
It’s quite common to see people suggest that the owner should be your login account with the group set to www-data and then the file permissions set to 664 and directories to 775. The reason for this seemingly permissive set up is because WordPress wants to write to it’s install directory to add media and install plugins etc. Since Apache is typically running as www-data the group has to be given write permissions. The owner is set to you login so that access to the directory structure is easy for FTP. If you aren’t planning on uploading via FTP however you can happily make the owner www-data.
Of course it’s possible to tie down the permissions much tighter than this as well. If you are happy to install all plugins, themes etc by hand then the whole directory structure can be made read-only to www-data. The downside of this of course is a reduction in convenience but it does harden the system against security holes that may be found in the future.
In the next part of the installing WordPress on Ubuntu series I’ll continue the installation using the WordPress web interface.