Perfect Ubuntu 12.04, nginx and Wordpress

Discussion in 'Server Operation' started by willebanks, Mar 12, 2014.

  1. willebanks

    willebanks New Member

    Greetings All

    About a 6 weeks ago I installed the "Perfect Ubuntu 12.04 LTS Server" with nginx as it was explain that nginx was "faster" than Apache and faster is always good.

    For 5 of those 6 weeks I have been fighting with my Internet provider to open port 25 so I could send mail since I can receive mail it would be nice to be able to send it! As of 48 hours ago I claim victory over than issue....

    So now I ready to setup my webpages and since I have past experience with Wordpress that was the software i'm inclined to use...But there seems to be little info available on how to make this happen with nginx and some of what I have read makes me think I should have stayed with Apache....

    So here are my questions!

    Is there a simple step by step method that I can use to setup a secure WordPress website using my current server setup?
    "The Perfect Server - Ubuntu 12.04 LTS (nginx, BIND, Dovecot, ISPConfig 3)"

    Since I don't mind starting over, would I better off doing a clean install of "The Perfect Server - Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3)" Which seems to have more info available on installing a secure WordPress website...

    And since Ubuntu 14.04 LTS is just around the corner, Can I upgrade 12.04 LTS to 14.04 LTS without breaking anything or would 13.04 be a better place to start just for the time being...

    Any and all ideas and suggestions are welcome!

    Thanks in advance.

    Will Banks
    Derby, CT
  2. willebanks

    willebanks New Member

    Howdy Justin...

    I already have ISPConfig would know that if you read my post.

    What I'm looking for are simple directions on how to securely install Wordpress on my shiny new Ubuntu 12.04 Server...Again you would know this if you had read my post....

    Anyone else want to get it a go? Please read my post first...and don't the post!


    Will Banks
    Derby, CT
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Hi Wil,

    the guy you answered was a spammer. Lots of junk links in his post.

    To your question:

    The most important thing in wordpress security is to install wordpress updates and updates for wordpress plugins frequently. additionally, you can disable some php functions like exec, pasthru, etc. that are not needed by wordpress.

    For security, it does not matter if you use nginx or wordpress. apache is just a bit easier to handle when you are not familar with nginx rewrite rules for wordpress.

    So the basic steps to install wordpress are:

    1) Create a website and mysql database in ispconfig.
    2) Upload wordpress to the web directory of the site and run the wordpress installer to configure it.
  4. willebanks

    willebanks New Member

    Hi Till,

    thanks for the micro mini tutorial on how to install a WordPress website!

    I created the Ubuntu 12.04 server and ISPConfig for myself as a way to learn Linux, Apache, MySQL and so forth. No one else will ever use my server but me and those surfers on the web that find my site(s).

    So I have 2 small security related questions to any website install.

    I've noticed in various log files some users trying to access WordPress directories and files that don't exists by using the html "Get" command and a few others...How can I protect future directories and files from these naughty people before my sites go "live"?

    I also noticed that MySQL was configured to listen to all ports in the "Perfect 12.04" tutorial. Isn't this extremely dangerous? Is there a way to configure MySQL to listen to a single port or as few ports as absolutely necessary....

    I'm sorry that this is such a long post but I want to learn as mach about Linux security as I can...

    Thanks again Till,

  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats normal on any server connected to the internet and wordpress is made for that, also the HTML get commands are not dangerous. So there is nothing that you have to do before your site goes live. Data and directories that may not be accessed by http are not inside the web directory anyway. If you want to upload data that shall not be accessible on the web, then you upload it to the private directory and not to the web directory.

    MySQL listens on just one port, not various ports when you followed the tutorial and mysql access is configured by username, so if a user can access mysql from a external IP is defined in the mysql user settings in ispconfig. If you want mysql to listen only on IP, then you can do that in mysql my.cnf. But you wont be able to manage manage mysql databases with desktop tools anymore then.
  6. willebanks

    willebanks New Member

    Thanks Till for all your patience and help!


Share This Page