Issues to be covered

  1. Content Management System (CMS)
  2. Instalation and configuration of Wordpress
  3. Database management via Web Browser - phpMyAdmin

Activities

  1. Introduction to the topic of classes, providing teaching materials.
  2. Overview of CMS
  3. Configuration of Web Server
  4. Configuration of MySql database
  5. Instalation of Wordpress

Materials for classes

Introduction tasks

Task 1 - Install Apache2 webserver

  1. On your virtual machine install Apache2 along with PHP and various useful libraries.

    # apt install apache2 php libapache2-mod-php php-mcrypt  php-mysql php-curl php-gd php-zip php-imagick php-mbstring php-xml
  2. Verify that instalation was successful by entering machine hostname in web browser.

Task 2 - Database

  1. Wordpress needs a database to store its data.

  2. Go to https://panel.wmi.amu.edu.pl and create new MySql database named sXXXXXX_tin (page is in Polish so use Chrome translate function). You will also need to change your database user password (keep it secret).

  3. Go to https://mysql.wmi.amu.edu.pl/ to access phpMyAdmin database management tool. Verify that your database was created and is empty.

Task 3 - Install Wordpress (2 p.)

  1. Follow the official Wordpress instalation instructions.

    • In Step 1, use shell access to copy files

    • Skip Step 2 since you created and verified database using phpMyAdmin in previous Task.

    • In Step 3, use sXXXXXX as DB_USER, sXXXXXX_tin as DB_NAME, mysql.wmi.amu.edu.pl as DB_HOST and your own password as DB_PASSWORD. To rename the file use following command

    # mv wp-config-sample.php wp-config.php
    • In Step 4, install Wordpress into subdirectory named wp. Following command may be useful
    # cp -R  wordpress /var/www/html/wp
  2. Log into your fresh Wordpress instalation.

  3. Visit your Wordpress site in new web browser tab (use private mode to disable automatic HTTPS redirection).

    Your Wordpress is not able to upload any files. This is because of file permissions, Apache2 does not have rights to write into your wp directory. To change this invoke those two commands:

    # chown -R www-data:www-data /var/www/html/wp
    # chmod -R g+w /var/www/html/wp
  4. Adding new post may fail with some JSON related error message. This is caused by route handling conflict between pretty permalinks and Wordpress REST API in our subdirectory based WP instalation. To solve that, go to admin panel WordPress Settings | Permalinks and select plain option. Another solution would be to add Apache2 .htaccess rule to rewrite ^/wordpress/wp-json/(.*?)$ into /wordpress/index.php?rest_route=/$1.

Assessment tasks

Mandatory

Task 6.1 - Using Wordpress (3 p.)

Add some content to your Wordpress site. You should at least:

  1. Add a new post that will contain one image and some text.
  2. Change the wordpress theme
  3. Add menu at the top of the site with minimum 3 links.

Task 6.2 - 6G Firewall (2 p.)

Install 6G Firewall into your Wordpress. Do not forget to enable and configure mod_rewrite. Validate 6G Firewall instalation by trying to enter your Wordpress site with ?eval() query string.

Extra

Task D6 - Static Wordpress (5p.)

Wordpress is very often the victim of hacker attacks. Even the installation of Firewall and other solutions does not give 100% security. For sites that are not frequently modified but at the same time heavily exposed to attacks (such as business card pages), you can consider making a static copy of the entire page.

The goal of the task is to configure the automatic generation of a static copy of the entire Wordpress website, and then restriction of the access to the original page only from selected computers. Static copy should be available to everyone.

You may use following Wordpress plugin.