+91 88 00 563434 [email protected] Blog open-book Knowledge Base

Find Solutions in Our Knowledge Base

How to Configure Secure Updates and Installations in WordPress

You are here:
Sharing is Caring

WordPress is the most popular Content Management System used today. It is extremely simple, powerful, and easy to manage. WordPress offers a wide range of plugins, and many of them are free to use. Before you start, make sure you have set up LAMP stack and installed WordPress. You will need to login either as root or as a privileged user to perform the following steps. Please note that you should replace “wp-user” with your WordPress user and “www-data” with your Apache web user.

 

Set Up Secure Updates with SSH

To control a WordPress installation using the adduser command, create a user named wp-user.

$ adduser wp-user

You will be prompted to set a new password for wp-user. You can leave all the fields blank and press “ENTER” for all the prompts.

Change the directory to the WordPress installation directory using the cd command.

$ cd /var/www/html/

Change the ownership of everything under this directory to wp-user. Use the -R option to change the ownership recursively for directories and their contents.

$ chown -R wp-user:wp-user /var/www/html/

 

Create SSH Keys for WordPress User

Switch to the WordPress user by using the command below.

$ su – wp-user

You can create the SSH key using the ssh-keygen command. Specify the type of key to be generated with the -t option and the number of bits with the -b option.

$ ssh-keygen -t rsa -b 4096

You will be asked to provide the location to store the SSH keys. You can choose /home/wp-user/wp-rsa and press enter for all the prompts to create a key without password authentication. Enter the file in which to save the key (/home/wp-user/.ssh/id_rsa): /home/wp-user/wp_rsa

Exit back to your normal user (root) account:

$ exit

To make permissions secure, grant ownership to wp-user and apache web user respectively.

$ chown wp-user:www-data /home/wp-user/wp_rsa*

$ chmod 0640 /home/wp-user/wp_rsa*

To allow the web process to log in, you need to create a .ssh directory under the wp-user home directory and give it appropriate permissions and ownership.

$ mkdir /home/wp-user/.ssh

$ chown wp-user:wp-user /home/wp-user/.ssh

$ chmod 0700 /home/wp-user/.ssh/

Copy the public key into the authorized keys file so that the user can log in using these credentials.

$ cp /home/wp-user/wp_rsa.pub /home/wp-user/.ssh/authorized_keys

Modify the permissions and ownership of these files to ensure they can be accessed while remaining secure.

$ chown wp-user:wp-user /home/wp-user/.ssh/authorized_keys

$ chmod 0644 /home/wp-user/.ssh/authorized_keys

Since these keys will only be used for logging in from within the WordPress site, which is on the same computer, we can restrict the login to this server.

$ vi /home/wp-user/.ssh/authorized_keys

At the very beginning of the file, before any of the other text, add the portion below to restrict the key usage to the local computer.

from=”127.0.0.1″ ssh-rsa…

Save and close the file.

 

Modify WordPress Configuration to Use Keys

Install the necessary packages for WordPress to authenticate SSH logins.

$ yum update -y

$ yum install php5-dev libssh2-1-dev libssh2-php

Edit the WordPress configuration file and set the values.

$ vi /var/www/html/wp-config.php

define(‘FTP_PUBKEY’,’/home/wp-user/wp_rsa.pub’);

define(‘FTP_PRIKEY’,’/home/wp-user/wp_rsa’);

define(‘FTP_USER’,’wp-user’);

define(‘FTP_PASS’,”);

define(‘FTP_HOST’,’127.0.0.1:22′);

Save and close the configuration file.

$ chmod 755 -R /var/www/html/wp-content

$ chown -R wp-user:www-data /var/www/html/wp-content

 

Restart Apache

After successfully completing the above steps, you need to restart Apache.

$ /etc/init.d/httpd restart

or

$ service httpd restart

 

Check the Results

Visit your website in a browser and login to your WordPress Dashboard using the following URL.

yourdomain.com/wp-admin

You can check if the settings are configured correctly by trying to install a new theme. Follow the steps below to install a theme:

Navigate to Appearance >> Themes >> Install Themes

Search for a theme or click on “Featured” themes and click on install. It should successfully login, download, and install the package using your key files. Click on “Activate” to switch to the new theme and then click “go to site” to see the results.

If you need further assistance, please contact our support department.


Sharing is Caring

Leave a Comment

Table of Contents