Differences

This shows you the differences between two versions of the page.

--- computing:selfhostedwp [2023/06/10 05:12] – oemb1905
+++ computing:selfhostedwp [2023/06/22 23:09] – oemb1905
@@ Line 86: / Line 86: @@
   sudo nano /var/www/site1.com/public_html/wp-config.php
-Let's also add the following line to the ''wp-config.php'' file for updates:
+Let's also add the following line to the ''wp-config.php'' file for updates. Note: //This only needs to be added if you are not using libapachemod sfaik.//
   sudo nano /var/www/site1.com/public_html/wp-config.php
   <define('FS_METHOD','direct');>
-Plug-ins and other WP services can mess with the ''.htaccess'' file often, so use this default configuration below //when that happens//; more templates can be found here:  [[https://codex.wordpress.org/htaccess|WP Codex]]
-  sudo nano /var/www/site1.com/public_html/.htaccess
+Visit wordpress site and configure by opening a web browser of your choice and entering site1.com. If you need more than one site, but do not want to set up a separate virtual host, for example using ''subdomain.site1.com'', then you should read [[https://wiki.haacksnetworking.com/doku.php?id=computing:wpmultisite|Word Press Multisite]]. Optimizing WP is a different matter, for caching and header security, and other best practices, consider the following.
+  apt install memcached
+  nano /etc/default/memcached
+  a2enmod cache
-  # BEGIN WordPress
+Put this snippet under ''#Include /etc/proftpd/tls.conf'' and then restart the service:
-  <IfModule mod_rewrite.c>
-  RewriteEngine On
+  sudo systemctl restart proftpd.service
-  RewriteBase /
-  RewriteRule ^index\.php$ - [L]
-  RewriteCond %{REQUEST_FILENAME} !-f
-  RewriteCond %{REQUEST_FILENAME} !-d
-  RewriteRule . /index.php [L]
-  </IfModule>
-  # END WordPress
-Visit wordpress site and configure by opening a web browser of your choice and entering site1.com. If you need more than one site, but do not want to set up a separate virtual host, for example using ''subdomain.site1.com'', then you should read [[https://wiki.haacksnetworking.com/doku.php?id=computing:wpmultisite|Word Press Multisite]]. Optimizing WP is a different matter, for caching and header security, and other best practices, consider the following.
+Optimizing and securing WordPress usually boils down to some cache and header settings. Cache and/or page expiry settings:
   apt install memcached
   nano /etc/default/memcached
   a2enmod cache
+  a2enmod expires
+  <IfModule mod_expires.c>
+          ExpiresActive On
+          ExpiresByType image/jpg "access 1 year"
+          ExpiresByType image/jpeg "access 1 year"
+          ExpiresByType image/gif "access 1 year"
+          ExpiresByType image/png "access 1 year"
+          ExpiresByType text/css "access 1 week"
+          ExpiresByType text/html "access 1 month"
+          ExpiresByType text/x-javascript "access 1 week"
+          ExpiresDefault "access 1 month"
+  </IfModule>
+Enable re-writes:
+  a2enmod rewrite
+  <IfModule mod_rewrite.c>
+          RewriteEngine On
+          RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+          RewriteBase /
+          RewriteRule ^index\.php$ - [L]
+          RewriteCond %{REQUEST_FILENAME} !-f
+          RewriteCond %{REQUEST_FILENAME} !-d
+          RewriteRule . /index.php [L]
+          <FilesMatch "\.(js|css|jpe?g|png|gif|eot|otf|svg|ttf|woff2?)$">
+                  Header set Timing-Allow-Origin "*"
+          </FilesMatch>
+  </IfModule>
+Enable headers:
+  a2enmod headers
+  <IfModule mod_headers.c>
+          Header always set X-Content-Type-Options "nosniff"
+          <IfModule mod_setenvif.c>
+                  SetEnvIf Origin "^(.+)$" CORS=$0
+          </IfModule>
+          Header set Access-Control-Allow-Origin %{CORS}e env=CORS
+          Header set Access-Control-Allow-Credentials "true" env=CORS
+          <FilesMatch "\.(php|html)$">
+                  Header set X-Frame-Options "ALLOW"
+                  Header set X-XSS-Protection "0"
+                  Header set X-Download-Options "noopen"
+                  Header set X-Permitted-Cross-Domain-Policies "none"
+                  Header set X-DNS-Prefetch-Control "on"
+                  Header set Pragma "no-cache"
+                  Header set Age "0"
+                  Header set Cache-Control ""
+                  Header set Strict-Transport-Security "max-age=0" env=HTTPS
+                  Header set Referrer-Policy ""
+                  Header set Cross-Origin-Embedder-Policy "unsafe-none"
+                  Header set Cross-Origin-Opener-Policy "unsafe-none"
+                  Header set Report-To '{"max_age": 0, "endpoints": [{"url": ""}]}'
+                  Header set Content-Security-Policy "default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'"
+                  Header set Referrer-Policy "no-referrer-when-downgrade"
+                  Header set Feature-Policy "camera 'none'; fullscreen 'self'; geolocation *; microphone 'self' https://plaza.pvpfrontier/*"
+          </FilesMatch>
+  </IfModule>
+Personally, I don't think anyone should be using ftp or even sftp right now, but many still do. If so, here's how to make an sftp server for updating WordPress that way:
 You can optionally require an sftp server instead of using the default installer.  Here's an example using proftp, which is still maintained:
@@ Line 118: / Line 174: @@
   sudo openssl req -new -x509 -days 7305 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem
   sudo nano /etc/proftpd/proftpd.conf
+  a2enmod tls
   <IfModule mod_tls.c>
@@ Line 131: / Line 188: @@
      TLSOptions NoSessionReuseRequired
   </IfModule>
-Put this snippet under ''#Include /etc/proftpd/tls.conf'' and then restart the service:
-  sudo systemctl restart proftpd.service
-Happy hacking!
- --- //[[oemb1905@jonathanhaack.com|oemb1905]] 2019/08/09 05:32//
+ --- //[[jonathan@haacksnetworking.org|oemb1905]] 2023/06/22 17:00//

Haack's Wiki

User Tools

Site Tools

Differences

Page Tools