Installing WordPress on ISPConfig

? WordPress Installation and Management

Prerequisites for WordPress

• PHP 7.4 or higher (PHP 8.0+ recommended)
• MySQL 5.7+ or MariaDB 10.3+
• Apache with mod_rewrite
• HTTPS support (recommended)
• At least 512MB RAM

Automatic Installation via APS Installer

1. Navigate to Sites → APS Installer
2. Search for WordPress
3. Click Install
4. Configure installation:
   • Installation location: / (for root) or /blog
   • Database: Create new or use existing
   • Admin username: Choose secure username
   • Admin password: Strong password
   • Admin email: Your email address
   • Site title: Your website name
5. Click Install

Manual WordPress Installation

1. Download WordPress:

   cd /tmp
   wget https://wordpress.org/latest.tar.gz
   tar -xzf latest.tar.gz

2. Move to website directory:

   cp -R wordpress/* /var/www/clients/client1/web1/web/
   chown -R web1:client1 /var/www/clients/client1/web1/web/

3. Create database in ISPConfig
4. Configure wp-config.php:

   cp wp-config-sample.php wp-config.php
   nano wp-config.php

5. Add database details:

   define('DB_NAME', 'c1_wordpress');
   define('DB_USER', 'c1_wpuser');
   define('DB_PASSWORD', 'your_password');
   define('DB_HOST', 'localhost');

6. Run installation wizard
   Visit: https://yourdomain.com/wp-admin/install.php

WordPress Security Configuration

wp-config.php Security

# Add security keys (generate from https://api.wordpress.org/secret-key/1.1/salt/)
define('AUTH_KEY', 'unique-phrase-here');
define('SECURE_AUTH_KEY', 'unique-phrase-here');
define('LOGGED_IN_KEY', 'unique-phrase-here');
define('NONCE_KEY', 'unique-phrase-here');

# Disable file editing
define('DISALLOW_FILE_EDIT', true);

# Force SSL for admin
define('FORCE_SSL_ADMIN', true);

# Limit login attempts
define('WP_FAIL2BAN_ENABLED', true);

.htaccess Security Rules

# Protect wp-config.php
<Files wp-config.php>
    Order Allow,Deny
    Deny from all
</Files>

# Disable directory browsing
Options -Indexes

# Protect .htaccess
<Files .htaccess>
    Order Allow,Deny
    Deny from all
</Files>

# Block XML-RPC
<Files xmlrpc.php>
    Order Deny,Allow
    Deny from all
</Files>

WordPress Performance Optimization

Enable Caching

• Install caching plugin (W3 Total Cache, WP Super Cache)
• Enable browser caching
• Configure object caching
• Enable page caching

PHP Settings for WordPress

In ISPConfig PHP settings:

• memory_limit = 256M
• max_execution_time = 300
• post_max_size = 64M
• upload_max_filesize = 64M
• max_input_vars = 3000

WordPress Multisite Setup

1. Add to wp-config.php before "That's all":

define('WP_ALLOW_MULTISITE', true);

WordPress Backup

Using ISPConfig Backup

• Enable website backup in ISPConfig
• Includes all WordPress files
• Database backed up separately

WordPress-Specific Backup

# Backup files
tar -czf wp-backup-$(date +%Y%m%d).tar.gz /path/to/wordpress/

# Backup database
mysqldump -u username -p database_name > wp-db-$(date +%Y%m%d).sql

WordPress Cron Setup

Disable WordPress pseudo-cron and use real cron:

1. Add to wp-config.php:

   define('DISABLE_WP_CRON', true);

2. Add ISPConfig cron job:

   */15 * * * * /usr/bin/php /path/to/wordpress/wp-cron.php

Common WordPress Issues

• White screen: Enable debug mode in wp-config.php
• 404 on permalinks: Check .htaccess and mod_rewrite
• Upload failed: Check PHP limits and folder permissions
• Database connection error: Verify credentials in wp-config.php
• Memory exhausted: Increase PHP memory_limit