Return to: Part 1
Command Line Access, Security
Almost everything done to establish a server running WordPress is done at the operating system command line.
The typical situation is that you’re installing software on a computer remotely over the internet. For the sake of simplicity and brevity, I’ll assume this case in most of these discussions.
If you’re using a local computer directly, such as a laptop running Unix or a UNIX-like operating system – there will be access to the command line either because the system boots directly to it, or the command line is accessible using a terminal application.
If you’re using a cloud based host service, there may be a web based capability to access the server’s “console” or primary terminal. The server console is a convenient way to perform some system tasks such as reboot.
Using a network based terminal program is typical and has advantages. A key advantage is that it may have the ability to scroll up – allowing you to see the results of previous activities.
Any internet connected computer has network related security concerns. In a production environment you’ll need to consider things like a firewall, rootkit detection and removal, anti-virus detection and removal, and remote login security – not to mention backup and recovery capabilities.
Using a cloud based server, many of these security and backup capabilities may be pre-installed – you’ll need to investigate and address any issues.
The most typical remote access to a network connected server is through the terminal program called SSH.
SSH provides basic security for remote terminal access by requiring the user id and password of a user account on your server. SSH will encrypt your terminal connection.
reference: https://www.openssh.com/
Additional SSH security capability can be obtained through the use of SSH “keys.” SSH Keys are totally elective for establishing a WordPress server. If you choose to implement SSH keys, I’ve included a discussion about them this technical article.
User Accounts and Permissions
There is at least one step in the process of building your WordPress system that requires being logged in as root. So I’ll assume you have access to the root account of your server host.
Users are discouraged from using the root user account unnecessarily. It’s unrestricted capabilities pose a risk of damaging a system by accident.
A non-root user account, used specifically for WordPress management and administrative activities, helps keep things organized and secure. I use the user account “wp-ops” in my examples.
To get started, access to the command line of your server host as root.
User accounts that are members of the sudo (super user do) group can perform most of the commands allowed by the root user account. However user accounts in the sudo group (sometimes call “sudoers”) must preface privileged commands with the term “sudo.” This provides some protection of a sudoer from issuing a privileged command accidentally.
When logged in to Unix and Unix-like systems as root, the command line prompt ends in “#” – all other times the prompt ends in “$”. So in my examples you can look for this to determine which account I’m presuming you’re using: root or wp-ops.
Use the “adduser” and “usermod” commands to add the wp-ops user account and add it to the “sudo” group. (“↵” denotes pressing ENTER)
~# adduser wp-ops↵
~# usermod wp-ops -aG sudo↵
Some UNIX-like systems have a “groups” command that will display the groups an account is a member. To show a change to your groups, your session may need to be refreshed first by logging out and back in again. Or if you’re using a network connection with SSH, by disconnecting and reconnecting – because reconnecting SSH logs you back in again.
After creating the wp-ops user account and adding it to the sudo group, you should be able to verify it with the groups command.
Last login: Thu Feb 20 14:47:57 2020
wp-ops@seebylooking:~$ groups↵
wp-ops sudo
wp-ops@seebylooking:~$
Preparation For Adding Software
Login using the wp-ops account. Before installing software, update your system’s copy of the repository list using the “apt update” command.
~$ sudo apt update↵
Now that you have an updated copy of the repository list, update any packages that have newer versions or dependencies with the “apt upgrade” command.
~$ sudo apt upgrade↵
As an option, you may remove any unused packages to save space.
~$ sudo apt autoremove↵
reference: https://wiki.debian.org/DebianPackageManagement
reference: https://askubuntu.com/questions/81585/what-is-dist-upgrade-and-why-does-it-upgrade-more-than-upgrade
Go to: Part 3