by capuk
12 deployments · 10 still active · last rev. 4 months ago

WordPress is a powerful open source content management system built with PHP. With an easy to use content editor, WordPress is a good choice for blogs, news sites, and personal websites. Choose from thousands of themes to customize WordPress' look and feel, or create your own theme with WordPress' flexible templating system. You can also expand WordPress with hundreds of plugins, and engage your community with WordPress' comments system.

Compatible with: Debian 9
Includes: app-helper
set -x

# Installs Wordpress and creates first site.

# <UDF name="site_title" Label="Site Title" default="My Wordpress Site" example="My Blog" />
# <UDF name="wpadmin" Label="Wordpress Admin Username" example="Username for your WordPress admin panel" />
# <UDF name="wp_password" Label="Wordpress Admin Password" example="an0th3r_s3cure_p4ssw0rd" />
# <UDF name="email" Label="Wordpress Admin Email Address" example="Your email address" />
# <UDF name="pubkey" Label="Your SSH public key" default="" />

source <ssinclude StackScriptID="421856">

exec 1> >(tee -a "/var/log/stackscript.log") 2>&1

# Set hostname, configure apt and perform update/upgrade

if [[ "$PUBKEY" != "" ]]; then

apt install haveged -y
DBROOT_PASSWORD=`head -c 32 /dev/random | base64`
DB_PASSWORD=`head -c 32 /dev/random | base64 | tr -d /=+`

# UFW update

ufw allow http
ufw allow https
ufw allow 25
ufw allow 587
ufw allow 110
ufw enable

# Set MySQL root password on install


### Installations

# Install PHP

apt-get install php7.0 php7.0-cli php7.0-curl php7.0-mysql \
php7.0-mcrypt php-pear libapache2-mod-php7.0 php7.0-gd php7.0-common \
php7.0-xml php7.0-zip apache2 mysql-server unzip sendmail -y

#Install WP

wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
mv wp-cli.phar /usr/local/bin/wp
chmod 755 /usr/local/bin/wp

### Configurations


mysql -uroot -p"$DBROOT_PASSWORD" -e "CREATE DATABASE wordpressdb"
mysql -uroot -p"$DBROOT_PASSWORD" -e "GRANT ALL ON wordpressdb.* TO 'wordpress'@'localhost' IDENTIFIED BY '$DB_PASSWORD'";

# Apache

rm /var/www/html/index.html
mkdir /var/www/wordpress

# Configuration of virtualhost file, disables xmlrpc

cat <<END > /etc/apache2/sites-available/wordpress.conf
<Directory /var/www/wordpress/>
    Require all granted
<VirtualHost *:80>
    ServerName $IP
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/wordpress/
    ErrorLog /var/log/apache2/wordpress/error.log
    CustomLog /var/log/apache2/wordpress/access.log combined
    <files xmlrpc.php>
      order allow,deny
      deny from all

mkdir -p /var/log/apache2/wordpress
touch /var/log/apache2/wordpress/error.log
touch /var/log/apache2/wordpress/access.log

# Enable Keepalives

sed -ie "s/KeepAlive Off/KeepAlive On/g" /etc/apache2/apache2.conf

# Configure Wordpress site

cd /var/www/wordpress

wp core download --allow-root

wp core config --allow-root \
--dbhost=localhost \
--dbname=wordpressdb \
--dbuser=wordpress \

wp core install --allow-root \
--url="$IP" \
--title="$SITE_TITLE" \
--admin_user="$WPADMIN" \
--admin_email="$EMAIL" \
--admin_password="$WP_PASSWORD" \

chown www-data:www-data -R /var/www/wordpress/

#Cron for WP updates

echo "* 1 * * * '/usr/local/bin/wp core update --allow-root --path=/var/www/wordpress' > /dev/null 2>&1" >> wpcron
crontab wpcron
rm wpcron

# Disable the default virtual host to minimize security risks:

a2dissite 000-default.conf
a2ensite wordpress.conf

# Restart services

systemctl restart mysql
systemctl restart apache2