CentOS下搭建WordPress网站及安全设置

一、前言

二、环境

三、基本配置

1.搭建LAMP环境

2.安装WordPress

3.安装phpMyAdmin

四、安全配置

1.身份验证

2.来源控制

3.加密访问(https)

五、测试

-------------------------------------------

一、前言

LAMP即Linux+Apache+Mysql+PHP，一组常用来搭建动态网站或者服务器的开源软件，本身都是各自独立的程序，但是因为常被放在一起使用，拥有了越来越高的兼容度，共同组成了一个强大的Web应用程序平台。随着开源潮流的蓬勃发展，开放源代码的LAMP已经与J2EE和.Net商业软件形成三足鼎立之势，并且该软件开发的项目在软件方面的投资成本较低，因此受到整个IT界的关注。从网站的流量上来说，70%以上的访问流量是LAMP来提供的，LAMP是最强大的网站解决方案．

WordPress是一种使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL 数据库的服务器上架设属于自己的网站。也可以把 WordPress 当作一个内容管理系统（CMS）来使用。WordPress 是一个免费的开源项目，在GNU通用公共许可证下授权发布。WordPress 被认为是Michel Valdrighi所开发的网志平台b2/cafelog的正式继承者。“WordPress”这个名字出自 Christine Selleck 的主意，他是主要开发者Matt Mullenweg的朋友。

phpMyAdmin 是一个以PHP为基础，以Web-Base方式架构在网站主机上的MySQL的数据库管理工具，让管理者可用Web接口管理MySQL数据库。借由此Web接口可以成为一个简易方式输入繁杂SQL语法的较佳途径，尤其要处理大量资料的汇入及汇出更为方便。其中一个更大的优势在于由于phpMyaAdmin跟其他PHP程式一样在网页服务器上执行，但是您可以在任何地方使用这些程式产生的HTML页面，也就是于远端管理MySQL数据库，方便的建立、修改、删除数据库及资料表。也可借由phpMyAdmin建立常用的php语法，方便编写网页时所需要的sql语法正确性。

二、环境

系统：redhat6.5 32位

IP：192.168.2.200/24

软件包：

wordpress-3.9-zh_CN.zip wordpress主文件

phpMyAdmin-4.1.5-all-languages.zip phpMyAdmin主文件

三、基本配置

1.搭建LAMP环境

		
								# service iptables stop    //关闭防火墙及SELinux 

								# setenforce 0 

								# yum install httpd mysql mysql-server php php-mysql php-gd php-xml 

								# service httpd start 

								# service mysqld start 

								# chkconfig httpd on       //开机启动 

								# chkconfig --list |grep httpd 

								httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off 

								# chkconfig mysqld on 

								# chkconfig --list |grep mysql 

								mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off 

								# mysqladmin -u root -p password '123'  //为mysql设置用户和密码 

								Enter password:                         //此处回车即可。 

								# mysql -u root -p 

								Enter password: 

								mysql> create database wordpress;       //创建wordpress数据库，为下面安装wordpress做准备。 

								mysql> show databases; 

								+--------------------+ 

								| Database           | 

								+--------------------+ 

								| information_schema | 

								| mysql              | 

								| test               | 

								| wordpress          | 

								+--------------------+ 

								mysql> \q 

								Bye

2.安装WordPress

		
								# unzip wordpress-3.9-zh_CN.zip    //解压缩 

								# mv wordpress /var/www/html/

将下面IP和域名写入hosts文件C:\Windows\System32\drivers\etc\hosts

192.168.2.10 www.yinuo.com

客户端浏览器访问 http://www.yinuo.com/wordpress/

(1)点击创建配置文件。

(2)点击现在就开始。

（3）写入用户名和密码，点击提交。

（4)按照提示，手动创建wp-config.php文件，并把文本复制进去，然后进行安装。

		
								# cd /var/www/html/wordpress/ 

								# vim wp-config.php

（5）如果数据库连接错误，一定要看下wp-config.php文件的17-26行，不许有任何错误（如下图）。

（6）填写站点信息，安装wordpress。

（7）已成功，可以进行登录了。

（8）登录测试。

（9）更换个性主题，如fengying.zip。

		
								# unzip fengying.zip 

								# mv fengying /var/www/html/wordpress/wp-content/themes/

3.安装phpMyAdmin

		
								# unzip phpMyAdmin-4.1.5-all-languages.zip 

								# mv phpMyAdmin-4.1.5-all-languages /var/www/html/phpmyadmin 

								# rpm -qa php           //查看php版本信息 

								php-5.3.3-22.el6.i686 

								http://rpm.pbone.net/   //去这个网址下载和php版本相对应的php-mbstring

		
								# rpm -ivh php-mbstring-5.3.3-22.el6.i686.rpm 

								# rpm -qa |grep php 

								php-5.3.3-22.el6.i686 

								php-mbstring-5.3.3-22.el6.i686 

								再次提醒，php和php-mbstring版本信息必须一致。 

								# service httpd restart 

								Stopping httpd:                              [  OK  ] 

								Starting httpd:                              [  OK  ]

访问http://192.168.2.10/phpmyadmin/

输入数据库的账号和密码。

管理数据库（图形界面下的mysql管理工具）。

四、安全配置

1.身份验证

		
								# vim /etc/httpd/conf/httpd.conf 

								338     AllowOverride all        //访问需要验证 

								# cd /var/www/html/wordpress/ 

								# vim .htaccess                  //创建验证说明文件 

								authuserfile   /var/www/html/.htpasswd 

								authname       "nuo"

								authtype       basic 

								require        valid-user 

								# cd ..                  

								# htpasswd -c .htpasswd admin    //创建密码文件，用户名为admin，为了安全，密码和说明文件不在同一目录下 

								New password: 

								Re-type new password: 

								Adding password for user admin 

								# cat .htpasswd 

								admin:OEWyxf6WFthog 

								# ll -a 

								drwxr-xr-x. 3 root root 4096 May 14 14:21 . 

								drwxr-xr-x. 6 root root 4096 Mar 30 15:01 .. 

								-rw-r--r--. 1 root root   20 May 14 14:21 .htpasswd 

								drwxr-xr-x. 5 root root 4096 May 14 14:20 wordpress 

								# service httpd restart 

								Stopping httpd:                                            [  OK  ] 

								Starting httpd:                                            [  OK  ]

客户端浏览器访问 http://www.yinuo.com/wordpress/

需账号和密码才能正常访问个人主页。

2.来源控制

		
								# vim /etc/httpd/conf/httpd.conf 

								343     Order allow,deny 

								344     Allow from all 

								345     deny from X.X.X.X

X.X.X.X 表示拒绝访问的IP。

3.加密访问(https)

		
								# cd /etc/pki 

								# ll 

								drwxr-xr-x. 6 root root 4096 Mar 30 14:59 CA 

								drwxr-xr-x. 4 root root 4096 Mar 30 14:57 ca-trust 

								drwxr-xr-x. 2 root root 4096 Mar 30 15:41 entitlement 

								drwxr-xr-x. 2 root root 4096 Mar 30 14:57 java 

								drwxr-xr-x. 2 root root 4096 Mar 30 14:58 nssdb 

								drwxr-xr-x. 2 root root 4096 Mar 30 15:15 product 

								drwxr-xr-x. 2 root root 4096 Mar 30 14:55 rpm-gpg 

								drwx------. 2 root root 4096 Aug 15  2013 rsyslog 

								drwxr-xr-x. 5 root root 4096 Mar 30 14:59 tls 

								# vim tls/openssl.cnf

		
								# cd /etc/pki/CA/ 

								# touch index.txt 

								# touch serial 

								# echo 00 >serial 

								# openssl genrsa 1024 >private/cakey.pem 

								Generating RSA private key, 1024 bit long modulus 

								.................++++++ 

								.........................................++++++ 

								e is 65537 (0x10001) 

								# ll private/cakey.pem 

								-rw-r--r--. 1 root root 887 May 14 14:38 private/cakey.pem 

								# openssl req -new -key private/cakey.pem -x509 -out cacert.pem 

								You are about to be asked to enter information that will be incorporated 

								into your certificate request. 

								What you are about to enter is what is called a Distinguished Name or a DN. 

								There are quite a few fields but you can leave some blank 

								For some fields there will be a default value, 

								If you enter '.', the field will be left blank. 

								----- 

								Country Name (2 letter code) [XX]:CN 

								State or Province Name (full name) []:HeNan 

								Locality Name (eg, city) [Default City]:ZhengZhou 

								Organization Name (eg, company) [Default Company Ltd]:ZZU 

								Organizational Unit Name (eg, section) []:tec 

								Common Name (eg, your name or your server's hostname) []:rootca.net.org 

								Email Address []: 

								# mkdir -pv /etc/httpd/certs 

								# cd /etc/httpd/certs/ 

								# openssl genrsa 1024 >httpd.key 

								Generating RSA private key, 1024 bit long modulus 

								.......++++++ 

								....++++++ 

								e is 65537 (0x10001) 

								# ll 

								-rw-r--r--. 1 root root 887 May 14 14:42 httpd.key 

								# chmod 600 httpd.key 

								# ll 

								-rw-------. 1 root root 887 May 14 14:42 httpd.key 

								# vim /etc/pki/tls/openssl.cnf   // 低行命令模式:85,87 s/match/optional

		
								# openssl req -new -key httpd.key -out httpd.crq 

								You are about to be asked to enter information that will be incorporated 

								into your certificate request. 

								What you are about to enter is what is called a Distinguished Name or a DN. 

								There are quite a few fields but you can leave some blank 

								For some fields there will be a default value, 

								If you enter '.', the field will be left blank. 

								----- 

								Country Name (2 letter code) [XX]:CN 

								State or Province Name (full name) []:HeNan 

								Locality Name (eg, city) [Default City]:ZhengZhou 

								Organization Name (eg, company) [Default Company Ltd]:abc 

								Organizational Unit Name (eg, section) []:tec 

								Common Name (eg, your name or your server's hostname) []:www.abc.com 

								Email Address []: 

								Please enter the following 'extra' attributes 

								to be sent with your certificate request 

								A challenge password []: 

								An optional company name []: 

								# ll 

								-rw-r--r--. 1 root root 651 May 14 14:46 httpd.crq 

								-rw-------. 1 root root 887 May 14 14:42 httpd.key 

								# openssl ca -in httpd.crq -out httpd.cert 

								Using configuration from /etc/pki/tls/openssl.cnf 

								Check that the request matches the signature 

								Signature ok 

								Certificate Details: 

								        Serial Number: 0 (0x0) 

								        Validity 

								            Not Before: May 14 21:46:54 2014 GMT 

								            Not After : May 14 21:46:54 2015 GMT 

								        Subject: 

								            countryName               = CN 

								            stateOrProvinceName       = ZhengZhou 

								            organizationName          = abc 

								            organizationalUnitName    = tec 

								            commonName                = www.abc.com 

								        X509v3 extensions: 

								            X509v3 Basic Constraints: 

								                CA:FALSE 

								            Netscape Comment: 

								                OpenSSL Generated Certificate 

								            X509v3 Subject Key Identifier: 

								                0A:8A:11:6A:C4:86:4B:66:DC:C3:10:B5:D4:CE:C2:AB:E8:8A:8B:DE 

								            X509v3 Authority Key Identifier: 

								                keyid:79:AB:D7:17:BC:30:27:1F:59:08:6F:01:70:A2:33:53:55:99:27:E1 

								Certificate is to be certified until May 14 21:46:54 2015 GMT (365 days) 

								Sign the certificate? [y/n]:y 

								1 out of 1 certificate requests certified, commit? [y/n]y 

								Write out database with 1 new entries 

								Data Base Updated 

								# cd /etc/pki/CA/ 

								# cat index.txt 

								V 150514214654Z 00 unknown /C=CN/ST=ZhengZhou/O=abc/OU=tec/CN=www.abc.com 

								# yum install mod_ssl 

								# vim /etc/httpd/conf.d/ssl.conf 

								105 SSLCertificateFile /etc/httpd/certs/httpd.cert 

								112 SSLCertificateKeyFile /etc/httpd/certs/httpd.key 

								121 SSLCertificateChainFile /etc/pki/CA/cacert.pem 

								# service httpd configtest       //语法测试 

								Syntax OK 

								# vim /etc/httpd/conf/httpd.conf 

								136 #Listen 80                   //关闭80端口，仅能使用https方式访问 

								# service httpd restart 

								Stopping httpd:                       [  OK  ] 

								Starting httpd:                       [  OK  ] 

								# netstat -tupln |grep httpd 

								tcp        0      0 :::443     :::*       LISTEN      25167/httpd

五、测试

客户端浏览器访问 https://www.yinuo.com/wordpress/

查看证书并安装。

主页展示

本文出自 “一诺千金” 博客，请务必保留此出处http://yinuoqianjin.blog.51cto.com/8360868/1352804

(责任编辑：IT)

搜索

热门标签:

CentOS下搭建WordPress网站及安全设置