skip to primary navigationskip to content
 

Wordpress

Wordpress is a popular third-party blogging platform and content management system. It is known to work on managed web servers. 

If you choose to install it, then you are responsible for that installation and for its subsequent maintenance, and for keeping it up-to-date and secure. It is particularly important to keep Wordpress up to date since its popularity means that any vulnerabilities get exploited very quickly.

Installation

You can follow the standard Wordpress install instructions, with the following notes:

Database

You will need to use the 'MySQL Client' approach to creating a database for Wordpress to use. You will need to know the database root password. If it hasn't yet been changed you can find it on your server's control panel (Server Settings > Change database Root password). This page can also be used to reset the password if it has been lost.

wp-config.php

You must setup your wp-config.php file by hand before trying to run Wordpress for the first time, probably by copying the supplied wp-config-sample.php file and editing it. If you don't, Wordpress will try to create one but fail to save it.
In addition to following the standard instructions, add the following line at the end of wp-config.php:
define('FS_METHOD', 'direct');

index.html

If you install Wordpress directly into your docroot directory then you need to delete the example index.html file so that the web server uses Wordpress's index.php file to display the front page.

Permissions

After following the standard installation instructions, Wordpress will be installed so only you can make changes to the files. To allow others to make changes, you need to change to the directory in which you installed Wordpress (e.g. /var/www/default/docroot if you installed into the document root of your default web site) and issue a 'chmod' command as follows:
cd /var/www/default/docroot
chmod -R g+w *

Media uploads

You also need to setup the permissions on the directory used by Wordpress for uploading pictures and other media. Change to the directory in which you installed Wordpress (e.g. /var/www/default/docroot if you installed into the document root of your default web site) and issue the following commands:
mkdir wp-content/uploads
chmod -R g+w wp-content/uploads
chgrp -R www-data wp-content/uploads

 

Adding themes and plugins, and upgrading Wordpress

After following these instructions you should have a working Wordpress installation. As installed, the web server can't write to the program files that make up Wordpress. This is a valuable safety precaution since it will prevent many of the attacks to which Wordpress can be vulnerable.

However this will prevent Wordpress from installing new themes or plugins, from running the in-browser theme and plugin editor, and from installing updates. You might, for security reasons, chose to install these directly in the browser. However, if you want to do this via the web browser you can enable it from the control panel for an hour (Web Sites > click the mws gears iconicon for the relevant web site). 

This makes the files and directories within docroot group www-data temporarily, so those files and directories will need to be group-writable in order for them to be writable by the webserver process.

You can alternatively make the plugin and theme directories permanently writeable by changing to the directory in which you installed Wordpress (e.g. /var/www/default/docroot if you installed into the document root of your default web site) and issuing the following comands:

chmod -R g+w wp-content/plugins wp-content/themes
chgrp -R www-data wp-content/plugins wp-content/themes

 

If, after clicking on the cogs icon or changing permissions, Wordpress prompts you for an FTP username and password when you try to upload or install plugins and themes, or to upgrade Wordpress, then you may be missing the line 'define('FS_METHOD', 'direct');' from your wp-config.php (see above).