...
Configure MySQL
Secure MySQL
Still working this out - http://dev.mysql.com/doc/refman/5.0/en/mysql-secure-installation.html
As a staff user run the Secure Installation script included with MySQL,
...
The remainder of this section happens inside of the mysql shell.
Create the WordPress Database and Accounts in MySQL
Enter the following MySQL commands,
...
| Code Block | ||
|---|---|---|
| ||
EXIT |
A
Setup WordPress
Install WordPress
...
Launch a browser and hit the WordPress setup page for your machine at http://krypton.com/blog/wp-admin/install.php
Next Steps
- Set URL
- ...
and you will be prompted to create a configuration file.
Click the button, "Create a Configuration File".
The next prompt reminds you of all the critical information you will need. The Bonsai Framework takes a high security posture, so the automatic file creation should not work. Click the "Let's go!" button.
Enter the required information and click "Submit",
| Field | Value | Comment |
|---|---|---|
| Database Name | wpkryptondb | |
| User Name | wpkryptonuser | |
| Password | This is the application password set during the wpkryptondb database creation step. | |
| Database Host | localhost | Address of the database server. In this example, the database is on the same server so use localhost. |
| Table Prefix | bf_ | The Bonsai Framework approach is to not share a single database instance. As such it is not technically necessary to change the table prefix. However, given the architecture of WordPress and popularity it is recommended to change the prefix to something other than wp_ to make the system less susceptible to attacks. |
It is expected that you will receive a message that WordPress can not write the wp-config file,
| Panel |
|---|
Sorry, but I can't write the wp-config.php file. You can create the wp-config.php manually and paste the following text into it. |
Copy the generated wp-config.php file.
| Tip |
|---|
Some shortcuts to ensure you get it all fast,
|
Go to your shell, load your favourite editor and paste the contents of the wp-config.php file,
| Code Block | ||
|---|---|---|
| ||
vi /opt/www.krypton.com/www/blog/wp-config.php |
Once you have saved the file, go back to your browser and click "Run the install".
Enter Site Information
Finally enter the site information,
| Field | Value | Comment |
|---|---|---|
| Site Title | Krypton | We like to reference our domain name. |
| Username | PRDRGH01APP1 | Do NOT use admin for username. WordPress (as of Sep 2012) out of the box, has no facilities to stop dictionary attacks against the administration system. Admin will be the first username guessed. Here the BonsaiFramework uses the hostname as the Bonsai Framework naming standard is not easily guessable but relevant to the administrator. |
| Password | As mentioned, WordPress has no facilities to stop dictionary attacks. Choose a very very long and complex password. (Anyone know of a good site that shows how quickly an entered password would be broken with a dictionary attack, put the link here) | |
| Your E-mail | admin@bonsaiframework.com | Even in a small company you should have a general support email box that only administrators have access to. Use that rather than your personal email address. This email address will be used for password recovery purposes. |
| Privacy | This depends on the purpose of your website. Unless this is a private site that should not show up on Google, leave it checked. |
Click, "Install WordPress" which should result in a success screen.
Click "Log In".
Lock Down WordPress
WordPress and PHP simply due to the model is inherently insecure when compared to more Enterprise solutions.
...