Topics
Although Apache is hosting our site (or lack of one) already, it's best practice to configure a new Apache site file for our WordPress install. This will allow you more flexibility in the future if you want to host multiple websites or make changes to where the WordPress directory is installed, etc. Apache and Nginx are very established projects, and they both have their own reasons for being so whilst achieving a similar identical goal of serving your WordPress site. However, when we look deeper in their designs, there is a major difference in how connections are handled by each server.
- Multisite
- General Examples
The .htaccess is a distributed configuration file, and is how Apache handles configuration changes on a per-directory basis.
WordPress uses this file to manipulate how Apache serves files from its root directory, and subdirectories thereof. Most notably, WP modifies this file to be able to handle pretty permalinks.
This page may be used to restore a corrupted .htaccess file (e.g. a misbehaving plugin).
Basic WP Basic WP
Multisite Multisite
WordPress 3.5 and up WordPress 3.5 and up
If you activated Multisite on WordPress 3.5 or later, use one of these.
Subfolder Example
SubDomain Example
WordPress 3.4 and below WordPress 3.4 and below
If you originally installed WordPress with 3.4 or older and activated Multisite then, you need to use one of these:
SubFolder Example
WordPress 3.0 through 3.4.2
SubDomain Example
General Examples General Examples
Options Options
Any options preceded by a + are added to the options currently in force, and any options preceded by a – are removed from the options currently in force.
Possible values for the Options directive are any combination of:
None
All options are turned off.
All
All options except for MultiViews. This is the default setting.
ExecCGI
Execution of CGI scripts using mod_cgi is permitted.
FollowSymLinks
The server will follow symbolic links in this directory.
Includes
Server-side includes provided by mod_include are permitted.
IncludesNOEXEC
Server-side includes are permitted, but the #exec cmd and #exec cgi are disabled.
Indexes
URL maps to a directory, and no DirectoryIndex, a formatted listing of the directory.
MultiViews
Content negotiated “MultiViews” are allowed using mod_negotiation.
SymLinksIfOwnerMatch
Wordpress Apache2 Config
Only follow symbolic links where target is owned by the same user id as the link.
This will disable all options, and then only enable FollowSymLinks, which is necessary for mod_rewrite.
DirectoryIndex DirectoryIndex
DirectoryIndex sets the file that Apache will serve if a directory is requested.
Several URLs may be given, in which case the server will return the first one that it finds.
DefaultLanguage DefaultLanguage
DefaultLanguage will cause all files that do not already have a specific language tag associated with it will use this.
Default Charset Default Charset
Set the default character encoding sent in the HTTP header. See: Setting charset information in .htaccess
Set Charset for Specific Files
Set for specific files
ServerSignature ServerSignature
The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents. Optionally add a line containing the server version and virtual host name to server-generated pages (internal error documents, FTP directory listings, mod_status and mod_info output etc., but not CGI generated documents or custom error documents).
On
adds a line with the server version number and ServerName of the serving virtual host
Off
suppresses the footer line
creates a “mailto:” reference to the ServerAdmin of the referenced document
Force Files to be Downloaded Force Files to be Downloaded
The below will cause any requests for files ending in the specified extensions to not be displayed in the browser but instead force a “Save As” dialog so the client can download.
HTTP Compression HTTP Compression
The AddOutputFilter directive maps the filename extension extension to the filters which will process responses from the server before they are sent to the client. This is in addition to any filters defined elsewhere, including SetOutputFilter and AddOutputFilterByType. This mapping is merged over any already in force, overriding any mappings that already exist for the same extension.
See also: https://developers.google.com/speed/docs/insights/EnableCompression
Force Compression for certain files
Send Custom HTTP Headers Send Custom HTTP Headers
The Header directive lets you send HTTP headers for every request, or just specific files. You can view a sites HTTP Headers using Firebug, Chrome Dev Tools, Wireshark or an online tool.
Unset HTTP Headers Unset HTTP Headers
This will unset HTTP headers, using always will try extra hard to remove them.
Password Protect Login Password Protect Login
This is very useful for protecting the wp-login.php file. You can use this htpasswd generator.
Basic Authentication
Digest Authentication
Require Specific IP Require Specific IP
This is a way to only allow certain IP addresses to be allowed access.
Protect Sensitive Files Protect Sensitive Files
This denies all web access to your wp-config file, error_logs, php.ini, and htaccess/htpasswds.
Require SSL Require SSL
This will force SSL, and require the exact hostname or else it will redirect to the SSL version. Useful in a /wp-admin/.htaccess file.
External Resources External Resources
See also See also
Few days ago we showed you how to setup WordPress with Nginx and Let’s Encrypt free SSL/TLS certificates… For those who want to run Let’s Encrypt with Apache2 instead, then steps below should help them..
This brief tutorial will show students and new user a step by step guide on how to setup WordPress websites with Apache2 and use Let’s Encrypt free SSL/TLS certificates and security features to help improve their website performance and protect their sites against malicious actors..
This setup might take a while to complete and the process below should work on other websites as well… It doesn’t have to be WordPress… This setup should work on other CMSes and plain HTML sites out of the box…When you’re ready to setup WordPress and Let’s Encrypt, follow the steps below:
Step 0: Get your Domain Name
Let’s Encrypt works with valid domain and a working server that the domain is pointing to… This setup assumes that your domain name is called example.com and is pointing to your server with IP address 192.168.1.2
Don’t forget to also make sure www CNAME is pointing to the domain name…. Should look like something below:
Step 1: Install and Configure WordPress
Now that you’ve configured your domain to point to your server, continue below to setting up WordPress and Let’s Encrypt…
First install Apache2 HTTP server since we’re using Apache2 for this post.. To install Apache2 server, run the commands below:
After installing Apache2, the commands below can be used to stop, start and enable Apache2 service to always start up with the server boots…
Now that Apache2 is installed…. to test whether the web server is working, open your browser and browse to the URL below…
If you see the page above, then Apache2 is successfully installed…
Step 2: Install MariaDB Database Server
WordPress also requires a database server to store its content… If you’re looking for a truly open source database server, then MariaDB is a great place to start… To install MariaDB run the commands below:
sudo apt-get install mariadb-server mariadb-client
After installing MariaDB, the commands below can be used to stop, start and enable MariaDB service to always start up when the server boots…
Run these on Ubuntu 16.04 LTS
Run these on Ubuntu 19.04 and 18.04 LTS
Next, run the commands below to secure the database server with a root password if you were not prompted to do so during the installation…
sudo mysql_secure_installation
When prompted, answer the questions below by following the guide.
- Enter current password for root (enter for none): Just press the Enter
- Set root password? [Y/n]: Y
- New password: Enter password
- Re-enter new password: Repeat password
- Remove anonymous users? [Y/n]: Y
- Disallow root login remotely? [Y/n]: Y
- Remove test database and access to it? [Y/n]: Y
- Reload privilege tables now? [Y/n]: Y
Now that MariaDB is installed, to test whether the database server was successfully installed, run the commands below…
sudo mysql -u root -p
type the root password when prompted…
If you see a similar screen as shown above, then the server was successfully installed…
Step 3: Install PHP 7.2 and Related Modules
WordPress CMS is a PHP based CMS and PHP is required… However, PHP 7.2 may not be available in Ubuntu default repositories… To run PHP 7.2 on Ubuntu 16.04 and previous, you may need to run the commands below:
Then update and upgrade to PHP 7.2
sudo apt update
Next, run the commands below to install PHP 7.2 and related modules.
sudo apt install php7.2 libapache2-mod-php7.2 php7.2-common php7.2-mysql php7.2-gmp php7.2-curl php7.2-intl php7.2-mbstring php7.2-xmlrpc php7.2-gd php7.2-xml php7.2-cli php7.2-zip
After installing PHP 7.2, run the commands below to open PHP default configuration file for Apache2…
The lines below is a good settings for most PHP based CMS… Update the configuration file with these and save….
Everytime you make changes to PHP configuration file, you should also restart Apache2 web server… To do so, run the commands below:
sudo systemctl restart apache2.service
Now that PHP is installed, to test whether it’s functioning, create a test file called phpinfo.php in Apache2 default root directory…. ( /var/www/html/)
sudo nano /var/www/html/phpinfo.php
Then type the content below and save the file.
<?php phpinfo( ); ?>
Next, open your browser and browse to the server’s hostname or IP address followed by phpinfo.php
You should see PHP default test page…
Step 4: Create WordPress Database
Now that you’ve installed all the packages that are required for WordPress to function, continue below to start configuring the servers. First run the commands below to create a blank WordPress database.
To logon to MariaDB database server, run the commands below.
sudo mysql -u root -p
Then create a database called wpdatabase
CREATE DATABASE wpdatabase;
Create a database user called wpuser with a new password
CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'new_password_here';
Then grant the user full access to the database.
GRANT ALL ON wpdatabase.* TO 'wpuser'@'localhost' IDENTIFIED BY 'user_password_here' WITH GRANT OPTION;
Finally, save your changes and exit.
Step 5: Download WordPress Latest Release
To get WordPress latest release you will need to go to its official download page and get it from there… The link below is where to find WordPress latest archive versions…
Then run the commands below to set the correct permissions for WordPress root directory and give Apache2 control….
Step 6: Configure Apache2
Next, configure Apache2 site configuration file for WordPress… This file will control how users access WordPress content. Run the commands below to create a new configuration file called example.com.conf
sudo nano /etc/apache2/sites-available/example.com.conf
Then copy and paste the content below into the file and save it. Replace the highlighted line with your own domain name and directory root location.
Save the file and exit.
Now the the example.com configuration file is created, run the commands below to enable it…
sudo a2ensite example.com.conf
At this point Apache2 should be configured and ready to respond over HTTP… It doesn’t yet support HTTPS.
Step 7: Install and Configure Let’s Encrypt
Now that our Apache2 site is enabled and ready to use, run the commands below to install and configure Let’s Encrypt to secure the Apache2 website…
First install Certbot… Certbot is a fully featured and easy to use tool that can automate the tasks for obtaining and renewing Let’s Encrypt SSL certificates…
To install it, run the commands below:
sudo apt install certbot
After installing Certbot, create a file to for Let’s Encrypt to the Webroot plugin to validate our domain in the ${webroot-path}/.well-known/acme-challenge directory….
To do that, create the directory and give Apache2 access to it…
Next, create a well-known challenge file with the configurations below…
sudo nano /etc/apache2/conf-available/well-known.conf
Then copy and paste the content below into the file and save…
Save the file and exit
Step 8: Obtain Your Free Certificate
At this point, your domain should be pointing to your server IP… Apache2 HTTP server installed and configured and Certbot installed ready to obtain your certificate…
Before requesting your free certificate, open your example.com enable Apache2 configurations and modules by running the commands below…
Wordpress Apache Logs
The commands below enable Apache2 SSL, Headers, HTTPS/2 and the well-known configuration file we created above..
After enabling the modules and config file above, restart Apache2 server… To do that, run the commands below
sudo systemctl restart apache2
At this point all is set and you’re ready to obtain your certificate… To do that run the commands below:
sudo certbot certonly --agree-tos --email admin@example.com --webroot -w /var/lib/letsencrypt/ -d example.com -d www.example.com
Let’s Encrypt should connect validate your domain and server, then install the domain certificate… If everything is successful, you should see a similar message as below:
At this point you have a certificate, now go and add it to Apache2 configuration for example.com domain…
First, let’s generate a Diffie–Hellman key exchange (DH) certificate to securely exchange cryptographic keys… To do that, run the commands below to generate a certificate with 2048 bit…
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Next, open your example.com config file and make it so that it looks similar to the one below:
sudo nano /etc/apache2/sites-available/example.com.conf
Configure your file to look similar to the one below
Next you will need to configure a server cache for the OCSP status information. The best place for this would be in the Apache SSL configuration file.
sudo nano /etc/apache2/mods-available/ssl.conf
This file contains all the options that Apache uses for SSL. An additional option SSLStaplingCache, needs to be added to this file as below.
The SSLStaplingCache directive defines the location for the cache and a size value for the OCSP cache.
Save your changes above and restart Apache2 for the settings above to take effect..
sudo systemctl restart apache2
To setup a process to automatically renew the certificates, add a cron job to execute the renewal process.
sudo crontab -e
Wordpress Apache Vs Nginx
Then add the line below and save.
0 1 * * * /usr/bin/certbot renew & > /dev/null
The cron job will attempt to renew 30 days before expiring
Step 9: Complete WordPress Setup
Finally, open your browser and browse to the server domain name. You should see WordPress setup wizard to complete. Please follow the wizard carefully.
Then follow the on-screen instructions… Select the installation language then click Continue
Wordpress Apache Vs Nginx
You will need to know the following items before proceeding…. Use the database connection info you created above….
- Database name
- Database username
- Database password
- Database host
- Table prefix (if you want to run more than one WordPress in a single database)
The wizard will use the database information to create a wp-config.php file in WordPress root folder….
If for any reason this automatic file creation doesn’t work, don’t worry… All this does is fill in the database information to a configuration file. You may also simply open wp-config-sample.php in a text editor, fill in your information, and save it as wp-config.php.
Next, type in the database connection info and click Submit
After that, click Run the installation button to have WordPress complete the setup…
Next, create the WordPress site name and the backend admin account…. then click Install WordPress
When you’re done, WordPress should be installed and ready to use…
Congratulation! You have successfully installed WordPress with Let’s Encrypt on Ubuntu 16.04 | 18.04….
You may also like the post below: