Installing WordPress

Prerequisites

MySQL Server
Wordpress requires a database system, so if you don’t already have it installed on your account, you’ll need to install MySQL.
MySQL Database
You also need to create a database for WordPress. The name is not too important, but most users choose “wordpress.” Look at our instructions for creating a database using the MySQL command-line client, or use phpMyAdmin.
Understand your Responsibilities and Keep Site Up to Date
WordPress is frequently updated. As a site owner, you are responsible for keeping your site up-to-date and properly upgraded. Old installs can result in unpatched security holes which can be exploited. In order to keep the servers secure, UW-IT may shut down compromised or potentially insecure sites without prior notification. If you have old versions of WordPress, please be sure to remove or secure them.
Sign up for the UW WordPress Users Mailing List (Optional)
If you would like to be notified about new versions of WordPress, security updates, caching tips, and other relevant information about running a WordPress site on the UW servers, we recommend signing up for the UW WordPress Users Mailing list. You can also ask questions from fellow WordPress users on campus.

Installation

Log into your web development server using a terminal emulator. If you’re not sure how to do this, click here for instructions.
Change directories to your public_html directory.
```
cd public_html
```

Download WordPress using wget.

wget https://wordpress.org/latest.tar.gz

Unzip the file you just downloaded.
```
tar -xzvf latest.tar.gz
```
WordPress has a configuration script that will allow you to configure it to connect to your database via the web. We’ll use that. Open your favorite browser and go to
```
http://account_type.washington.edu/uw_netid/wordpress/wp-admin/setup-config.php
```
Replace account_type with staff, faculty, depts, courses, or students. Use whichever of these you normally use to view the website where you are installing WordPress. Replace uw_netid with your UW NetID.

Start the setup process by clicking on “Let’s go!”.

Enter the database connection details, applying the values from your MySQL installation.

Database Name:	wordpress (or whatever you named the database you created for WordPress. See Prerequisite step 2 above.)
User Name:	username (Use a username you have created in MySQL with access to the wordpress database. If you didn’t create a separate user, this will most likely be root).
Password:	password (The password for the MySQL user mentioned above. If you’re using root, it will be your MySQL password.)
Database Host:	webdev_host.u.washington.edu:NNNNN (see Note below)
Table Prefix:	`wp_` (leave this unchanged)

Note: The “Database Host” field is often confused. You’ll need to enter the right value for webdev_host and the right port, NNNNN, for your MySQL server.
What to use for your webdev_host:

students: vergil
others (who have set up localhome): your_netid.ovidothers who have not set up localhome: ovidNN (where you replace NN with whichever ovid host you set up MySQL on.

The port number, NNNNN, will be the port number that you started MySQL on. This can be found in your .my.cnf file if you don’t remember.

If port 12345 was used and the UW NetID account with localhome set were “fred,” here are examples for the three cases:

students: vergil.u.washington.edu:12345

others: fred.ovid.u.washington.edu:12345

others, without localhome: ovid02.u.washington.edu:12345

Learn more about web development environments.

Continue the installation by clicking on “Submit”.
You’ll see an “Information needed” screen. Complete the entries with a Title for your blog. (This is what people will see.) Leave the Username as “admin” unless you have reason to use something else. Enter a password for “admin” and your email address. (The password will be required in the future to administer the site, so remember it.) Choose whether or not you want search engines to index your site. Then click the “Install WordPress” button.
You should see a “Success!” screen, with the administrator Username. Click the “Log In” button to access your WordPress site.
To further secure your new WordPress site, please do the following as soon as possible:

– Log back into your web development server using a terminal emulator as in Installation Step 1 above.

– Change unix file permissions of the ‘wp-config.php’ file to “read/write for owner only”:
```
chmod 600 ~/public_html/wordpress/wp-config.php
```
For additional information on securing the site, see ‘Hardening WordPress’: https://wordpress.org/support/article/hardening-wordpress/
That completes the initial WordPress installation. Using the login from step 9, you can now proceed to customize and use the blog. To save space on your account delete the “latest.tar.gz” file originally downloaded.

Making WordPress Appear in the Web Root

Using these instructions you can make your WordPress blog appear in the root of your Web directory without the potential problems of putting all of your WordPress files in the Web root. These instructions are based on instructions for Giving WordPress its Own Directory.

Note: If not completed properly, these instructions can make your WordPress installation unusable without manual database manipulation to make it work again. Be sure to fully read through these instructions and make sure you understand them before beginning.

Copy the index.php file from your “wordpress” directory to the “public_html” directory.
```
cp ~/public_html/wordpress/index.php ~/public_html/
```
Delete your old index.html file.
```
rm ~/public_html/index.ht*
```
Edit the index.php file to refer to the proper location.
```
nano ~/public_html/index.php
```
Change the line that says:
```
require __DIR__ . '/wp-blog-header.php';
```
to the following:
```
require __DIR__ . '/wordpress/wp-blog-header.php';
```
Save and close the file using Nano. (Click for instructions on how to use nano).
Go to the administration dashboard. Go to Settings > General.
Remove “/wordpress” from the end of the value in the “Site address (URL)” field. The value should then look like “http://type.washington.edu/UWNetID” where “type” is the type of account you’re using and “UWNetID” is the UW NetID of the account you’re using.
- Important! Do not edit the field labeled “WordPress Address (URL)”. This is the actual location of WordPress and changing the path will cause your site to become inaccessible via a web browser!
Click “Save Changes.”
Go to Settings > Permalinks.
Select the permalink structure you prefer, and click the “Save Changes” button.
Now visit your site and see if WordPress is displayed properly.

Improving Performance

By default, WordPress dynamically generates a webpage every time a visitor views it. In many cases, this is unnecessary and can lead to slow loading times and overwhelmed servers in times of high traffic. Webpage caching can often assist in speeding up general site performance and make it a better visiting experience for your users. While WordPress doesn’t have any built-in caching capability, there are a number of plugins which can perform website caching. You can view more information about how to speed up your site at the WordPress Codex:

WordPress Optimization/Caching

Note: W3 Total Cache is not fully compatible with UW servers. WP Super Cache is recommended instead.

Authentication Setups

There’s a plugin for WordPress that will allow you to use UW NetID authentication to log in to your blog. This means that if you’ve logged into Web Alpine or MyUW or other UW websites during this session, you’ll already be logged into your blog. That’s pretty handy.

UW NetID Required for Posting

This setup will require you to log in with your UW NetID in order to post entries, edit the configuration or other administrative tasks.

Log into WordPress as the administrator.
Create a WordPress user with the same username as your UW NetID. This will be the user that you normally log in as, so you might want to consider giving the user administrator privileges. Note that when you create users in WordPress, the Nickname field is used for their username.
In order to protect all of your administrative functions you’ll have to enable UW NetID authentication for wp-login.php, xmlrpc.php and the wp-admin directory.You can do this by adding two .htaccess files. Open the first file using nano (it’s okay if this is blank):
```
nano ~/public_html/wordpress/.htaccess
```
Then add the following to the file. You should replace netid1 netid2 netid3 with the list of UW NetIDs that you want to be able to post to your blog.
```
<Files wp-login.php>
AuthType shibboleth
<IfVersion < 2.4>
  ShibCompatWith24 on
</IfVersion>
ShibRequestSetting requireSession true
ShibRequestSetting redirectToSSL 443
require valid-user
</Files>

<Files xmlrpc.php>
AuthType shibboleth
<IfVersion < 2.4>
  ShibCompatWith24 on
</IfVersion>
ShibRequestSetting requireSession true
ShibRequestSetting redirectToSSL 443
require shib-user netid1 netid2 netid3 
</Files>
```
Save and close the file using Nano. (Click for instructions on how to use nano).
Now, open the other .htaccess file (it’s okay if this is blank when you initially open it).
```
nano ~/public_html/wordpress/wp-admin/.htaccess
```
Now add the following text to that file where you replace netid1 netid2 netid3 with the list of UW NetIDs that you want to be able to administer your blog.
```
AuthType shibboleth
<IfVersion < 2.4>
  ShibCompatWith24 on
</IfVersion>
ShibRequestSetting requireSession true
ShibRequestSetting redirectToSSL 443
require shib-user netid1 netid2 netid3 
```
Save and close the file using Nano. (Click for instructions on how to use nano)
On the command line, go to the plugins directory of your WordPress install. This is located at wordpress/wp-content/plugins. If your WordPress directory is called “wordpress”, you can use this command:
```
cd ~/public_html/wordpress/wp-content/plugins
```
Download the plugin using wget. (As of October 2013 version 4.5 was current. That may change.)
```
wget https://itconnect.uw.edu/wp-content/uploads/2023/08/http-authentication.zip
```
Unzip the plugin.
```
unzip http-authentication.zip
```
Hopefully you’re still logged in as the administrator account. Go to the Plugins screen and activate “HTTP Authentication.”
You’re done. Verify that everything’s working by posting to your site.

UW NetID Required for Comments and Posting

Before you read this part, go through the instructions UW NetID Required for Posting. Most of the work for this setup will already have been done when you get through that one.

Log into WordPress as the administrator.
Go to “Settings” and then “Discussion.” Check the box labeled “Users must be registered and logged in to comment.”
Go to “Settings” and then “HTTP Authentication.” Check the box labeled “Automatically create accounts?” This means that anyone with a NetID who doesn’t already have a user account will automatically have one created for them on the WordPress blog. In the “Email address domain” enter “uw.edu.” Click on “save changes.”

Add the following section to the .htaccess file in your WordPress directory.

<Files wp-comments-post.php>
AuthType shibboleth
<IfVersion < 2.4>
  ShibCompatWith24 on
</IfVersion>
ShibRequestSetting requireSession true
ShibRequestSetting redirectToSSL 443
require valid-user
</Files>

You’re done. Open your website and post a comment to test your setup.

UW NetID Protected Blog

This is the most strongly protected setup in which users will have to log in with their UW NetID in order to even read your blog.

There are two options you’ll have to update in order to get the blog to load things properly when you turn authentication on in the .htaccess file. You can get to these settings by clicking on “Options.”The options “WordPress address (URI)” and “Blog address (URI)” will both need to be changed to begin with “https” rather than “http.”
Create a WordPress user with the same name as your UW NetID. This will be the user you normally log in as, so you might want to consider giving the user administrator privileges.
In order to get the plugin working you’ll have to enable UW NetID authentication for your WordPress directory.You can do this by following the instructions for Authorizing Any Valid UW NetID.Assuming you want anyone with a UW NetID to be able to read your blog, you can use this .htaccess file in your WordPress directory:
```
AuthType shibboleth
<IfVersion < 2.4>
  ShibCompatWith24 on
</IfVersion>
ShibRequestSetting requireSession true
ShibRequestSetting redirectToSSL 443
require valid-user
```
Hopefully you’re still logged in as the administrator account. Go to the Plugins screen and activate “HTTP Authentication.”
That should do it. Contact help@uw.edu if you have any problems.