Instalação novo server WP (ubuntu 18.4)

README.md

• Pra começar, atualize o sistema:

  sudo apt update
  sudo apt upgrade -y

• Intale o MariaDB:

  sudo apt install -y mariadb-server
  sudo mysql_secure_installation

  Ao logar com sudo mysql:

  CREATE USER site@localhost IDENTIFIED BY '';
  GRANT ALL PRIVILEGES ON site.* TO site@localhost;
  FLUSH PRIVILEGES;

• Instalar wp-cli

  sudo apt install -y php-fpm php-mysql
  curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
  chmod +x wp-cli.phar
  sudo mv wp-cli.phar /usr/local/bin/wp

• Instalar o WP

  sudo apt install -y sendmail
  cd /var/www/html
  sudo chown -R `whoami`:www .  # pega a pasta para usuário atual (ubuntu)
  rm -fr *  # limpa a pasta
  wp core download
  wp config create --dbname=site --dbuser=site --force --extra-php <<PHP
  define( 'WP_DEBUG', true );
  define( 'WP_DEBUG_LOG', true );
  define( 'WP_HOME', "http://{$_SERVER['HTTP_HOST']}" );
  define( 'WP_SITEURL', "http://{$_SERVER['HTTP_HOST']}" );
  PHP
  wp core install --url=0.0.0.0 --title="My site" --admin_user=admin [email protected] --admin_password=admin

• Nginx

  sudo apt install -y nginx

  Faça o nginx enteder o que é o Wordpress

  • https://codex.wordpress.org/Nginx#Global_restrictions_file
  • https://codex.wordpress.org/Nginx#General_WordPress_rules

• Certbot

  sudo apt install -y certbot python-certbot-nginx

restrictions.conf

# Global restrictions configuration file.
# Designed to be included in any server {} block.
location = /favicon.ico {
	log_not_found off;
	access_log off;
}

# robots.txt fallback to index.php
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
    allow all;
    try_files $uri $uri/ /index.php?$args @robots;
    access_log off;
    log_not_found off;
}

# additional fallback if robots.txt doesn't exist
location @robots {
   return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
}

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac) excepted .well-known directory.
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\.(?!well-known\/) {
    deny all;
}

# Deny access to any files with a .php extension in the uploads directory for the single site
location /wp-content/uploads {
    location ~ \.php$ {
        deny all;
    }
}


# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
	deny all;
}

wordpress.conf

location / {
	# This is cool because no php is touched for static content.
	# include the "$is_args$args" so non-default permalinks
	# doesn't break when using query string
	try_files $uri $uri/ /index.php$is_args$args;
}

location ~ \.php$ {
	#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	include fastcgi.conf;
	fastcgi_intercept_errors on;
	fastcgi_pass php;
	#fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; 
	fastcgi_buffers 16 16k;
	fastcgi_buffer_size 32k;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
	expires max;
	access_log off;
	log_not_found off;
}