Skip to content

Instantly share code, notes, and snippets.

@wildkatz2004

wildkatz2004/wp.sh

Forked from koolamusic/wp.sh
Last active April 10, 2018 00:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wildkatz2004/c9637e1be5b70a41ea8ec36c97dcc47f to your computer and use it in GitHub Desktop.
Save wildkatz2004/c9637e1be5b70a41ea8ec36c97dcc47f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
wp.sh
#!/bin/bash
#####################################################
#Script to confiruge Server, WebServer and WordPress#
#####################################################
#Colors settings
BLUE='\033[0;34m'
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[0;33m'
NC='\033[0m' # No Color
Cyan='\033[0;36m' # Cyan
Color_Off='\033[0m' # Text Reset
#Welcome message
clear
echo "============================================"
echo "WordPress & LAMP stack installation"
echo "and configuration wizard!"
echo "============================================"
echo "Would you like to begin? (y/n)"
read -e beginconfig
if [ "$beginconfig" == y ] ; then
echo -e "$Cyan \n Updating and installing LAMP config $Color_Off"
sudo apt update && sudo apt install lamp-server^
fi
#Checking packages
echo -e "List of required packeges: nano, zip, unzip, mc, htop, fail2ban, apache2 & php, mysql, php curl, phpmyadmin, wget, curl"
read -r -p "Do you want to check packeges? [y/N] " response
case $response in
[yY][eE][sS]|[yY])
NANO=$(dpkg-query -W -f='${Status}' nano 2>/dev/null | grep -c "ok installed")
if [ $(dpkg-query -W -f='${Status}' nano 2>/dev/null | grep -c "ok installed") -eq 0 ];
then
echo -e "${YELLOW}Installing nano${NC}"
apt-get install nano --yes;
elif [ $(dpkg-query -W -f='${Status}' nano 2>/dev/null | grep -c "ok installed") -eq 1 ];
then
echo -e "${GREEN}nano is installed!${NC}"
fi
ZIP=$(dpkg-query -W -f='${Status}' zip 2>/dev/null | grep -c "ok installed")
if [ $(dpkg-query -W -f='${Status}' zip 2>/dev/null | grep -c "ok installed") -eq 0 ];
then
echo -e "${YELLOW}Installing zip${NC}"
apt-get install zip --yes;
elif [ $(dpkg-query -W -f='${Status}' zip 2>/dev/null | grep -c "ok installed") -eq 1 ];
then
echo -e "${GREEN}zip is installed!${NC}"
fi
MC=$(dpkg-query -W -f='${Status}' mc 2>/dev/null | grep -c "ok installed")
if [ $(dpkg-query -W -f='${Status}' mc 2>/dev/null | grep -c "ok installed") -eq 0 ];
then
echo -e "${YELLOW}Installing mc${NC}"
apt-get install mc --yes;
elif [ $(dpkg-query -W -f='${Status}' mc 2>/dev/null | grep -c "ok installed") -eq 1 ];
then
echo -e "${GREEN}mc is installed!${NC}"
fi
HTOP=$(dpkg-query -W -f='${Status}' htop 2>/dev/null | grep -c "ok installed")
if [ $(dpkg-query -W -f='${Status}' htop 2>/dev/null | grep -c "ok installed") -eq 0 ];
then
echo -e "${YELLOW}Installing htop${NC}"
apt-get install htop --yes;
elif [ $(dpkg-query -W -f='${Status}' htop 2>/dev/null | grep -c "ok installed") -eq 1 ];
then
echo -e "${GREEN}htop is installed!${NC}"
fi
FAIL2BAN=$(dpkg-query -W -f='${Status}' fail2ban 2>/dev/null | grep -c "ok installed")
if [ $(dpkg-query -W -f='${Status}' fail2ban 2>/dev/null | grep -c "ok installed") -eq 0 ];
then
echo -e "${YELLOW}Installing fail2ban${NC}"
apt-get install fail2ban --yes;
elif [ $(dpkg-query -W -f='${Status}' fail2ban 2>/dev/null | grep -c "ok installed") -eq 1 ];
then
echo -e "${GREEN}fail2ban is installed!${NC}"
fi
PHPMYADMIN=$(dpkg-query -W -f='${Status}' phpmyadmin 2>/dev/null | grep -c "ok installed")
if [ $(dpkg-query -W -f='${Status}' phpmyadmin 2>/dev/null | grep -c "ok installed") -eq 0 ];
then
echo -e "${YELLOW}Installing phpmyadmin${NC}"
apt-get install phpmyadmin --yes;
elif [ $(dpkg-query -W -f='${Status}' phpmyadmin 2>/dev/null | grep -c "ok installed") -eq 1 ];
then
echo -e "${GREEN}phpmyadmin is installed!${NC}"
fi
WGET=$(dpkg-query -W -f='${Status}' wget 2>/dev/null | grep -c "ok installed")
if [ $(dpkg-query -W -f='${Status}' wget 2>/dev/null | grep -c "ok installed") -eq 0 ];
then
echo -e "${YELLOW}Installing wget${NC}"
apt-get install wget --yes;
elif [ $(dpkg-query -W -f='${Status}' wget 2>/dev/null | grep -c "ok installed") -eq 1 ];
then
echo -e "${GREEN}wget is installed!${NC}"
fi
CURL=$(dpkg-query -W -f='${Status}' curl 2>/dev/null | grep -c "ok installed")
if [ $(dpkg-query -W -f='${Status}' curl 2>/dev/null | grep -c "ok installed") -eq 0 ];
then
echo -e "${YELLOW}Installing curl${NC}"
apt-get install curl --yes;
elif [ $(dpkg-query -W -f='${Status}' curl 2>/dev/null | grep -c "ok installed") -eq 1 ];
then
echo -e "${GREEN}curl is installed!${NC}"
fi
;;
*)
echo -e "${RED}
Packeges check is ignored!
Please be aware, that apache2, mysql, phpmyadmin and other software may not be installed!
${NC}"
;;
esac
# Installing additional features
echo -e "$Cyan \n Installing additional features...$Color_Off"
sudo apt-get install -y debconf-utils
sudo apt-get -y install expect
# Download wp-cli.phar to be able to install Wordpress
echo "============================================"
echo "Install wp-cli"
echo "============================================"
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
php wp-cli.phar --info
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp
# Show info about wp-cli
wp --info --allow-root
#phpmyadmin default path change
echo -e "${YELLOW}Changing phpMyAdmin default path from /phpMyAdmin to /myadminphp...${NC}"
read -r -p "Do you want to change default phpMyAdmin path to /myadminphp? [y/N] " response
case $response in
[yY][eE][sS]|[yY])
cat >/etc/phpmyadmin/apache.conf <<EOL
# phpMyAdmin default Apache configuration
Alias /myadminphp /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
<IfModule mod_php5.c>
<IfModule mod_mime.c>
AddType application/x-httpd-php .php
</IfModule>
<FilesMatch ".+\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/
</IfModule>
</Directory>
# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
<IfModule mod_authz_core.c>
<IfModule mod_authn_file.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
Require valid-user
</IfModule>
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
Require all denied
</Directory>
EOL
echo -e "${GREEN}Path was succesfully changed!
New phpMyAdmin path is: /myadminphp (i.e.: yourwebsite.com/myadminphp)${NC}"
;;
*)
echo -e "${RED}Path was not changed!${NC}"
;;
esac
#creating user
echo -e "${YELLOW}Adding separate user & creating website home folder for secure running of your website...${NC}"
echo -e "${YELLOW}Please, enter new username: ${NC}"
read username
echo -e "${YELLOW}Please enter website name: ${NC}"
read websitename
groupadd $username
adduser --home /var/www/$websitename --ingroup $username $username
mkdir /var/www/$websitename/www
chown -R $username:$username /var/www/$websitename
echo -e "${GREEN}User, group and home folder were succesfully created!
Username: $username
Group: $username
Home folder: /var/www/$websitename
Website folder: /var/www/$websitename/www${NC}"
#configuring apache2
echo -e "${YELLOW}Now we going to configure apache2 for your domain name & website root folder...${NC}"
read -r -p "Do you want to configure Apache2 automatically? [y/N] " response
case $response in
[yY][eE][sS]|[yY])
echo -e "Please, provide us with your domain name: "
read domain_name
echo -e "Please, provide us with your email: "
read domain_email
cat >/etc/apache2/sites-available/$domain_name.conf <<EOL
<VirtualHost *:80>
ServerAdmin $domain_email
ServerName $domain_name
ServerAlias www.$domain_name
DocumentRoot /var/www/$websitename/www/
<Directory />
Options +FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/$websitename/www>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
EOL
a2dissite 000-default
a2ensite $domain_name
service apache2 restart
P_IP="`wget http://ipinfo.io/ip -qO -`"
echo -e "${GREEN}Apache2 config was updated!
New config file was created: /etc/apache2/sites-available/$domain_name.conf
Domain was set to: $domain_name
Admin email was set to: $domain_email
Root folder was set to: /var/www/$websitename/www
Option Indexes was set to: -Indexes (to close directory listing)
Your server public IP is: $P_IP (Please, set this IP into your domain name 'A' record)
Website was activated & apache2 service reloaded!
${NC}"
;;
*)
echo -e "${RED}WARNING! Apache2 was not configured properly, you can do this manually or re run our script.${NC}"
;;
esac
#downloading WordPress, unpacking, adding basic pack of plugins, creating .htaccess with optimal & secure configuration
echo -e "${YELLOW}On this step we going to download latest version of WordPress with EN or RUS language, set optimal & secure configuration and add basic set of plugins...${NC}"
read -r -p "Do you want to install WordPress & automatically set optimal and secure configuration with basic set of plugins? [y/N] " response
case $response in
[yY][eE][sS]|[yY])
wget https://wordpress.org/latest.zip -O /tmp/$wordpress_lang.zip
echo -e "Unpacking WordPress into website home directory..."
sleep 5
unzip /tmp/$wordpress_lang.zip -d /var/www/$websitename/www/
mv /var/www/$websitename/www/wordpress/* /var/www/$websitename/www
rm -rf /var/www/$websitename/www/wordpress
rm /tmp/$wordpress_lang.zip
mkdir /var/www/$websitename/www/wp-content/uploads
chmod -R 775 /var/www/$websitename/www/wp-content/uploads
echo -e "Now we going to download some useful plugins:
1. Google XML Sitemap generator"
sleep 7
SITEMAP="`curl https://wordpress.org/plugins/google-sitemap-generator/ | grep https://downloads.wordpress.org/plugin/google-sitemap-generator.*.*.*.zip | awk '{print $3}' | sed -ne 's/.*\(http[^"]*.zip\).*/\1/p'`"
wget $SITEMAP -O /tmp/sitemap.zip
unzip /tmp/sitemap.zip -d /tmp/sitemap
mv /tmp/sitemap/* /var/www/$websitename/www/wp-content/plugins/
rm /tmp/sitemap.zip
rm -rf /tmp/sitemap/
echo -e "Downloading of plugins finished! All plugins were transfered into /wp-content/plugins directory.${NC}"
;;
*)
echo -e "${RED}WordPress and plugins were not downloaded & installed. You can do this manually or re run this script.${NC}"
;;
esac
#creation of secure .htaccess
echo -e "${YELLOW}Creation of secure .htaccess file...${NC}"
sleep 3
cat >/var/www/$websitename/www/.htaccess <<EOL
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{query_string} concat.*\( [NC,OR]
RewriteCond %{query_string} union.*select.*\( [NC,OR]
RewriteCond %{query_string} union.*all.*select [NC]
RewriteRule ^(.*)$ index.php [F,L]
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
</IfModule>
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
<Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>
<Files wp-config-sample.php>
Order Allow,Deny
Deny from all
</Files>
<Files readme.html>
Order Allow,Deny
Deny from all
</Files>
<Files xmlrpc.php>
Order allow,deny
Deny from all
</files>
# Gzip
<ifModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript text/javascript
</ifModule>
Options +FollowSymLinks -Indexes
EOL
chmod 644 /var/www/$websitename/www/.htaccess
echo -e "${GREEN}.htaccess file was succesfully created!${NC}"
#cration of robots.txt
echo -e "${YELLOW}Creation of robots.txt file...${NC}"
sleep 3
cat >/var/www/$websitename/www/robots.txt <<EOL
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /trackback
Disallow: */trackback
Disallow: */*/trackback
Disallow: */*/feed/*/
Disallow: */feed
Disallow: /*?*
Disallow: /tag
Disallow: /?author=*
EOL
echo -e "${GREEN}File robots.txt was succesfully created!
Setting correct rights on user's home directory and 755 rights on robots.txt${NC}"
sleep 3
chmod 755 /var/www/$websitename/www/robots.txt
echo -e "${GREEN}Configuring fail2ban...${NC}"
sleep 3
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf-old
cat >/etc/fail2ban/jail.conf <<EOL
[DEFAULT]
ignoreip = 127.0.0.1/8
ignorecommand =
bantime = 1200
findtime = 1200
maxretry = 3
backend = auto
usedns = warn
destemail = $domain_email
sendername = Fail2Ban
sender = fail2ban@localhost
banaction = iptables-multiport
mta = sendmail
# Default protocol
protocol = tcp
# Specify chain where jumps would need to be added in iptables-* actions
chain = INPUT
# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]
action = %(action_mw)s
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
[ssh-ddos]
enabled = true
port = ssh
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 5
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/apache*/*error.log
maxretry = 5
EOL
service fail2ban restart
echo -e "${GREEN}fail2ban configuration finished!
fail2ban service was restarted, default confige backuped at /etc/fail2ban/jail.conf-old
Jails were set for: ssh bruteforce, ssh ddos, apache overflows${NC}"
sleep 5
echo -e "${GREEN} Configuring apache2 prefork & worker modules...${NC}"
sleep 3
cat >/etc/apache2/mods-available/mpm_prefork.conf <<EOL
<IfModule mpm_prefork_module>
StartServers 1
MinSpareServers 1
MaxSpareServers 3
MaxRequestWorkers 10
MaxConnectionsPerChild 3000
</IfModule>
EOL
cat > /etc/apache2/mods-available/mpm_worker.conf <<EOL
<IfModule mpm_worker_module>
StartServers 1
MinSpareThreads 5
MaxSpareThreads 15
ThreadLimit 25
ThreadsPerChild 5
MaxRequestWorkers 25
MaxConnectionsPerChild 200
</IfModule>
EOL
a2dismod status
echo -e "${GREEN}Configuration of apache mods was succesfully finished!
Restarting Apache & MySQL services...${NC}"
service apache2 restart
service mysql restart
echo -e "${GREEN}Services succesfully restarted!${NC}"
sleep 3
echo -e "${GREEN}Adding user & database for WordPress, setting wp-config.php...${NC}"
echo "Do you need to setup new MySQL database? (y/n)"
read -e setupmysql
if [ "$setupmysql" == y ] ; then
echo "MySQL Admin User: "
read -e mysqluser
echo "MySQL Admin Password: "
read -s mysqlpass
echo "MySQL Host (Enter for default 'localhost'): "
read -e mysqlhost
mysqlhost=${mysqlhost:-localhost}
fi
echo "WP Database Name: "
read -e db_name
echo "WP Database User: "
read -e db_user
echo "WP Database Password: "
read -s db_pass
echo "WP Database Table Prefix [numbers, letters, and underscores only] (Enter for default 'wp_'): "
read -e dbtable
dbtable=${dbtable:-wp_}
echo "Last chance - sure you want to run the install? (y/n)"
read -e run
if [ "$run" == y ] ; then
if [ "$setupmysql" == y ] ; then
echo "============================================"
echo "Setting up the database."
echo "============================================"
#login to MySQL, add database, add user and grant permissions
dbsetup="create database $db_name;GRANT ALL PRIVILEGES ON $db_name.* TO $db_user@$mysqlhost IDENTIFIED BY '$db_pass';FLUSH PRIVILEGES;"
mysql -u $mysqluser -p$mysqlpass -e "$dbsetup"
if [ $? != "0" ]; then
echo "============================================"
echo "[Error]: Database creation failed. Aborting."
echo "============================================"
exit 1
fi
fi
mv /var/www/$websitename/www/wp-config-sample.php /var/www/$websitename/www/wp-config.php
#set database details with perl find and replace
perl -pi -e "s'database_name_here'"$db_name"'g" wp-config.php
perl -pi -e "s'username_here'"$db_user"'g" wp-config.php
perl -pi -e "s'password_here'"$db_pass"'g" wp-config.php
perl -pi -e "s/\'wp_\'/\'$dbtable\'/g" wp-config.php
#set WP salts
perl -i -pe'
BEGIN {
@chars = ("a" .. "z", "A" .. "Z", 0 .. 9);
push @chars, split //, "!@#$%^&*()-_ []{}<>~\`+=,.;:/?|";
sub salt { join "", map $chars[ rand @chars ], 1 .. 64 }
}
s/put your unique phrase here/salt()/ge
' wp-config.php
chown -R $username:$username /var/www/$websitename
echo -e "${GREEN}Database user, database and wp-config.php were succesfully created & configured!${NC}"
sleep 3
echo -e "Installation & configuration succesfully finished. Bye!"
else
exit
fi
@wildkatz2004
Copy link
Author

To run:
Paste all of the following in to terminal and hit Return: curl -L -o 'wp.sh' https://gist.github.com/wildkatz2004/c9637e1be5b70a41ea8ec36c97dcc47f/raw/wp.sh && sudo bash wp.sh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment