How to Install WordOps
Introduction
WordOps provides an installer script which install the required dependencies, before setting-up WordOps.
Prerequisites
To follow this article, you will need:
- Access to an Ubuntu 20.04 local machine or development server as a non-root user with sudo privileges. If you’re using a remote server, it’s advisable to have an active firewall installed. To set these up, please refer to our Initial Server Setup Guide.
Step 1 — Installing WordOps
wget -qO wo wops.cc && sudo bash wo
- Installing WordOps dependencies
- Enabling automated security updates with unattended-upgrades
- Enabling NTP World Time Synchronization
- Detecting a previous EasyEngine or WordOps installation
- Importing existant sites into WordOps
- Installing WP-CLI
- Installing Acme.sh
- Installing Wordops
During the installation, you will be prompt for an username and an email address. WordOps needs this information to configure Git version control and to use it for saving server configurations. Your information will only be stored in the file .gitconfig.
Step 2 — Enabling bash_completion
To enable WordOps commands auto-completion, run the following command after WordOps installation:
bash -l
Step 3 — Creating an alias for sudo wo
If you want to be able to use directly the command wo as non-root user, you can add a bash alias to automatically add sudo in front of the command wo.
echo -e "alias wo='sudo -E wo'" >> $HOME/.bashrc
Then apply it with source $HOME/.bashrc
Step 4 — Editing WordOps defaults
Set the default user and and email for new sites by opening /etc/wo/wo.conf in your preferred text editor:
sudo nano /etc/wo/wo.conf
Update the highlighted to your preferred values.
...
### User name for WordPress sites
user = jpeacock
### Password for WordPress sites
password =
### EMail for WordPress sites
email = code@superrad.dev
...
If you are using nano, press ⌃ Control + X, then when prompted, Y and then ⏎ Enter.
Step 5 — Installing WordOps stacks
You can install WordOps main stacks with the following command before creating your first site, or create directly a site and WordOps will install required stacks.
wo stack install
Here the list of WordOps components installed with the above command:
| Packages | Type | Description |
|---|---|---|
| Nginx | APT package | WordOps web server |
| PHP 8.0 | APT package | PHP8.0-FPM |
| MariaDB 10.6 | APT package | Open-source version of MySQL |
| WP-CLI | Binary | The WordPress command-line tool |
| Composer | Binary | PHP packages manager |
| MySQLTuner | Binary | Command-line tool to tune MySQL |
| Fail2ban | APT package | Authentication bruteforce protection |
| phpMyAdmin | Web App | MySQL server web interface |
| Adminer | Web App | lightweight phpMyAdmin alternative |
| OpcacheGUI | Web App | web interface for Opcache monitoring |
| Netdata | Binary | Monitoring suite |
| Anemometer | Web App | MySQL Slow Query Monitor |
| WordOps dashboard | Web App | Bootstrap template for WordOps backend |
| eXtplorer | Web App | Web File manager |
| cheat.sh | Binary | Command-line Linux cheatsheet |
| Sendmail | APT package | Sendmail MTA |
Step 6 — Securing WordOps backend
After installing Nginx, WordOps will display your login credentials to access to WordOps backend. You haven't saved them? Don't worry, you can change them at anytime with the command:
wo secure --auth
You will be prompted for a username and a password. If empty, WordOps will use the default username set during the installation and will generate a random password.
You should now be able to access WordOps backend on https://YOUR.SERVER.IP:22222 or https://yourserver.hostname.tld:22222. You will probably be warned about the SSL certificate, but you can learn how to secure WordOps backend with a valid SSL certificate in the next part.
To secure WordOps backend with a valid SSL certificate, you just have to create a basic site with the domain/subdomain of your choice. WordOps will automatically use the first SSL certificate issued to secure the backend.
Example :
wo site create server.domain.tld -le
Then you will be able to access to the backend with : https://server.domain.tld:22222
Step 7 — Enabling UFW Firewall
If you haven't already configured a firewall on your server, you can use WordOps to automatically configure UFW with a minimal rules set for WordOps.
wo stack install --ufw
Step 8 — Allowing zip and gz files to download
For both WordPress and non-WordPress sites, edit /etc/nginx/common/locations-wo.conf:
nano /etc/nginx/common/locations-wo.conf
Search for # Deny backup extensions & log files and return 403 forbidden and remove the file extensions you want to download.
Press ⌃ Control + W to search within nano.
...
# Deny backup extensions & log files and return 403 forbidden
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf|gz|zip|bz2|7z|pem|asc|conf|dump)$" {
deny all;
}
...
If you are using nano, press ⌃ Control + X, then when prompted, Y and then ⏎ Enter.
Next, reload nginx with wo stack reload --nginx
To make sure your configuration will not be overwritten later, you have to create an empty file /etc/nginx/common/locations-wo.conf.custom:
touch /etc/nginx/common/locations-wo.conf.custom