This is my newest web site. I play with WordPress, Themes, Plugin, ideas, thoughts, insane methods, etc.
I install my own web site on my own server. I don’t host. I thought about it. I might in the future. My HP DL 360e Gen 8 server has many other virtual machines on it. Family Picture VM, Dropbox for my wife’s work stuff, file servers for configuration files and other stuff, JAVA and Bedrock Minecraft Servers for my children, wife and I. I do need to post new pictures this weekend.
/etc/hosts
Fixes:
loopback issues in WordPress
Rest API issues
127.0.0.1 localhost
127.0.1.1 webserver24
127.0.0.1 mc.scsiraidguru.com
127.0.0.1 www.scsiraidguru.com
127.0.0.1 www.patrickmckenneylandscaping.com
127.0.0.1 learningwp.scsiraidguru.com
WordPress.org minimum specs
This page has a chart on WordPress versions that support which version of PHP.
To run WordPress 6.4.3, it’s recommended your host supports:
PHP version 7.4 or greater.
MySQL version 5.7 or greater OR MariaDB version 10.4 or greater.
HTTPS support
That’s really it. Apache or Nginx is recommended as the most robust and featureful server for running WordPress, but any server that supports PHP and MySQL will do. That said, for the smoothest experience in setting up—and running—your site, each host on the hosting page supports the above and more with no problems.
For detailed PHP extension recommendations, see the Hosting Handbook.
Note: If you are in a legacy environment where you only have older PHP or MySQL versions, WordPress also works with PHP 7.0+ and MySQL 5.5.5+. However, these versions have reached their official End Of Life and may expose your site to security vulnerabilities.
Many users who contact me ask what to upgrade first. I usually start with Apache 2, PHP, and SQL Server. On hosted sites, you are limited to what versions they allow you to use. I would upgrade PHP to the latest version supported on their server. My server is upgraded to the latest versions. MariaDB is usually upgraded when they release it as a General Release not a Release Candidate. Security and performance are most important to me.
Here are some of my methods to hardening down my Fortinet firewall and WordPress servers. I moved the wp-config.php file and added an include into the one on each web site for the new location. Configured added the security keys and salts to the moved wp-config.php file for all the web sites and all the SQL passwords for each site. Then changed the .htacess to stop browsing. Included some plugins for brute force login attacks.
After that I removed the webalizer servers, logs, and other etc files from the servers. Also removed other directories and files that are no longer need and could pose and issue to security. Configured all files to chmod 644. Directories are 755. Keeping all the LAMP components up to date and check weekly. I keep the WordPress components up to date like themes, plugins, etc. The Fortinet firewall has web filter blocks for wp-admin and other private directories.
I have two .htaccess files: In the web site base folder and one in wp-admin to stop access to it.
base folder : You can add Options – Indexes to stop browsing.
WP-Admin folder: I add
Require ip for both ipv4 and ipv6. I add my workstation, server that hosts the web site, external addresses that I might use. You also add these into /etc/hosts or your Windows hosts file.
I switched in December to Let’s Encrypt from Godaddy. Godaddy was $400 every two years. Let’s Encrypt is free. It auto-renews on my Ubuntu server starting at 60 days of the 90 day certificate. So I need to move the certificate to my Fortinet firewall for deep inspection. It works with IPv4 and IPv6. It took about 30 minutes to install and get working on Ubuntu. I have notes in the menu.
The WordPress server has been duplicated and moved to Ubuntu 24.04.1 and latest components on 9.8.24.
Installing phpMyAdmin’s latest version after installing the base product in Ubuntu. phpMyAdmin is a quick way to create the WordPress databases and user for each web site. I have pages dediicated for each of these. You can read The Hacker News bug reports on all the components I use. It is best to stay on the latest components for WordPress. I added notes to Apache2 configuration page.