In this post, we will demonstrate how to set-up our
own WordPress CMS for penetration testing on Ubuntu 20.04, Docker and Windows
using XAMPP server.
WordPress is a free and open-source content management system (CMS) based on PHP and MYSQL. It is installed on a web server that is either part of an Internet hosting service or a network host in its own right. WordPress is reportedly the most popular website management or blogging system in use on the Web.
For more detail visit https://en.wikipedia.org/wiki/WordPress
Table of Content
Requirement
Webserver Setup For Ubuntu 20.04
Install Apache
Install MySQL
Next, we are going to install MariaDB server for the maintenance of our web server. MariaDB is a free and open source fork of the MySQL RDBMS.
apt install mariadb-server mariadb-client
Now change the security by disallowing root login by entering the following command
mysql_secure_installation
First step will show an option to set the password for the root, by entering the password we enabled a root user for our database.
Second step will show an option to remove anonymous, by entering ‘y’ we have disabled all the by-default anonymous users in the server.
Third step will show the option to disallow root login remotely, by entering ‘y’ no-one can enter in the server by network.
Fourth step will show the option of removing database test, because by default MariaDB has a database by the name of test, which anyone can login into.
Install php
Now install the php php-mysql , which is the last component for the installation of the webserver. Use to access the database from the network.
Enter the following command to install the php
apt install php php-mysql
Create MySQL Database
Install
Docker
WordPress is a free and open-source content management system (CMS) based on PHP and MYSQL. It is installed on a web server that is either part of an Internet hosting service or a network host in its own right. WordPress is reportedly the most popular website management or blogging system in use on the Web.
For more detail visit https://en.wikipedia.org/wiki/WordPress
Table of Content
Requirement
Web Server configuration
For Ubuntu 20.04- Apache
- PHP
- MySQL
- php
·
Docker
·
Docker-composer
For
XAMP server in Windows
·
XAMPP server (32/64 bit)
Webserver Setup For Ubuntu 20.04
Install Apache
Apache is the most common web server and is easy to install on
Linux. Let’s install apache by using following command
apt install apache2
Install MySQL
Next, we are going to install MariaDB server for the maintenance of our web server. MariaDB is a free and open source fork of the MySQL RDBMS.
apt install mariadb-server mariadb-client
Now change the security by disallowing root login by entering the following command
mysql_secure_installation
First step will show an option to set the password for the root, by entering the password we enabled a root user for our database.
Second step will show an option to remove anonymous, by entering ‘y’ we have disabled all the by-default anonymous users in the server.
Third step will show the option to disallow root login remotely, by entering ‘y’ no-one can enter in the server by network.
Fourth step will show the option of removing database test, because by default MariaDB has a database by the name of test, which anyone can login into.
Install php
Now install the php php-mysql , which is the last component for the installation of the webserver. Use to access the database from the network.
Enter the following command to install the php
apt install php php-mysql
Create MySQL Database
Now, login as root user in
MariaDB to create a database. After creating the database, we will create a
user by which we will log in into the wordpress wp-admin.
To access the mysql, enter the
following command
Install
Worpdpress CMS
Now install the wordpress cms in
the var/www/html to access the wordpress on localhost in any browser.
wget
http://www.wordpress.org/latest.tar.gz
Now list all the files in the
folder, and start extracting the .tar.gz file of wordpress.
ls
tar –xvf
latest.tar.gz
After completing the extraction
of the worpress, let’s change the ownership and permissions to it.
chown
-R www-data:www-data wordpress/
chmod -R 755 wordpress/
After giving the permissions to
wordpress create a directory within the wp-content directory in wordpress directory
which contains all the uploads for the web server.
chown
wordpress/wp-content/uploads
chmod -R www-data:www-data
wordpress/wp-content/uploads
Now access the wordpress in your browser
and start configuring it.
http://localhost/wordpress/
After selecting the preferred
language, you’ll get a setup wizard like this
After clicking the Let’s go
button, you have to fill the form to access the wp-admin.
After submitting the form, you’ll
get the prompt, and press the button to run the installation to
After the installation, you have to
fill another form in which the name and all the details of the site will have
to be filled.
Now you have successfully completed
the installation and have to login as admin so that you can access the wp-admin
page of the WordPress.
This is how your wp-admin page look
like
Open the wp-config.php file in
wordpress directory and paste the following lines in it.
This is how your final page will look like
Wordpress
Installation using Docker
Docker is an open source project to make
user and system admins easier to create and deploy multiple application inside
a docker container.
Install
Docker
We
will update the Ubuntu repository and then install the latest version of
docker.io. Let’s
start the installation of docker packages with the apt command as below:
apt install docker.io
Let’s start the
Docker service by entering following command:
systemctl start docker
Install docker-compose
Docker Compose is
used to run multiple containers as a single service.
Let’s
begin the installation of docker-compose with the help of apt by entering
following command.
apt
install docker-compose
After installing the composer for the Docker,
we must create a directory by the name of wordpress.
After creating the directory, we will
create a .yml file in the directory so that it will become a docker image.
mkdir wordpress
cd wordpress/
nano docker-compose.yml
And now the copy pastes the following in the
file
 |
After saving the file, now let’s up the docker services and create
the volume for the wordpress.
docker–compose up -d
After the doing all the configuration
step-by-step, now open the browser and surf the local admin
Now open the setting bar and enter your
localhost ip address with port number so that the wordpress after installation
will work properly.
After doing all the changes, now our wordpress is ready to launch,
and its home page will look like this.
For XAMP in Windows
XAMPP is a free and open-source cross-platform web server solution stack package developed
by Apache Friends, consisting mainly of the Apache HTTP Server, MariaDB database, and interpreters for
scripts written in the PHP and Perl programming languages. Since most actual web server deployments use the same
components as XAMPP, it makes transitioning from a local test server to a live
server possible.
Let’s start the
installation of XAMPP server
Download
and install XAMPP on your computer
The first step to install WordPress locally is to
download and install the XAMPP
server. we can download the Windows installer file from Apache Friends.
Once the download finishes, run the file
we downloaded to install the XAMPP, during the installation we can choose
which components needs to install. To install XAMPP we have to select only
Apache, MySQL and php, to run the wordpress.
After the installation process is
completed, we have to run the Apache and MYSQL servers in the XAMPP.
Paste extracted file of /WordPress in the /htdocs folder in /xampp
folder in C-Drive.
Once you have pasted the file in the htdocs folder, now open the
browser and surf for the localhost/WordPress. And create a database by the name
of WordPress, in which all the user data will be stored.
After creating the database, create a username and assign a
password to it to access the wp-admin page.
After following all the steps mentioned above, we have to login as
the user we created and afterwards we have to setup the website credentials as
shown below.
After doing all the configuration setup, our WordPress is set to
launch and this is how it looks.
0 comments:
Post a Comment