Wordpress network

From HacktionLab: A UK-wide network tech-activists providing meet-ups, events, workshops, national skillshare gatherings and hacklabs
Jump to navigation Jump to search

Secure Wordpress Network[edit]

The goal is to provide a low-maintenance way of providing secure anonymous blogs. The idea is to be able to set this up quickly and securely and to document the process for others so that they can do the same.

This documentation builds on the work that happened here.


Setting up LAMP stack on Debian server[edit]

Install LAMP on debian as needed. I like to install phpmyadmin and this installs pretty much everything automatically. I'm sure that this is probably frowned on as you don't have totally control over what is happening. Maybe someone else could suggest what they use.

sudo aptitude install phpmyadmin

Apache Settings and Modules needed and php.ini[edit]

  * Rewrite module - 
  * Removeip module - http://packages.debian.org/lenny/libapache2-mod-removeip

In case you need it here's a good page on installing apache modules http://www.ducea.com/2006/05/30/managing-apache2-modules-the-debian-way/


need to change max_upload etc

   * upload_max_filesize = 8M
   * post_max_size = 8M

Installation of Wordpress & Wordpress Network & BuddyPress[edit]

A wordpress network allows you to set up subsites for Wordpress very easily and allows your users to use plugins and themes that you have installed. It means that updates to plugins only have to happen in one place.

Instructions on setting up a Wordpress network are here. http://codex.wordpress.org/Create_A_Network

Some of the most key instructions are also featured on the Tools > Network page of the Wordpress Dashboard. Specifically creating a directory for uploads, and altering wp-config.php file and your .htaccess file in the root directory of your Wordpress install.

You'll also need to set up Permalinks to allow Buddy press to work. This may involve making some changes to your apache set up (mod_rewrite see above) and your .htaccess file. http://codex.wordpress.org/Using_Permalinks

Also in wp-config.php you need to change the Memory limit

define('WP_MEMORY_LIMIT', '8M');

Help on setting up Buddy press. http://codex.buddypress.org/getting-started/setting-up-a-new-installation/

File permissions and ownership[edit]

If you own the whole wp network install as www-data then you can install plugins and themes without giving ftp access.

If you feel uncomfortable with that, then you are able to input an ftp pass in the interface, however if only your wp-content folder is owned by www-data and the rest by you then you have to set permission on that to 777 when you are installing and then quickly change it back!

Either of these is not ideal. I guess the first being preferable. See the below quote from http://codex.wordpress.org/Changing_File_Permissions

All files should be owned by your user account on your web server, and should be writable by your username. 
Files  should never be owned by the webserver process itself (sometimes this is www, or apache, or nobody).

Configuring file uploads[edit]

To sort out file uploads you need to decide a few things.

  * What file types you want to let people upload
  * Maximum file size limit

To set the kinds of file types this is possible inside Wordpress admin settings.

This is set in the Super Admin > Options . Then you scroll down to the Upload Settings.

Fileupload settings.jpg

You can put in the file types you want to allow and how much the maximum file size for each uploaded file in the box marked Max upload file size.

Site upload space sets how much storage space is allowed for each site that is created.

There are settings within php.ini and sometimes wp-setting.php or wp-config.php which set a maximum file size. You may need to check forums if you get errors uploading large files.

Potentially Useful plugins from Aktivix experience[edit]

domain remapping http://wordpress.org/extend/plugins/wordpress-mu-domain-mapping/

wp-super-cache. Essential caching plugin http://wordpress.org/extend/plugins/wp-super-cache/

New blog defaults http://wordpress.org/extend/plugins/wpmu-new-blog-defaults/

WordPress importer http://wordpress.org/extend/plugins/wordpress-importer/

XML sitemap feed http://4visions.nl/en/wordpress-plugins/xml-sitemap-feed/

More Privacy Options http://wordpress.org/extend/plugins/more-privacy-options/ Extends network-wide privacy options.

FeedWordPress - useful RSS aggregator for 'planet' sites, etc. http://wordpress.org/extend/plugins/feedwordpress/

WordPress Mobile Edition http://wordpress.org/extend/plugins/wordpress-mobile-edition/

anti spam http://www.polepositionmarketing.com/library/wp-spamfree/

Members only privacy plugin. http://wordpress.org/extend/plugins/members-only/ Extends single site privacy options (inc. feeds)

Buddy press specific In addtion to the More Privacy Options plugin when used with BuddyPress, you need this plugin, too, so that privacy options are respected in the activity stream. http://wordpress.org/extend/plugins/bp-mpo-activity-filter/

A Buddy press privacy plugin - http://wordpress.org/extend/plugins/bp-profile-privacy/

There's also a nice BuddyPress mobile plugin: http://wordpress.org/extend/plugins/buddypress-mobile/

Plugin that allows group members to pull in their site feeds into the group activity stream, which I think is a nice idea: http://wordpress.org/extend/plugins/external-group-blogs/

Useful plugins for media and Social media[edit]

Wp - Status.net - http://wordpress.org/extend/plugins/wp-statusnet/

dingshow - Shows your latest ding (common name: 'dent') from identi.ca somewhere in your Blog http://filzo.de/dingshow-plugin//dingshow-plugin/

FLV Embed Standards compliant FLV embedding in your blog posts using SWFObject by Geoff and FLV Player by Jeroen. Supports Video Sitemap generation. http://www.channel-ai.com/blog/plugins/flv-embed/

JW Player Plugin for WordPress - Embed a JW Player for Flash into your WordPress articles - http://www.longtailvideo.com/

Podcasting Plugin by TSG - Podcasting enhances WordPress' existing podcast support by adding multiple iTunes-compatible feeds, media players, and an easy to use interface. http://podcastingplugin.com/

WordPress Admin Bar - Creates an admin bar inspired by the one at WordPress.com. Credits for the look of this plugin go to them. http://www.viper007bond.com/wordpress-plugins/wordpress-admin-bar/

Interesting Themes[edit]

Some wordpress themes need alteration in the template files to make them useful. I'm not sure yet if this level of configuration is possible. This theme is one example. http://www.wpdesigner.com/2007/10/06/jello-wala-mello-wordpress-theme/

p2 - A group blog theme for short update messages, inspired by Twitter. Featuring: Hassle-free posting from the front page. Perfect for group blogging, or as a liveblog theme. Dynamic page updates. Threaded comment display on the front page. In-line editing for posts and comments. - http://wordpress.org/extend/themes/p2

Aggregator 1.0 by Templatic.com Creates blocks of images or post summaries from RSS feeds which can be added to your site. It uses simplepie.org to aggregate. There's an article on using it here. http://templatic.com/news/aggegator-all-your-feeds-at-your-website-front