Scripted WordPress Installation (for Reverse Proxy) 2.3.5

This resource was originally created by user: Basil Hendroff on the TrueNAS Community Forums Archive. Please DM this account or comment in this thread to claim it.

If the statistics are to be believed, in 2021:

  1. WordPress powers 40% of the internet.
  2. Around 64% of CMS sites are WordPress.
  3. Around 28% of WordPress sites run e-commerce.
  4. Around 75% of hacked CMS sites were built on WordPress [image]

There are few current guides in the iXsystems Community Forum for setting up WordPress and none are scripted. While there’s still a handful of manual post-installation tasks to do, this guide is designed to minimise the manual effort as the majority of tasks have been scripted.

This script will create a jail, install the latest version of WordPress from along with all its dependencies, and store the WordPress database and data, including themes and plugins, outside the jail, where they can be better managed.

There is one caveat. This is not an independent module. The WordPress jail created by this script is designed to operate behind a reverse proxy. If you don’t already have a reverse proxy in place, there are at least two available in the forum’s Resources section that you might like to consider:

  1. Reverse Proxy using Caddy (with optional automatic TLS) authored by @danb35
  2. How to set up an nginx reverse proxy with SSL termination in a jail authored by @samuel-emrys

Scripted installation instructions for this resource are at GitHub - basilhendroff/truenas-iocage-wordpress: Script to install WordPress in an iocage jail including MariaDB, the PHP scripting language, Caddy, Redis and phpMyAdmin..

Acknowledgements: @danb35 - This scripted resource is based on the pioneering work done on the Nextcloud scripted resource. Both resources serve PHP files.

Q & A

Q1. What major component versions does the script use?

Show : Table

Q2. What is this resource’s scope?

The assumption is that the local network is trusted so unencrypted (HTTP) communication is considered acceptable on the LAN. External (HTTPS) access to the WordPress service is granted via a reverse proxy.

Q3. Is this resource secure?

While the script together with the post-installation steps provide an initial, stable starting base, it remains your responsibility to secure your WordPress site properly to reduce the odds of getting hacked. It is also your responsibility to ensure that you have measures in place to recover your WordPress site in the event you are hacked. Refer to the WordPress article Hardening WordPress for further guidance.

Click on the screenshot.695.png button on this page to read about some of my own adventures, and misadventures, in hardening WordPress.