+91 88 00 563434 sales@webhostingpeople.net

Our Knowledge Base Articles

Company Blog

How to Configure Secure Updates and Installations in WordPress

You are here:

WordPress is the most well-liked Content material Administration System used at the moment. It is vitally easy, highly effective and simple to handle. WordPress supplies a variety of plugins and most of them are free to make use of. You could set up LAMP stack and WordPress earlier than continuing. You want to login as root or as a privileged person to carry out these steps. Please word that you must exchange “wp-user” together with your WordPress person and www-data together with your Apache internet person.


Set Up Safe Updates with SSH

Create a person known as wp-user. This lets you management a WordPress set up utilizing the adduser command.

$ adduser wp-user

You can be requested to set new password for wp-user. You’ll be able to go away all fields clean and press “ENTER” by all prompts.

Change the listing to WordPress set up listing utilizing cd command.

$ cd /var/www/html/

Grant wp-user possession for every thing below this listing. The -R swap is used to alter the possession of directories and their contents recursively.

$ chown -R wp-user:wp-user /var/www/html/


Create SSH Keys for WordPress Person

Change to the WordPress person by utilizing the beneath command

$ su – wp-user

The SSH key will be created utilizing the ssh-keygen command. The kind of key to be generated is specified with -t choice and the variety of bits is specified with -b choice.

$ ssh-keygen -t rsa -b 4096

You can be requested to offer the placement to retailer SSH keys. You’ll be able to select /house/wp-user/wp-rsa and press enter for all prompts to create a key with out password authentication. Enter the file during which to save lots of the important thing (/house/wp-user/.ssh/id_rsa): /house/wp-user/wp_rsa

Exit out into your regular person (root) account:

$ exit

You’ll be able to grant possession and group to wp-user and apache internet person respectively to make permissions safe.

$ chown wp-user:www-data /house/wp-user/wp_rsa*

$ chmod 0640 /house/wp-user/wp_rsa*

You want to create .ssh listing below wp-user house listing and provides it applicable permissions and possession in order that internet course of can log in.

$ mkdir /house/wp-user/.ssh

$ chown wp-user:wp-user /house/wp-user/.ssh

$ chmod 0700 /house/wp-user/.ssh/

Copy the general public key into approved keys file in order that the person can log in utilizing these credentials.

$ cp /house/wp-user/wp_rsa.pub /house/wp-user/.ssh/authorized_keys

You want to modify the permissions and possession of those recordsdata will be accessed, whereas remaining safe:

$ chown wp-user:wp-user /house/wp-user/.ssh/authorized_keys

$ chmod 0644 /house/wp-user/.ssh/authorized_keys

Since these keys will solely be used for logging in from throughout the WordPress website, which is on the identical laptop, we are able to prohibit the login to this server:

$ vi /house/wp-user/.ssh/authorized_keys

On the very starting of the file, earlier than any of the opposite textual content, add the portion given beneath to limit the important thing utilization to the native laptop:

from=”″ ssh-rsa…

Save and shut the file.


Modify WordPress Configuration to Use Keys

Set up the packages crucial for WordPress to authenticate SSH logins:

$ yum replace -y

$ yum set up php5-dev libssh2-1-dev libssh2-php

Edit the WordPress configuration file and set the values.

$ vi /var/www/html/wp-config.php






Save and shut the configuration file.

$ chmod 755 -R /var/www/html/wp-content

$ chown -R wp-user:www-data /var/www/html/wp-content


Restart Apache

After finishing the above steps efficiently, you must restart Apache.

$ /and many others/init.d/httpd restart


$ service httpd restart


Check the outcomes

Login to your WordPress Dashboard by visiting your website in a browser on the following URL


You’ll be able to test the settings are appropriately configured by making an attempt to put in a brand new theme. Please observe the beneath steps to put in theme:

Navigate to Look >> Themes >> Set up Themes

Seek for a theme or click on on “Featured” themes and click on on set up. It ought to efficiently log in, obtain, and set up the package deal utilizing your key recordsdata. You’ll be able to click on on “Activate” to modify to new theme after which click on “go to website” to see the outcomes.

In case you want any additional help please contact our assist division.

Leave a Comment