All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Wordpress MU
I've got some charitable non-profit friends looking to host websites and I thought one of the better ways for me to do this is to set up a Wordpress MU install.
I need to do this as cheap as possible but also as securely as possible.
I know there are alternatives out there offering it but I want to setup my own. I've done a quick search of LET and found people offering it in the past (like gatsby); but no real guides on how to do it.
I've worked out i'll need 2 VPSes in the same DC/Provider; one for serving content and one for database using internal IPs. I'm probably going to use Rage4 for DNS as I've got an unlimited account there.
Does anyone have any hints/tips/guides to getting it off the ground?
Comments
Also what about CDN?
Use key based authentication for SSH. Turn off passwords.
Run as little as possible. No FTP for instance. Use SFTP for uploading stuff.
Use fail2ban to prevent bruteforcing of WP passwords. You can install it as an mu-plugin
Create a subdomain based WP network. It is more flexible.
Remember that a user account created on one site is a user account on every site in the network. Do you really want that? The database is also shared so that's a problem too.
do you need help setting up the backbone? or wordpress itself? You sound like you are going to run a really heavy traffic site with offload sql and cdn...
Don't allow SSH access. In fact, don't allow any direct access to the server by the friends. They can upload anything they need using web interface.
Make sure plugins are updated. 99% of wordpress hacks are due to insecure/improperly coded/unmaintaned plugins that people are still using
Do damage control if you get hacked. Disable Outgoing SMTP on port 25, send mail through external email provider (Mandrill, Mailgun/etc). Lots of hacked sites like spamming crap when their hacked. Don't be one of them.
Disable XMLRPC
Depending on load, it might be advisable to setup a Varnish cache in front with w3-total-cache to allow flushing when needed.
You also need a third server for storing backups.
Offload as much content as possible. You are not Microsoft and have limited bandwidth/speed on your port. Use a CDN.
Setup monitoring, and check for unusual conditions. Its a good indicator of whether your server has been hacked, or if its time to add another server for load balancing.
Depending on how much you are planning to spend, and if you are looking to expand, setup a cluster of cheap LEBs. Sometimes, its cheaper and more reliable than one single VM. 1 HAProxy+Varnish and 3+ backends. Then you can pull one of the nodes off for maintenance or whatever and still be online. Your MySQL will not be lost as well if one of the nodes goes down.
KeyCDN/Amazon Cloudfront/CDNify
For cheapness, use KeyCDN.
I hadn't actually realised that so thanks for bringing it to my attention.
Yes, the backbone infrastructure.
Yeah the only access that the administrators would get would be to login to their own WP-Admin.
I check daily already for most sites using MainWP
How would this work for the ones wanting to receive notifications / form submissions?
Great idea, thanks.
Had totally slipped my mind..
Will check it out; was also looking at JetPack's built in one.
I'm sure there's a plugin to separate the databases... Yes there is (I've got a premium WPMUdev account).
You misunderstood my point. It's not load that is the concern. It's the security aspect of sharing a database between multiple sites. Even with that plugin you still have shared databases.
If mysql load gets too high you can do things like sharding to spread the load among multiple servers. But I don't think you will have that problem when just starting out.
Aaah I see. So are you saying i'm better up setting up separate WP sites using something like Vesta/ServerPilot.io and continue with MainWP?
I'm very partial to Docker. I'd do it as such:
One docker container per entity that includes everything each site needs (mysql, apache, whatever)
Nginx reverse proxy to expose the containers to the internet (per domain)
A script to back up the containers
Problems solved.
@deadbeef - thanks. Are there any get started guides that I can take a look at?
Use mandrill, which has support for a lot of ports http://help.mandrill.com/entries/21738477-What-SMTP-ports-can-I-use-
Blocking port 25 prevents direct mailserver -> mailserver connections, but does not prevent stuff like sending to mandrill.
You'll have to learn Docker, tons of documentation and tutorials (on the site and around the net), I don't think there's a tut you can follow step by step for exactly what you need.
+1 to docker.
With SeLinux support, you can separate containers easily while protecting your host node.
This was actually something I was considering.
@DeanKamitsis
Send me a PM if your interested in having such a setup, I've done this before and will be happy to work with you for free
(Side note before everyone starts asking - this is an exception to my signature)
@StartledPhoenix - thanks for the offer.
I think at the moment I'll have a bash at setting something up; I hadn't thought about shared users between sites and shared databases and the implications of doing so. With them being charitable organisations etc I have to be careful regarding data etc. It's something I hadn't considered before it was mentioned - I'd incorrectly assumed I could segregate it all off.
Because of this i'm leaning more towards separate installs using ServerPilot (free) and a separate db server and also using something like KeyCDN/Jetpack Photon to offload all the images. Then using MainWP to keep an eye on all the plugin / template updates.
I prefer command line tools. You can use wp-cli to manage different installations. Here is a comparison between single site and multisite wp:
http://lowendtalk.com/discussion/comment/841089/#Comment_841089
If you are the only user that'll be accessing all the sites then wpmu makes sense. If multiple people have to be given access then go with separate installations.