Scripted WordPress Installation

If the statistics are to be believed, in 2020:

  1. WordPress powers 35% of the internet.
  2. Around 60% of CMS sites are WordPress.
  3. Around 28% of WordPress sites run e-commerce.
  4. Around 75% of hacked CMS sites were built on WordPress 😢

There are few current guides in the iXsystems Community Forum for setting up WordPress and none are scripted. While there’s still an element of manual post-installation work, this guide is designed to minimise the manual effort as the majority of tasks have been scripted.

This script will create a jail, install the latest version of WordPress from along with all its dependencies, and store the WordPress database and data, including themes and plugins, outside the jail, where they can be better managed.

There is one caveat. This is not an independent module. The WordPress jail created by this script is designed to operate behind a reverse proxy. If you don’t already have a reverse proxy in place, there are at least two available in the forum’s Resources section that you might like to consider:

  1. Reverse Proxy using Caddy (with optional automatic TLS) authored by @danb35
  2. How to set up an nginx reverse proxy with SSL termination in a jail authored by @samuel-emrys

Scripted installation instructions for this resource are at

Acknowledgements: @danb35 – This scripted resource is based on the pioneering work done on the Nextcloud scripted resource. Both resources serve PHP files.

Q & A

Q1. What major component versions does the script use?

DateScript versionWordPressMariaDBPHP languageCaddy

Q2. What is this resource’s scope?

The assumption is that the local network is trusted so local HTTP access to the WordPress jail is considered acceptable. External (HTTPS) access to the WordPress service is granted via a reverse proxy. 

Q3. Is this resource secure?

While the script together with the post-installation steps provide an initial, stable starting base, as you begin to expose more WordPress functionality to the internet, it remains your responsibility to reduce the odds of getting hacked. It is also your responsibility to ensure that you have measures in place to recover your WordPress site in the event you are hacked. Refer to the WordPress article Hardening WordPress for further guidance.

Click here to read about some of my own adventures, and misadventures, in hardening WordPress.

Keep Reading



Leave a Reply