Wilson Mar bio photo

Wilson Mar


Calendar YouTube Github


A vibrant ecosystem for quickly building and maintaining dynamic feature-rich websites

US (English)   Norsk (Norwegian)   Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Estonian   اَلْعَرَبِيَّةُ (Egypt Arabic)   Napali   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean


The interest in WordPress here is making use of recent (working) scripts and instructions created by various people in the community to easily install and maintain WordPress. See below.

NOTE: Content here are my personal opinions, and not intended to represent any employer (past or present). “PROTIP:” here highlight information I haven’t seen elsewhere on the internet because it is hard-won, little-know but significant facts based on my personal research and experience.

wordpress-marketshare-361x324-11925.jpgOne report states that “As of June 2019, WordPress is used by 60.8% of all the websites whose content management system is known. This is 27.5% of the top 10 million websites.” That makes it (by far) the world’s most popular blogging and content management software platform (among websites which use one).

One reason for its popularity is that WordPress is free and open source software, as are all its components, which consist of a Linux operating system, Apache web server, MySQL database, and PHP language.

  • Instead of MySQL, some use MariaDB Galera Server 10.0
  • PHP7 requires WordPress 4.4 or higher and compatible plugins

Its low cost of entry has resulted in WordPress being developed by a world-wide community who have contributed over 45,000 themes, plugins, and widgets that enable an unlimited combination of features. Advances in internet technologies are quickly made available in plugins.

Users can easily create and edit static webpages and blog posts using its intuitive editor. Without even thinking about details like browser compatibility or responsiveness, content creators are free to create and format text, images, and layout on every page and post.

In summary:

  • Rich text and HTML editing
  • User roles and permissions
  • Hundreds of themes, many optimized for mobile users
  • wordpress.org/showcase lists thousands of add-ons for ecommerce, SEO, email, spam filtering, analytics and more
  • Multi-user and multi-blogging capabilities
  • Multilingual support
  • SEO optimized
  • Plugin architecture and template engine

Wordpress was first released on May 27, 2003 by Matt Mullenwick in San Francisco, California, USA. See Wikipedia.

Matt’s company, Automattic, makes money from providing hosting to enterprises such as the New York Times, CNN, etc.

Code created for them are eventually folded into the open-source repository.

Issues with WordPress

As with anything, WordPress has detractors and competition.

The popularity of WordPress makes it a tempting target for hackers. That means diligence is needed keep up with hardening efforts needed to protect against attacks that hackers develop.

WordPress is comparatively slow because the HTML presented in response to each request is assembled by programs written in the PHP language, which is interpreted (rather than compiled like Java, C, or Go). That’s great for personalizing every interaction with visitors. But addition of plug-ins can slow WordPress down.

Wordpress sites also run in several processes running all the time:

  • a SQL database back-end
  • a Management server containing WordPress programs responding to requests

By contrast, static websites are HTML files which are served without interpretation by the web server. JavaScript downloaded on client browsers perform the customization.

This architecture of WordPress can result in developers and users experiencing a “white screen of death” or generic “500 internal server error”. This can be the result of neglecting to replace the default .htaccess file with one for running WordPress.

Many ways to host WordPress

The many options for hosting a WordPress website:

On WordPress.com:

Easy local start on your laptop:

For developers to exercise more control:

Docker image managed by Kubernetes in AWS, Azure, Google, Alibaba, and other cloud takes considerable work.


  • VPS (Virtual Private Server) hosts offer tools (e.g. Fantastico) to automatically install WordPress.

In the AWS cloud:

In the Azure cloud

on Azure cloud

wp-cli - a way to keep up

Automation is important not just during installation, but also troubleshooting, maintenance, and update.

Automation such as Noah Hearle’s plugin updater provide an easier way for WordPress administrators to keep up with the rapid pace of update, especially while WordPress migrates to use of React.

wp-cli.org (by Alain Schlesser) provides a command-line interface to manage WordPress plugins, etc. It’s installed on a Mac with brew install wp-cli.

WordPress.com online

You can obtain your own website completely online at wordpress.com, for $25 per month or $45 per month with an e-commerce shopping cart (like Amazon.com).

Examples of websites hosted on wordpress.com:

PROTIP: Even if you don’t want a WordPress website, register for an account and provide your profile picture. Many other websites obtain your profile picture (gravatar) based on your email.

Scripts to install Docker image on a laptop

Several have written bash/shell scripts to install WordPress locally:

That is used by Noah Hearle’s bash script to install WordPress and add several security measures. Available since Aug 2015.

  1. Install and update WordPress in your own language to web root or a sub directory
  2. Handles file and directory permissions
  3. Removes licence.txt and readme.html
  4. Checks for a working database connection
  5. Adds a random database prefix
  6. Generates random username and password for administrators
  7. Set the maximum upload and post limits
  8. Creates the .htaccess to allow for URL rewriting, adds browser caching and some basic security measures
  9. Uninstall functionality
  10. Besides the setup part, this will install WordPress without requiring WP-Cli

PHP script generates a wp-config.php file

Written for OS contains bash scripts

William Donahoe = ethicka

Wordpress: Bash Install Script – Downloads latest WP version, updates wp-config with user supplied DB name, username and password, creates and CHMOD’s uploads dir, copies all the files into the root dir you run the script from, then deletes itself!

wp-installer - Run the ‘wp-prov’ script first to check your installation envirnment is running with the right settings (automagically writes PHP.ini and other settings, installs default configs for WordPress to get up and running). Run ‘wp-install’ to build a new site in way less than 5mins… I average ~2-3min with this script, with all hosts configured and everything uninstallable easily.

WP Quick Install

Docker Compose

TODO: This is under construction (I’m working on it).

In 2019. Using a Docker image managed by Kubernetes is the most modern approach.

If you have Docker installed on your Mac, install WordPress run by triple-clicking this URL and paste it in your Terminal:

sh -c “$(curl -fsSL https://raw.githubusercontent.com/wilsonmar/DevSecOps/master/wordpress/wp-docker.sh)”

The command makes use of the official but still public wordpress Docker image in DockerHub.

Bitnami AMI

In Amazon AWS EC2 Marketplace, there is an AMI image called “WordPress Certified by BitNami on Ubuntu 16.04” which costs $0.021/hour to use. See Bitnami’s docs.

Bitnami certifies its images to be secure, up-to-date, and packaged using industry best practices. The company monitors all components and libraries for vulnerabilities, outdated components, and application updates.


The KUSANAGI framework is an open source and free “ultrafast” WordPress virtual machine</strong> that it’s developer, Prime Strategy, claims speeds of 3 milliseconds at 1,000 requests per second, which is 10-15x that of standard machines without the page caching that it provides. That’s important for SEO page ranking.

KUSANAGI for AWS is provided AMI or as a business AMI supported by its developer: Prime Strategy – a cloud integrator and managed services provider which began in Tokyo, Japan, but has expanded to a presence in New York, Singapore, and Jakarta. Prime Strategy Co.’s marketing page: https://en.kusanagi.tokyo/about

・HHVM 3.11

The caching that it uses means aystem requirements of at least an AWS instance type of t.2medium (minimum 4GB memory). The AMI costs $0.046/hour. There are also charges for EC2 instance usage.



https://www.monsterinsights.com/how-to-add-google-analytics-to-wordpress-without-a-plugin/ MonsterInsights plugin

AWS EC2 High Availability with Auto-Scaling

Running WordPress in the cloud provides options for High-Availability, logging (CloudWatch), backups, CDN (CloudFront), auto-renewing SSL certificates, etc:

1,920px × 1,080px Image credit: by Harish Ganesan (*)

  1. Create an AWS root account
  2. Define permissions to create, update, and delete:

    • Amazon Route 53 DNS
    • S3
    • EC2 instances
    • RDS (Relational Data Store) with read replicas
    • CloudWatch monitoring logging

    • ELB (Elastic Load Balancer)
    • CloudFront CDN

    Route 53 DNS

    Elastic Load balancer (EBS) distribute load among several EC2 instances. in 2-3 separate AZs inside a region Start with EC2 m1.Large instances Combine AWS on-demand and Reserved instances to get more savings

    The DB Layer RDS

    RDS MySQL supports only Innodb engine A RDS Master and Standby provide HA RDS Read Replicas provide read performance Use HyperDB plugin to use multiple endpoints like RDS master and RDS read replicas DB security groups allow DB access only to WP EC2 instances Periodic dumps, snapshots, point-in-time recovery

    Design the Storage Pool layer with HA (ver critical) Minimum 2 EC2 Large instances for Storage Pool Layer for HA and better IO No more than 5 RDS Read Replicas are recommened

    Keep Read replicas and RDS Master same EC2 size for better performance

    APC or Xcache plugin for PHP opscode caching

    CDN for static assets, templates, themes, images W3TotalCache+CloudFront or BatCache + Memchaed for Page caching

    Distributed File Storage Pool configured between WordPress Management and Content instances which share the common storage pool for files and plugins

    Deployment of files and plugins thru the WP management node

    Amazon CloudWatch monitors CPU and Network utilization of setup

    Amazon CloudWatch alarms config. with Amazon SNS for email/SMS alerts to SysAdmins.


    Custom ops scripts periodically backup files from Storage pool to S3 Configure S3 to remove old backups automatically RDS MySQL configured to take periodic data dumps and DB snapshots RDS layer can be recovered point in time from the backups

    Install WP Security plugins

    Log files generated have to be rotated.

Once the instance is running, enter the public DNS provided by Amazon into your browser. You will then see the WordPress application.

You can go to ‘/wp-admin/’ from your browser to access the application administration panel. The default server administrator is ‘user’. Please check our documentation at https://docs.bitnami.com/aws/faq/#how-to-find-application-credentials to learn how to get your password. You may change this username and password within the application settings. You can also access your instance via SSH using the username ‘bitnami’ and your Amazon private key. For additional setup instructions and frequently asked questions please go to https://docs.bitnami.com/aws/apps/wordpress/

WordPress on Azure cloud

WordPress on Alibaba Cloud

Just for comparison, Alibaba’s WordPress cloud servers cost $4.6/Month.

CAUTION: Restrictions on foreign trade imposed by China’s government include the need for a China partner to host sites in China.

Deploy WordPress on Alibaba Cloud Servers in 5 minutes.

  1. Provide Username
  2. ECS Purchase Wizard, to select the billing and ECS configuration from cloud regions to instance type families.
  3. Select an ecs.t5-lc1m1.small instance from instance type families as the WordPress instance.

Deploy Web Apps with High Availability, Fault Tolerance, and Load Balancing on Alibaba Cloud November 29, 2017

Setting Up a Server Cluster for Enterprise Web Apps April 23, 2018

Duplicator plugin



cd public_html/
echo "Comparing both htaccess files..." 
wget http://aws-default-files.com/cleanhtaccess/cleanwphtaccess 
if diff .htaccess cleanwphtaccess >/dev/null ; 
echo "THIS FILE SEEMS TO BE CORRUPTED. RENAMING IT NOW!" && mv .htaccess .htaccess.corrupted 
mv cleanwphtaccess .htaccess

Salesforce Embedded Chat



After configuring it with their AWS account credentials, users can generate audio feeds for their content through the Amazon Polly service (https://aws.amazon.com/polly/).


  • https://make.wordpress.org/cli/handbook/installing/#installing-via-docker

  • https://codex.wordpress.org/Installing_WordPress

  • https://designextreme.com