PHP configuration

After making sure your server components meet the minimum requirements, you should edit some of the settings, if you want WordPress to run smoothly. There are two main aspects of the PHP configuration you should look into. First, the default PHP configuration file (php.ini) contains directives that you will probably want to update:

  •  cgi.fix_pathinfo: Set this value to 0 for security reasons, as we have seen in Chapter 5, PHP and Python with Nginx.
  • post_max_size: By default, the maximum size of the POST request body is 8 megabytes. Increase the value if necessary; keep in mind that file uploads are usually performed via POST requests.
  • upload_max_filesize: Set to 2 megabytes by default, this will need to be increased if you want to allow uploading of large files.
  • date.timezone: You will get a warning if you leave this blank as it is by default. Refer to http://php.net/manual/en/timezones.php to find out the proper value in your situation.

The second aspect of the configuration is the PHP-FPM side. The main php-fpm.conf file does not require immediate changes, however, if you haven't done so yet, you will need to create a configuration pool: a set of configuration directives that apply to a particular website or application. This allows you to run the PHP processes under a specific user account, and optionally configure a specific network interface for communicating with Nginx.

Create a new pool by declaring its name between brackets:

[wordpress]

Append the following configuration directives:

; Specify user account and group for the pool 
; We assume that you created a "wordpress" user and group  
user=wordpress 
group=wordpress 
; Network interface and listening port 
; Use 127.0.0.1 if Nginx runs on the same machine 
listen=127.0.0.1:9000 
; Only allow connections from local computer 
; Change this value if Nginx runs on a different machine 
allowed_clients=127.0.0.1

Optionally, you may enable chrooting: specify a root directory for the PHP processes of this pool. For example, if you set the chroot to /home/wordpress/www, your PHP scripts will only be able to read files and directories within the specified path (any attempt to read or write a file or directory outside of /home/wordpress/www will systematically fail). It is highly recommended you enable this feature: should a security breach be discovered in the WordPress code, attackers would only be able to exploit files within the reach of your PHP process; the rest of your server would not be compromised:

chroot /home/wordpress/www;

Other configuration directives are documented at length in the default pool file supplied with PHP-FPM; their default values are suitable in most cases.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.58.229.159