Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
cPanelResources

Tutorial How To Automatically Install WordPress On New Accounts

Learn how to automatically install WordPress on new accounts using BASH.

  1. cPanelResources
    Introduction
    WordPress has become a defacto standard for many users over the years, and we're seeing hosting providers moving into the arena of specialty WordPress only hosting.

    If you are looking to provide WordPress specific hosting, one of the basic requirements that you'll need to fulfill is ensuring that WordPress is instantly installed and available upon account creation. With a short bash script integrated with cPanel's WordPress Manager and Standardized hooks, this is a fairly straightforward task.

    In this guide you'll get an example script to get you started along with the steps required to install the script via the Standardized Hooks feature.

    Although this script is fully functional as is, you'll need to make some customizations to create a proper user experience for your own hosting company. I'll outline those details in the following information.

    Installing The Script in Three Simple Steps

    The following steps are required to setup this example script:
    1. Install the WordPress cPAddon via WHM >> Home >> cPanel >> Install cPAddons Site Software
    2. Create the following script located at /usr/local/cpanel/3rdparty/bin/wpAutoInstall.sh
      Code:
      #!/bin/bash
      tmpfile="$(mktemp -p /tmp wp-auto-install-XXXXXXXX)"
      cat "${1:-/dev/stdin}" > $tmpfile
      cpanelusername=$(python -c "import sys, json; print json.load(open('$tmpfile'))['data']['user']")
      domain=$(python -c "import sys, json; print json.load(open('$tmpfile'))['data']['domain']")
      cpanelpass=$(python -c "import sys, json; print json.load(open('$tmpfile'))['data']['pass']")
      rm -f $tmpfile
      wppass=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-20};echo;)
      wpuser=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-8};echo;)
      
      #urlencoding
      wppass=$(php -r "echo urlencode('${wppass}');")
      wpuser=$(php -r "echo urlencode('${wpuser}');")
      wpemail=$(php -r "echo urlencode('root@localhost.tld');")
      blogname=$(php -r "echo urlencode('Defalt Blog Name');")
      blogdesc=$(php -r "echo urlencode('Defalt Description');")
      
      curl -s -O /dev/null --insecure -u "$cpanelusername:$cpanelpass" "https://localhost:2083/frontend/paper_lantern/addoncgi/cpaddons.html.tt?addon=cPanel%3A%3ABlogs%3A%3AWordPressX&action=install&debug=0&verbose=0&oneclick=0&subdomain=${domain}&installdir=/&auser=${wpuser}&apass=${wppass}&apass2=${wppass}&email=${wpemail}&1blog_name=${blogname}&2blog_description=${blogdesc}&table_prefix=wp&existing_mysql="
    3. Execute the following commands via SSH:
      Code:
      chmod 0755 /usr/local/cpanel/3rdparty/bin/wpAutoInstall.sh
      chown root:root /usr/local/cpanel/3rdparty/bin/wpAutoInstall.sh
      /usr/local/cpanel/bin/manage_hooks add script /usr/local/cpanel/3rdparty/bin/wpAutoInstall.sh --manual --category Whostmgr --event Accounts::Create --stage=post
      
    Once the above steps are complete, you should create a new cPanel account to test the script. Within the new account, you'll find a WordPress installation in the public_html directory of the user's home directory. If the domain that you use to create the test account does not resolve to your server yet, you can test the domain by updating your hosts file.

    You can manage this new WordPress installation via the WordPress Manager icon in the user's cPanel account since the script uses the WordPress Manager to install the site.

    Examining The wpAutoInstall.sh Script
    The Create Account post Hook that we are making use of publishes the account creation data to STDIN. In order to get the important details required to automatically install WordPress, we need to obtain this information and temporarily save some of it for use in our script.

    Code:
    tmpfile=$(mktemp -p /tmp wp-auto-install-XXXXXXXX)"
    cat "${1:-/dev/stdin}" > $tmpfile
    The above code pulls data from STDIN and then saves the data to a temporary file so that we can pull multiple values from the data.

    The data published to STDIN is in JSON format. In order to make use of this data you'll need a way to parse the JSON data. In the next part of our script, we parse some data out of the temporary file and assign that data to a few variables with Python:

    Code:
    cpanelusername=$(python -c "import sys, json; print json.load(open('$tmpfile'))['data']['user']")
    domain=$(python -c "import sys, json; print json.load(open('$tmpfile'))['data']['domain']")
    cpanelpass=$(python -c "import sys, json; print json.load(open('$tmpfile'))['data']['pass']")
    
    Now that we've obtained the needed values from the event data, we remove our temporary file:
    Code:
    rm -f $tmpfile
    
    Next, we want to ensure that we generate a secure username and password combination for the default username and password. You may update your script to generate the password and username differently to better match your own needs:
    Code:
    wppass=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-20};echo;)
    wpuser=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-8};echo;)
    
    Something that this script does not handle is sending these credentials to the user. This is something that you would need to determine how you will handle. It is HIGHLY recommended to require your users reset the default password to something other than the one provided. Not doing so could put your user's sites at risk of compromise.

    I go over some information about handling this situation in the section entitled Sending Installation Details below.

    The next section of this script handles URL Encoding the variables that will be passed to the WordPress Manager. These values must be URL Encoded because we are passing them to the WordPress manager via GET parameters in a URL.
    Code:
    #urlencoding
    wppass=$(php -r "echo urlencode('${wppass}');")
    wpuser=$(php -r "echo urlencode('${wpuser}');")
    wpemail=$(php -r "echo urlencode('root@localhost.tld');")
    blogname=$(php -r "echo urlencode('Defalt Blog Name');")
    blogdesc=$(php -r "echo urlencode('Defalt Description');")
    
    You'll notice that we've put very basic default values here. When implementing this on your server, it would be good to think about what you would prefer to have as the default values here.

    And finally, the last portion of the script is to actually install the WordPress site via the WordPress manager. Here we are using curl to interact with the WordPress Manager.

    We are using Basic Auth along with the new cPanel username and password to Authenticate to the WordPress manager. We then pass the WordPress specific values to the WordPress manager via GET variables within the URL:
    Code:
    curl --insecure -u "$cpanelusername:$cpanelpass" "https://localhost:2083/frontend/paper_lantern/addoncgi/cpaddons.html.tt?addon=cPanel%3A%3ABlogs%3A%3AWordPressX&action=install&debug=0&verbose=0&oneclick=0&subdomain=${domain}&installdir=/&auser=${wpuser}&apass=${wppass}&apass2=${wppass}&email=${wpemail}&1blog_name=${blogname}&2blog_description=${blogdesc}&table_prefix=wp&existing_mysql="
    
    Sending Installation Details
    I intentionally did not include any logic that handles sending the installation details to a customer within this script. This is because there are many different ways that this could be done depending on how you communicate with your customers. I'd like to go through some information to help uncover some potential solutions for this.

    Before we get started, it is worth mentioning that the user can reset the WordPress administrator's password via the WordPress Manager icon in the user's cPanel account.

    When creating a solution for sending the installation details to a customer the following security consideration is imperative to keep in mind:

    Security details such as a user / password combination sent via email or other electronic communication should be immediately considered compromised. Users should be required to reset the password to something new upon first login, or should be provided with a means to create a new user and password that has not been communicated to them electronically. If a new administrative user is created, the old user should be removed from the installation.

    One of the first things that you'll need to determine is how to contact your customer once the account has been created. The Create Account Standardized Hook provides the customer's contact email that was provided upon account creation. This value is not required to create an account. If you decide to rely on this, you will need to ensure that this is provided for every account that is created. You could obtain this email by adding the following to the script:
    Code:
    customeremail=$(python -c "import sys, json; print json.load(open('$tmpfile'))['data']['contactemail']")
    
    cPanel provides the WordPress CLI via the wp-cli package. You can install this package with the following command:
    Code:
    yum install wp-cli
    
    You can create, delete, and modify users with the WordPress CLI via bash scripts as long as you switch to the cPanel user that owns the WordPress site before making use of the WordPress CLI within the script.

    With this tool, you may be able to create a solution that securely manages the administrator user for your customer's new WordPress solution. Please review the Documentation for the WordPress CLI for more details about its usage.

    An example of this would be to add an interface to your customer portal. That interface could have information regarding the new installation. Along with that information, there could be a button that when clicked, allows the customer to add their own custom username and password to "Setup" the new WordPress credentials. That interface could make use of the WordPress CLI on the backend to handle removing the old administrative user, and adding the new one. This is far superior to sending credentials to the customer via email.

    Conclusion
    With the above script, and the use of Standardized Hooks in cPanel, you are much closer to providing a streamlined user experience for WordPress specialized hosting.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice