Apache hidden service (wordpress) on Whonix

Hello all

I’m a big fan of whonix. I don’t plan on making a serious hidden service yet, as I’m aware apache and wordpress has some weakness. However, I am just trying to get used to making hidden services. I am following the guide
(can’t post due to being a new user) but it’s the deepdotweb free speech 101 guide on whonix and wordpress)

and I’m having some trouble getting it to work. I have the following questions:

  1. Do I download mysql/wordpress/apache2 on whonix workstation or whonix gateway?

  2. Is the lines
    ""denServiceDir /var/lib/tor/webserver

HiddenServicePort 80""

still correct? On whonix website it is different, but does it matter?

  1. I’m struggling to know which permissions to allow and where to get it to work. For instance on console if I try a2ensite wp, it doesn’t work at all. If I try \usr\sbin\a2ensite wp, it still tells me stuff goes wrong because of permissions. This happens in many stages of the guide, so I’m quite confused.

  2. Finally, when setting up apache, the referenced guide is here WordPress - Debian Wiki When it says to ignore page numbers in the boxes, do I delete the “1”, “2”, etc on each line, as well as the “toggle page numbers” at the top of both boxes? Also, do I replace the website address debianwordpress with my hidden service address onionpublickeyhash)? (I would post the exact links but I’m not allowed to as a new user)

Thx for the help. I’d also be perfectly satisfied with help on making the most basic hidden service. Don’t particularly care about apache or wordpress. I just figured it would be the easiest start for a noob like me.


guide i was referring to in OP: https://www.deepdotweb.com/2015/06/29/free-speech-101-creating-a-wordpress-blog-in-whonix/

Good day,

please don’t rely on anything deepdotweb says, I’ve said it before and I’ll continue saying it untile the sun explodes, they often publish incorrect or outright dangerous information. Not to long ago, they recommended using an Android app developed by Google and linked to a Google account for 2FA over using a safely encrypted GPG based solution, when it comes to logging in to sites on the Tor network. Regarding the creation of a hidden service of any kind, please only refer to this, when it comes to Whonix: Onion Services - Whonix This gets you trough all the steps (there really aren’t many, it can be done in under five minutes) including installing a light web server (lighttpd), which is easy to edit (it uses simple html based sites).

Have a nice day,


Good day to you Ego.

Many thanks for your help. However I am not looking for security at the moment. All I am looking for at the present time is figuring out how to successful run a hidden service on Whonix. After that, I might experiment with something more serious.

For example, if I try \usr\sbin\service apache2 reload
The message I get is access denied. Any ideas why this is? I don’t even know what permissions I need to allow.

You need to learn more Linux basics as per:

Try setting up an apache / wordpress server on local host on a Debian
[VM] first. When that works, the Whonix specific part will be very little.

You need to perpend sudo in front of that command.