Of course I know installing wordpress in a hidden service will be difficult, and I have even read that both php and MySQL are going to introduce security holes left and right that nearly invalidate using a TOR Hidden Service site…
But Wordpress has a lot of functionality that I want on an .onion site! I need about 10 different WP plugins out there to run on my WP site that aren’t coded in any other format… Duplicating that on a custom site would cost multiple times my budget.
This site would all be hosted on a nice cloudhost like Digital Ocean or Chunkhost, and those guys all have Wheezy images and even one with Zpanel too if that helps. (I don’t see a whonix image though… Might want to work on that guys!)
An addional security step I would like to take is to make the entire www folder (or wherever hidden services hold the web files) completely password-protected by the server folder PW or a php password script… Even before they see the wordpress site at all, and of course before they see the wordpress login. Will that help much?
1.) So perhaps I should ask first: Can it be done in Whonix?
- ) Assuming it can, will the pw-protected folder around everything help plug the holes that I’m making with wordpress? (Also the .onion domain will be invite-only, not posted on any directories/onion listings!)
3.) Finally, does anyone know how to do this? I’m quite happy to tip bitcoin for helpful answers… I’m kind of a newb to linux though so please explain to someone who has used windows all his life and is just getting started in linuxland!
Thanks in advance, everyone!