Site Setup Process Guide

A repeatable framework for launching WordPress sites on my infrastructure

๐Ÿงญ Overview

Setting up a new site should not feel like starting from scratch every time.

This guide defines a repeatable, structured process for launching new websites across the ecosystem โ€” from idea โ†’ domain โ†’ infrastructure โ†’ live site.

The goal is simple:

  • Reduce friction
  • Capture decisions
  • Enable reuse
  • Prepare for future automation

๐Ÿงฑ High-Level Flow

0. Site Definition
1. Domain & DNS
2. Edge (Reverse Proxy)
3. Application (WordPress)
4. Cloudflare
5. Media Pipeline
6. Site Build
7. Security
8. Backup & Recovery
9. Monitoring
10. Automation Readiness

Each step builds on the previous.

โšก Quick Start

For experienced setup:

1. Define site (name, purpose, WP vs Woo)
2. Allocate domain + DNS
3. Create reverse proxy + SSL
4. Deploy WordPress + DB
5. Enable Cloudflare
6. Configure media pipeline
7. Build site

Then return to sections below for detail.

๐Ÿง  Site Definition

Before touching infrastructure โ€” define the site.

Purpose & Positioning

  • What is the site for?
  • Who is it for?
  • Content type:
    • Blog
    • Store
    • Hybrid
    • Project hub

Monetisation Strategy

  • Affiliate links
  • Ads
  • Products (WooCommerce?)
  • Lead generation

Platform Decision

  • WordPress only โ†’ content-first
  • WordPress + WooCommerce โ†’ commerce-enabled

๐Ÿ‘‰ Default to WordPress only, add Woo later.

Identity & Secrets

Record and store securely (KeePass):

  • Domain registrar access
  • Cloudflare credentials / API tokens
  • DB credentials
  • WordPress admin bootstrap
  • SSH access

Environment Model (Optional but recommended)

  • dev.site.com
  • test.site.com
  • www.site.com

Ecosystem Integration

  • How does this site connect to:
    • at-the-bach
    • a-way
    • evalue-it
    • at-the-mall

Think in terms of:

  • content reuse
  • cross-linking
  • funnels

๐ŸŒ Domain & DNS

Domain Allocation

  • Register or assign domain
  • Decide canonical URL:
    • www vs root

DNS Setup

  • Route53 (or equivalent)
  • Create records:
    • A / CNAME โ†’ reverse proxy
  • Optional:
    • Delegate subdomain to Cloudflare

๐ŸŒ Edge Layer (Reverse Proxy)

Host Selection

  • Choose target hosting infrastructure (AWS, Cloudflare, Azure, Home)
  • Choose target host (e.g. wordpress-01)

AWS

Reverse Proxy Config

  • Apache or …
  • Define:
    • server_name
    • upstream target
    • logging

WIP Site

  • Basic placeholder page

/etc/apache2/sites-available# cp 001-default.conf me.ensite.FOO.conf

Update configuration 
<VirtualHost *:80>
    ServerName FOO.ensite.me
    DocumentRoot /var/www/in-the-making

    <Directory "/var/www/in-the-making">
        allow from all
        Options None
        Require all granted
    </Directory>
</VirtualHost>
  • Confirm routing works before proceeding

SSL Enablement

  • Certbot

# sudo certbot --apache -d foo.ensite.me

  • Validate HTTPS access

โš™๏ธ Application Layer (WordPress)

Database Setup

DB Host

  • Current: test-mariadb-01

Naming Convention

[p|t|d]_{4 chars}

Example:

p_foob โ†’ Foo Bah production

Create DB + User

Create database with least priveledge 

MariaDB [(none)]>

create database p_foob;
Query OK, 1 row affected (0.002 sec)

create user 'p_foob'@'%' identified by 'strongpassword';
Query OK, 0 rows affected (0.010 sec)

grant all privileges on p_foob.* to 'p_foob'@'%';
Query OK, 0 rows affected (0.005 sec)

flush privileges;
Query OK, 0 rows affected (0.001 sec)

Store in KeePass

  • Host
  • DB name
  • Username
  • Password

WordPress Deployment (guide …)

Obtain WordPress

  • Download latest OR reuse stable version

Deploy Files

  • Copy into:
/var/www/me.ensite.foo

Configure wp-config.php

  • DB connection
  • Keys / salts
  • Debug settings (off for prod)

Connect to Reverse Proxy

Within the site configuration file for that site, eg. /etc/apache2/sites-available/com.evalue-it.www-le-ssl.conf replace:

old sites-available conf file 
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName foo.ensite.me
    DocumentRoot /var/www/in-the-making

    <Directory "/var/www/in-the-making">
        allow from all
        Options None
        Require all granted
    </Directory>

SSLCertificateFile /etc/letsencrypt/live/foo.ensite.me/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/foo.ensite.me/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

… with:

new sites-available conf file 
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName foo.ensite.me

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/foo.ensite.me/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/foo.ensite.me/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    ProxyRequests Off
    ProxyPreserveHost On

    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"

    ProxyPass        / http://10.3.6.210/
    ProxyPassReverse / http://10.3.6.210/

    ErrorLog ${APACHE_LOG_DIR}/me.ensite.foo-error.log
    CustomLog ${APACHE_LOG_DIR}/me.ensite.foo-access.log combined


</VirtualHost>
</IfModule>

Restart apache2: # systemctl restart apache2.service

(Future)

  • Ensure PHP handler works
  • Validate routing

Run Installer

  • /wp-admin/install.php

Set:

  • Site name
  • Admin user
  • Password
  • Email

Baseline Setup

  • Permalinks โ†’ โ€œPost nameโ€
  • Remove default plugins/themes
  • Install essentials (minimal)

โ˜๏ธ Cloudflare Setup

DNS Integration

  • Proxy traffic via Cloudflare

SSL Mode

  • Full (strict preferred)

Caching Rules

  • Cache static assets
  • Bypass admin paths

Basic WAF

  • Enable protections
  • Rate limiting (optional)

๐Ÿ–ผ๏ธ Media / Asset Pipeline

R2 Bucket Setup

  • Example: media-public

URL Strategy

  • Avoid tight coupling to:/wp-content/uploads

Sync Process

  • Use rclone / wget

Test Delivery

  • Confirm assets served via:media.ensite.me

๐ŸŽจ Site Build

Theme Selection

  • Lightweight (e.g. GeneratePress)

Structure

  • Pages
  • Categories
  • Navigation

Content

  • Initial posts
  • Images via pipeline

SEO & AI Readiness

  • Sitemap
  • OpenGraph
  • Schema (where relevant)
  • Internal linking

๐Ÿ” Security Hardening

  • Disable XML-RPC (if unused)
  • Strong admin credentials
  • Limit login attempts
  • File permissions
  • Hide unnecessary endpoints

๐Ÿ’พ Backup & Recovery

Database Backup

  • Daily dump

File Backup

  • WP files + uploads

Offsite Storage

  • Prefer R2 or external disk

Restore Test

  • Verify recovery works

๐Ÿ“Š Monitoring & Ops

  • HTTP uptime checks
  • Log review:
    • nginx
    • php
  • Error tracking

โœ… Refrence Runbooks and Completion Checklist

  • [ ] Domain live
  • [ ] SSL working
  • [ ] WordPress installed
  • [ ] Admin access secured
  • [ ] Cloudflare active
  • [ ] Media pipeline tested
  • [ ] First post published
  • [ ] Backup configured
  • Site Setup – WordPress Deployment
  • Site Setup – WooCommerce Runbook

๐Ÿš€ Automation Readiness

This is where the system evolves.

Standardisation

  • Naming conventions
  • Directory structures
  • Config templates

Script Opportunities

  • DB creation
  • WP deployment
  • Apache config generation

Future State

  • One-command site creation
  • Internal hosting platform
  • Potential external service