Installing PamelaWare for Wordpress v0.9

Last updated: 6 May 2008

-- Upgrade instructions for existing users here

Requirements

You will need the following things to use PW-wp V0.9:

• A static IP address
• An SSL Certificate
• A Wordpress blogging environment
• PHP5
• php5-mcrypt (a library that contains crypto stuff)

See the Checking PHP Prerequisites page if you aren't sure whether your site uses PHP5 or php5-mcrypt.

See the SSL Certificate Primer if you want more information on SSL Certificates

Preparation

• You must install your certificate into the web server before PamelaWare will work
  • Instructions here: http://www.digicert.com/ssl-certificate-installation-apache.htm
  • You know it has worked when you can use the https:// prefix to go to your blog (ie https://myblog.com)
• We highly recommend you use Wordpress 2.6.1 or greater in order to be able to add the following security features:
  • edit the wp-config.php file in the main directory of your wordpress install to contain the following lines:

       define ('FORCE_SSL_ADMIN', true);
       define('AUTH_KEY', 'some very long random string');
       define('SECURE_AUTH_KEY', 'a different very long random string');
       define('LOGGED_IN_KEY', 'some other very long random string');
    

  • Wordpress has defined a link to a page that will generate the above 3 defines complete with random strings: http://api.wordpress.org/secret-key/1.1/. DO NOT COPY THE STRINGS FROM ANYWHERE EXEPT THE RANDOM GENERATION PAGE.
  • Test that you can login as administrator on your blog - if you cannot, edit the wp-config.php file again and comment out the first define statement
  • If all is working well, you should be redirected to an https URL when you go to the admin section of the blog, and your cookies will also be encrypted using the different keys defined above.

Getting The Plugin

Regular People: Download the PamelaWare tarball and Place it in your Plugins Directory

1. Click [here] to get an archived copy of PamelaWare v0.9 (current rev is 177)
2. Upload the directory to your blog's plugins directory.

Developer Types: Check out PamelaWare From Subversion

1. Login to your blog server and go to the 'wp-content/plugins' subdirectory of your wordpress blog cd <blog_directory>/wp-content/plugins
2. Check out the "wp-infocard" directory from the V0.9 Release Branch:
   svn co https://pamelaproject.com/svn/pw/pwwp/branches/RB-0.9/wp-infocard wp-infocard
   

Activating the Plugin

1. Access the Admin Console of your Wordpress blog (must use an account with admin privileges)
   1. Go to "Plugins" and activate the plugin
   2. Go to "Options" and open the "Information Card" tab (see example at the bottom of the page)
      1. Check that the secure site URL is setup. Normally this is just your regular site URL, with an "s" added to the beginning of the URL (ie https:// instead of http://).
         • Note that the first part of the URL should exactly match the URL that you registered when you applied for your SSL certificate (ie https://pamelaproject.com/pwwp09 vs. https://www.pamelaproject.com/pwwp09). Mismatches in exact host names may result in browser errors for your users).
      2. Add the private SSL key for your website
         • The certificate needs to be in PEM format (see SSLCertificateFileTypes for more information
         • The certificate should start with: -----BEGIN RSA PRIVATE KEY-----
         • and end with: -----END RSA PRIVATE KEY----- (note that these lines should be part of your key (not added on later). If your key does not start and end with those lines, your key may be in the wrong format!)
      3. Add the passphrase for the key, if one exists
         • This is the password you specified when you created the "Certificate Signing Request" that is used to generate your public and private keys. If your web provider has generated the certificate for you, they may have set a password without telling you -- please try to use your key without a password first, and if that doesn't work, contact whoever generated your certificate for you to confirm that a password was not generated.
      4. When you are finished, the checklist at the top of the page should display all green arrows

• [Troubleshooting Tips]

1. Follow any extra installation steps on the page

1. Your plugin should be ready to go! You should see a purple information card logo on your front page, and you should also see the same logo on your regular login page. Depending on the trust settings you have configured, your users will be able to register various types of information cards with your site!

Example of the Information Card Admin Console