While many popular website applications (WordPress, Drupal, Joomla, etc.) are open source and therefore freely available, running these PHP-based apps on a Windows IIS web server requires a bit of retrofitting.
Although Microsoft has streamlined the process of installing and configuring the PHP scripting language on IIS 7.0, many web administrators consider the fix, which involves enabling FastCGI extensions, too risky for production environments. Others simply wish to set up an independent test environment for evaluating open source apps.
Moreover, PHP extensions are not the only hurdle for Windows webmasters. A large number of PHP-based open source apps rely on backend databases (MySQL, Maria DB, PostgreSQL, etc.) that also need special handling to run on Windows.
Enter WampServer, an open source product that installs a PHP-apps-ready platform consisting of Apache web server, MySQL database, PHP, plus several helpful GUI-based utilities. WampServer can be installed on virtually any version of Windows, either desktop or server. With an active user community, industrial-grade training programs and a large installed base, WampServer is one of the world's most popular Apache-MySQL-PHP distributions.
We evaluated WampServer, a product of the French company Alter Way, for its Windows-friendly features and its 'out-of-the-box' readiness for hosting PHP apps. We tested WampServer with Drupal and WordPress. Both products were up and running on our 32- and 64-bit test servers less than five minutes after WampServer was installed.
Take it slow
A Windows web admin's first instinct may be to install WampServer on a trusty IIS web server. For a number of reasons, this is not advisable, especially for a first-time installation. You may encounter port conflicts or other configuration problems that could thwart your efforts to get WampServer up and running smoothly.
For the 32-bit installation, we installed WampServer on a machine running a fresh install of Windows Server 2008 with Service Pack 2 (patched), with no server roles and no web services running. If you don't have a dedicated box for the install, you can test on a virtual machine. The latest version of WampServer is compatible with Windows 7 and Windows Server 2008. Previously released versions can operate on older Windows platforms going all the way back to Windows NT.
The WampServer installation on both our 32- and 64-bit Windows servers was surprisingly straightforward with just a few prompts from the Windows executable file we downloaded from WampServer.com (there are separate files for 32 and 64-bit architectures).
First, to make it easier to clearly identify and work with the newly installed WampServer files, we selected an empty, newly-formatted NTFS extended partition and an empty 'wamp' folder as the destination for the install.
Next the WampServer installer prompted for a choice of a website browser. It defaulted to Internet Explorer, and we accepted the default, although we also later installed and tested WampServer with Google's Chrome browser.
That's all there was to the initial installation.
At the conclusion of the installation, WampServer started up without incident, as evidenced by a new icon in the Windows system tray that initially changes color from red to orange to green, with green indicating that the Apache web server is running and listening for incoming HTTP requests. (If the icon stays orange, or red, this indicates that there was a problem starting the Apache web service.)
WampServer installs an unobtrusive GUI services and utilities manager that can be easily accessed by single-clicking the tray icon.
WampServer listens on Port 80 by default. To confirm this, and to make sure there were no conflicts, we ran the utility 'Test Port 80' from the utility Apache | Service menu.
The results were displayed in a command prompt window.
WampServer - Port 80 Test Results
Once we confirmed that WampServer was running and listening on Port 80, we attempted to view the homepage at http://localhost. On our first attempt, we received a 403: Access Denied/Forbidden error. What we initially thought was a permissions error, turned out to be a minor DNS problem. By default WampServer listens on all interfaces on Port 80. Since our Windows 2008 server was not configured for the DNS role, we needed to give WampServer a little help to determine where the 'localhost' was pointed. We replaced 'LISTEN 80' with 'LISTEN 127.0.0.1:80' in the Apache httpf.conf file, which is the master configuration file used by Apache web server. After making this minor tweak to the httpd.conf file, we were able to view the WampServer 'localhost' home page in IE (for security reasons, remote web access is not enabled in the initial installation).
Although it appeared we had successfully installed WampServer, we wanted to test its suitability for hosting PHP apps that use MySQL as the backend database. We chose Drupal and WordPress as the test candidates. Both packages have installers that automate most of the installation process. However, both apps also require a MySQL database as a starting point. We utilized the Web interface PHPMyAdmin to set up the initial databases. PHPMyAdmin is a Web utility for MySQL that can be accessed from the homepage or by navigating directly to http://localhost/phpmyadmin.
Important security note
One thing to keep in mind: By default, MySQL is installed with the super admin account “root” enabled, but not password-protected.
As the default MySQL install is a very vulnerable configuration, our first instinct was to secure it immediately. However, we soon discovered that this caused problems with our subsequent PHP product installs, especially Drupal, so we left security “as is” for the initial install of our PHP apps (we locked it down afterward).
To install Drupal, we created a new MySQL database named “drupal” and did nothing further in MySQL. We then copied our downloaded Drupal files into d:\wamp\www\drupal, which made Drupal a subdirectory off the WampServer websites root (equivalent to inetpub in IIS). We then launched the Drupal installer in an IE browser window (http://localhost/drupal/install.php).
The Drupal installer proceeded through a series of Web pages designed to act like a wizard. When prompted for the database info we entered the database name we created earlier, “drupal,” and “root” for the user account with no password. The Drupal installer set up the database automatically from there, prompting for a few additional configuration parameters. We selected “localhost” as the name of our test site. The result was a basic, working Drupal installation that was operational less than two minutes after launching the installer.
We decided to proceed to the next install, which was WordPress. Once again, we created a MySQL database named “wordpress” and did nothing further in MySQL (no tables, users, or permissions). We copied the WordPress installation files into d:\wamp\www\wordpress and opened the installer in IE (http://localhost/wordpress/). The installer proceeded in a similar manner to Drupal, with prompts for the MySQL database name and various other initial setup parameters such as the WordPress admin account. Again, the install proceeded flawlessly and we had a working WordPress site running in just a few moments.
Although both products were installed and operational in very little time, we hasten to differentiate our (insecure) bare-bones test environment from a production-ready environment. Under no circumstances would you want to “launch” these products on a live server unless you first secure and configure the Web server, the MySQL root account and each individual user account/database/application.
Also, by default WampServer is accessible on the local server only, so you would also need to specifically configure it for external access. In a production environment you would need to add or configure additional IP addresses on the network interface, set up virtual directories, and probably configure WampServer as a service (this can be done from the WampServer GUI utility launched from the tray icon).
Most, if not all, of the security and configuration parameters needed to launch a production-ready version of WampServer and its hosted apps are found in the documentation readily available online from the vendor for each product, e.g., The Apache Software Foundation (Apache Web Server), MySQL, PHP, Alter Way (WampServer), Drupal and WordPress.
Overall we were quite impressed by the Windows-friendliness and usability of the WampServer product. By running PHP apps exclusively on WampServer, we escaped the task of configuring PHP extensions for IIS. In fact, IIS wasn’t even installed on either of our Windows Server 2008 test machines.
Perschke has extensive experience as a Web/database developer and network security manager in her role as CSO for Arc Seven Technology. She is also an experienced technical writer, and has written numerous white papers for a number of different organizations, including Fortune 500 companies. Susan can be reached at email@example.com.
News that former New England Patriots player Aaron Hernandez reportedly had committed suicide sent the...
A review of 18 companies that offer free cloud storage
A review of 18 companies that offer free cloud storage
CSO examines risky network ports based on related applications, vulnerabilities, and attacks, providing...
Multimode radios, software flexibility and hardware-based security allow Internet of Things devices to...
Here's a look at vendor backdoors, how they get into products, the challenges to finding these,...
A look at 5 recently funded open source-oriented enterprise networking and IT startups, focused on...