fix(vhost-install): multi-part TLD extraction, secure credentials file, WP-CLI warning, WP admin validation

Copilot · PDowney · web-flow · commit 1f7fd4a6af5f · 2026-04-11T03:50:01.000Z
Agent-Logs-Url: https://github.com/EngineScript/EngineScript/sessions/aa21343b-51cd-44d3-9b93-e89cf3ac7846 Co-authored-by: PDowney <11467177+PDowney@users.noreply.github.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,15 @@ All notable changes to EngineScript will be documented in this file.
 
 Changes are organized by date, with the most recent changes listed first.
 
+## 2026-04-11 (2)
+
+### 🔒 VHOST INSTALL SECURITY & ROBUSTNESS IMPROVEMENTS
+
+- Fixed `domain_without_tld` extraction in `scripts/functions/vhost/vhost-install.sh` to correctly handle multi-part TLDs (e.g., `co.uk`, `com.au`, `org.nz`). For a domain like `example.co.uk` the extracted base is now `example` instead of `example.co`, preventing unexpected database naming.
+- Added `chmod 600` on the MySQL credentials file immediately after writing it in `scripts/functions/vhost/vhost-install.sh`, ensuring sensitive database credentials are protected from unauthorised access by other system users.
+- Clarified the warning message when WP-CLI fails to delete the default `hello` plugin: the new message reads "It may already be deleted or another error occurred. Continuing installation." instead of the misleading "Continuing if plugin is already absent."
+- Added pre-install validation of WordPress admin credentials (`WP_ADMIN_USERNAME`, `WP_ADMIN_PASSWORD`, `WP_ADMIN_EMAIL`) in `scripts/functions/vhost/vhost-install.sh` before calling `wp core install`, enforcing non-empty values, a valid username format (3-60 alphanumeric/underscore/dot/hyphen characters), a valid email address format, and a minimum password complexity of 12+ characters with upper, lower, digit, and special-character requirements.
+
 ## 2026-04-11
 
 ### 🔧 VHOST IMPORT BUG FIXES & IMPROVEMENTS
diff --git a/scripts/functions/vhost/vhost-install.sh b/scripts/functions/vhost/vhost-install.sh
@@ -158,17 +158,31 @@ if [[ "${INSTALL_WORDPRESS}" == "1" ]]; then
 
   # Domain Creation Variables
   PREFIX="${RAND_CHAR2}"
-  domain_input="${DOMAIN}" && domain_without_tld="${domain_input%.*}" && database_name="${domain_without_tld}_${RAND_CHAR4}"
+  domain_input="${DOMAIN}"
+  IFS='.' read -r -a domain_parts <<< "${domain_input}"
+  domain_without_tld="${domain_input%.*}"
+  if (( ${#domain_parts[@]} >= 3 )); then
+    public_suffix="${domain_parts[${#domain_parts[@]}-2]}.${domain_parts[${#domain_parts[@]}-1]}"
+    case "${public_suffix}" in
+      co.uk|org.uk|gov.uk|ac.uk|com.au|net.au|org.au|co.nz|org.nz|com.br)
+        domain_without_tld="${domain_parts[${#domain_parts[@]}-3]}"
+        ;;
+    esac
+  fi
+  database_name="${domain_without_tld}_${RAND_CHAR4}"
   database_user="${RAND_CHAR16}"
   database_password="${RAND_CHAR32}"
 
   # Domain Database Credentials
-  echo "DB=\"${database_name}\"" >> "/home/EngineScript/mysql-credentials/${DOMAIN}.txt"
-  echo "USR=\"${database_user}\"" >> "/home/EngineScript/mysql-credentials/${DOMAIN}.txt"
-  echo "PSWD=\"${database_password}\"" >> "/home/EngineScript/mysql-credentials/${DOMAIN}.txt"
-  echo "" >> "/home/EngineScript/mysql-credentials/${DOMAIN}.txt"
+  credentials_file="/home/EngineScript/mysql-credentials/${DOMAIN}.txt"
+  # Create the file with restrictive permissions before writing any sensitive data
+  install -m 600 /dev/null "${credentials_file}"
+  echo "DB=\"${database_name}\"" >> "${credentials_file}"
+  echo "USR=\"${database_user}\"" >> "${credentials_file}"
+  echo "PSWD=\"${database_password}\"" >> "${credentials_file}"
+  echo "" >> "${credentials_file}"
 
-  source "/home/EngineScript/mysql-credentials/${DOMAIN}.txt"
+  source "${credentials_file}"
 
   echo "Randomly generated MySQL database credentials for ${DOMAIN}."
 
@@ -190,7 +204,7 @@ if [[ "${INSTALL_WORDPRESS}" == "1" ]]; then
   # Download WordPress using WP-CLI
   wp core download --allow-root
   if ! wp plugin delete hello --allow-root; then
-    echo "Warning: Failed to delete default 'hello' plugin via WP-CLI. Continuing if plugin is already absent."
+    echo "Warning: Failed to delete default 'hello' plugin via WP-CLI. It may already be deleted or another error occurred. Continuing installation."
   fi
 
   # Create Extra WordPress Directories
@@ -232,6 +246,35 @@ if [[ "${INSTALL_WORDPRESS}" == "1" ]]; then
 
   # WP-CLI Install WordPress
   cd "/var/www/sites/${DOMAIN}/html"
+
+  # Validate WordPress admin credentials before install
+  if [[ -z "${WP_ADMIN_USERNAME}" || -z "${WP_ADMIN_PASSWORD}" || -z "${WP_ADMIN_EMAIL}" ]]; then
+      echo "Error: WP admin credentials must not be empty (WP_ADMIN_USERNAME, WP_ADMIN_PASSWORD, WP_ADMIN_EMAIL)." >&2
+      exit 1
+  fi
+
+  # Username: 3-60 chars, must start with alphanumeric, letters/numbers/underscore/dot/hyphen
+  if [[ ! "${WP_ADMIN_USERNAME}" =~ ^[A-Za-z0-9][A-Za-z0-9_.-]{2,59}$ ]]; then
+      echo "Error: WP_ADMIN_USERNAME is invalid. Use 3-60 characters: letters, numbers, underscore, dot, or hyphen." >&2
+      exit 1
+  fi
+
+  # Email: basic format validation
+  if [[ ! "${WP_ADMIN_EMAIL}" =~ ^[A-Za-z0-9][A-Za-z0-9._%+-]*[A-Za-z0-9]@[A-Za-z0-9]([A-Za-z0-9-]*[A-Za-z0-9])?(\.[A-Za-z0-9]([A-Za-z0-9-]*[A-Za-z0-9])?)*\.[A-Za-z]{2,}$ ]]; then
+      echo "Error: WP_ADMIN_EMAIL is not a valid email address format." >&2
+      exit 1
+  fi
+
+  # Password: minimum complexity requirements
+  if [[ ${#WP_ADMIN_PASSWORD} -lt 12 ]] || \
+     [[ ! "${WP_ADMIN_PASSWORD}" =~ [A-Z] ]] || \
+     [[ ! "${WP_ADMIN_PASSWORD}" =~ [a-z] ]] || \
+     [[ ! "${WP_ADMIN_PASSWORD}" =~ [0-9] ]] || \
+     [[ ! "${WP_ADMIN_PASSWORD}" =~ [^A-Za-z0-9] ]]; then
+      echo "Error: WP_ADMIN_PASSWORD must be at least 12 characters and include uppercase, lowercase, number, and special character." >&2
+      exit 1
+  fi
+
   wp core install --admin_user="${WP_ADMIN_USERNAME}" --admin_password="${WP_ADMIN_PASSWORD}" --admin_email="${WP_ADMIN_EMAIL}" --url="https://${DOMAIN}" --title='New Site' --skip-email --allow-root
 
   # Install and activate required WordPress plugins
