Maintained by: Archis Gore
This is a specialized WordPress Docker image built on Encrypted-Execution PHP, providing parser-level protection through symbol scrambling while maintaining full WordPress compatibility.
This repository is based on the Docker Official WordPress Image maintained by the Docker Community. We extend our sincere thanks and credit to the Docker Community for creating and maintaining the excellent base WordPress image that this project builds upon.
Upstream Repository: https://github.com/docker-library/wordpress
This WordPress image uses Encrypted-Execution PHP, which provides:
- Symbol Scrambling: PHP keywords and symbols can be scrambled at the parser level
- Parser-Level Protection: Makes PHP source code significantly harder to reverse engineer
- Full Compatibility: WordPress runs normally with all features intact
- WordPress Extensions: Pre-compiled with all required WordPress PHP extensions
- mysqli, pdo_mysql (database)
- gd (image manipulation with avif, freetype, jpeg, webp)
- intl (internationalization)
- bcmath (precision math)
- exif (image metadata)
- zip (plugin/theme installation)
- imagick (advanced image processing)
docker pull ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latest
docker run -d \
-p 8080:80 \
-e SCRAMBLE_ON_START=false \
-e WORDPRESS_DB_HOST=mysql \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=password \
-e WORDPRESS_DB_NAME=wordpress \
ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latestdocker network create wordpress-net
# Start MySQL
docker run -d \
--name mysql \
--network wordpress-net \
-e MYSQL_ROOT_PASSWORD=rootpass \
-e MYSQL_DATABASE=wordpress \
-e MYSQL_USER=wordpress \
-e MYSQL_PASSWORD=password \
-v mysql-data:/var/lib/mysql \
mysql:8.0
# Start WordPress (non-scrambled mode)
docker run -d \
--name wordpress \
--network wordpress-net \
-p 8080:80 \
-e SCRAMBLE_ON_START=false \
-e WORDPRESS_DB_HOST=mysql \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=password \
-e WORDPRESS_DB_NAME=wordpress \
ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latestVisit http://localhost:8080 to complete WordPress installation.
WordPress files and uploads need persistent storage for production use.
WordPress files should be mounted at /wordpress in the container. The container will handle symlinking or copying files to /var/www/html (Apache's document root) based on the SCRAMBLE_ON_START setting:
- When
SCRAMBLE_ON_START=false: Creates a symlink from/var/www/htmlto/wordpress(files remain unmodified) - When
SCRAMBLE_ON_START=true: Deep-copies/wordpressto/var/www/htmland scrambles all PHP files (original files in/wordpressremain untouched)
Mount an empty directory or Docker volume at /wordpress and WordPress will automatically populate it with default files on first startup:
# Using a Docker volume (recommended)
docker volume create wordpress-files
docker run -d \
--name wordpress \
-p 8080:80 \
-e SCRAMBLE_ON_START=false \
-e WORDPRESS_DB_HOST=mysql \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=password \
-e WORDPRESS_DB_NAME=wordpress \
-v wordpress-files:/wordpress \
ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latest
# Or using a host directory
mkdir -p ./wordpress-data
docker run -d \
--name wordpress \
-p 8080:80 \
-e SCRAMBLE_ON_START=false \
-e WORDPRESS_DB_HOST=mysql \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=password \
-e WORDPRESS_DB_NAME=wordpress \
-v ./wordpress-data:/wordpress \
ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latestWhat happens on first startup:
- The container detects the empty
/wordpressdirectory - WordPress core files are automatically copied from
/usr/src/wordpress - Your mounted directory is now populated and ready to use
- Subsequent restarts reuse existing files (no re-copy)
- Based on
SCRAMBLE_ON_START, files are either symlinked or copied to/var/www/html
To use your own existing WordPress installation:
docker run -d \
--name wordpress \
-p 8080:80 \
-e SCRAMBLE_ON_START=false \
-e WORDPRESS_DB_HOST=mysql \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=password \
-e WORDPRESS_DB_NAME=wordpress \
-v /path/to/your/wordpress:/wordpress \
ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latestFor more granular control, mount individual directories:
docker run -d \
--name wordpress \
-p 8080:80 \
-e SCRAMBLE_ON_START=false \
-e WORDPRESS_DB_HOST=mysql \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=password \
-e WORDPRESS_DB_NAME=wordpress \
-v wordpress-files:/wordpress \
-v wordpress-plugins:/wordpress/wp-content/plugins \
-v wordpress-themes:/wordpress/wp-content/themes \
-v wordpress-uploads:/wordpress/wp-content/uploads \
ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latest# Create network
docker network create wordpress-net
# Create volumes for persistence
docker volume create mysql-data
docker volume create wordpress-files
# Start MySQL with persistent storage
docker run -d \
--name mysql \
--network wordpress-net \
-e MYSQL_ROOT_PASSWORD=rootpass \
-e MYSQL_DATABASE=wordpress \
-e MYSQL_USER=wordpress \
-e MYSQL_PASSWORD=password \
-v mysql-data:/var/lib/mysql \
mysql:8.0
# Start WordPress with persistent storage (non-scrambled)
docker run -d \
--name wordpress \
--network wordpress-net \
-p 8080:80 \
-e SCRAMBLE_ON_START=false \
-e WORDPRESS_DB_HOST=mysql \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=password \
-e WORDPRESS_DB_NAME=wordpress \
-v wordpress-files:/wordpress \
ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latestRuns with standard PHP (vanilla mode) - recommended for development and when you don't need encryption:
docker run -d \
-p 8080:80 \
-e SCRAMBLE_ON_START=false \
-e WORDPRESS_DB_HOST=mysql \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=password \
-e WORDPRESS_DB_NAME=wordpress \
-v wordpress-files:/wordpress \
ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latestRuns with encrypted/scrambled PHP for enhanced protection - use in production for source code protection:
docker run -d \
-p 8080:80 \
-e SCRAMBLE_ON_START=true \
-e WORDPRESS_DB_HOST=mysql \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=password \
-e WORDPRESS_DB_NAME=wordpress \
-v wordpress-files:/wordpress \
ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latestImportant Notes:
- When
SCRAMBLE_ON_START=true, WordPress files are deep-copied from/wordpressto/var/www/htmland all PHP files are scrambled - Original files in
/wordpressremain untouched and readable - Scrambling replaces PHP keywords in the source code with scrambled equivalents
- PHP execution uses the scrambled parser for additional protection
- When
SCRAMBLE_ON_START=false, files are symlinked (no copying or scrambling) - Performance impact is minimal
- Switch between modes by changing
SCRAMBLE_ON_STARTvalue and restarting the container
- When
SCRAMBLE_ON_START=true, the scrambling dictionary (/var/lib/encrypted-execution/token-map.json) MUST exist - If the dictionary is missing, the container will FAIL TO START with an error
- This is a fail-fast security mechanism to prevent running unscrambled code when scrambling is expected
- The container logs will show:
ERROR: SCRAMBLE_ON_START is enabled but dictionary file not found - This is intentional - if you expect scrambling but it's not happening, that's a critical security failure
This image uses a layered architecture:
- Base:
encrypted-php8.5-apache-debian- Core PHP with encryption support - WordPress PHP Base:
wordpress-php8.5-apache- Adds WordPress extensions - WordPress: Adds WordPress 6.9 and configuration
- WordPress: 6.9
- PHP: 8.5.2
- Variants: Apache only (PHP 8.5)
# Clone the repository
git clone https://github.com/encrypted-execution/wordpress.git
cd wordpresscd wordpress-php-base
./build.sh
# Or manually:
docker build -t ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latest .cd latest/php8.5/apache
docker build -t wordpress-encrypted:latest .The repository includes a docker-compose.yml for testing:
cd test
docker compose up
# Visit http://localhost:8080services:
wordpress:
image: ghcr.io/encrypted-execution/encrypted-wordpress-php8.5-apache:latest
ports:
- "8080:80"
environment:
SCRAMBLE_ON_START: "false" # Set to "true" for encrypted mode
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
- wordpress_data:/wordpress
depends_on:
- db
networks:
- wordpress_network
db:
image: mysql:8.0
environment:
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
MYSQL_ROOT_PASSWORD: rootpassword
volumes:
- db_data:/var/lib/mysql
networks:
- wordpress_network
volumes:
wordpress_data:
db_data:
networks:
wordpress_network:
driver: bridgeTo test with encrypted PHP, change the environment variable:
services:
wordpress:
environment:
SCRAMBLE_ON_START: "true" # Enable encryptionOr use environment file:
# .env file
SCRAMBLE_ON_START=true
WORDPRESS_DB_HOST=db
WORDPRESS_DB_USER=wordpress
WORDPRESS_DB_PASSWORD=wordpress
WORDPRESS_DB_NAME=wordpressThen reference in docker-compose.yml:
services:
wordpress:
env_file: .env
volumes:
- wordpress_data:/wordpressStandard WordPress environment variables are supported:
WORDPRESS_DB_HOST- MySQL host (default: mysql)WORDPRESS_DB_USER- MySQL userWORDPRESS_DB_PASSWORD- MySQL passwordWORDPRESS_DB_NAME- MySQL database nameWORDPRESS_TABLE_PREFIX- Table prefix (default: wp_)WORDPRESS_DEBUG- Enable debug mode (default: empty/disabled)WORDPRESS_CONFIG_EXTRA- Additional PHP configuration
SCRAMBLE_ON_START- Enable PHP symbol scrambling (true/false, default: false)
- SOLUTION.md - Implementation details and architecture
- TESTING_STATUS.md - Testing documentation and results
- ACTION_PLAN.md - Development planning and roadmap
wordpress/
├── wordpress-php-base/ # WordPress PHP base image with extensions
│ ├── Dockerfile
│ └── build.sh
├── latest/php8.5/apache/ # WordPress 6.9 image
├── beta/php8.5/apache/ # Beta WordPress image
├── Dockerfile.template # Template for generating Dockerfiles
├── versions.json # Version configuration
├── apply-templates.sh # Dockerfile generator
└── test/ # Testing setup
└── docker-compose.yml
This is a specialized fork for encrypted-execution. For contributions:
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
For issues with the base WordPress functionality, please refer to the upstream Docker WordPress repository.
For issues specific to encrypted-execution integration, please open an issue in this repository.
Archis Gore
- GitHub: @archisgore
- Repository: encrypted-execution/wordpress
This project builds upon the excellent work of:
- Docker Community - For creating and maintaining the Docker Official WordPress Image
- WordPress Community - For the amazing WordPress CMS
- PHP Community - For the PHP language and ecosystem
We are grateful for the solid foundation provided by these communities, which made this encrypted-execution variant possible.
This project inherits the license from the upstream Docker WordPress repository.
The encrypted-execution modifications are maintained separately and are subject to their own licensing terms.
- This Repository: https://github.com/encrypted-execution/wordpress
- Encrypted-Execution PHP: https://github.com/encrypted-execution/php
- Upstream WordPress Image: https://github.com/docker-library/wordpress
- WordPress: https://wordpress.org
- Docker Hub (Upstream): https://hub.docker.com/_/wordpress/
For support with:
- Encrypted-execution features: Open an issue in this repository
- WordPress functionality: Refer to WordPress Support
- Docker base image: Refer to Docker WordPress Issues
Note: This is a specialized WordPress image for encrypted-execution use cases. For standard WordPress deployments, we recommend using the official WordPress Docker image.