Testing web applications like WordPress or Drupal in a controlled environment is essential for any security researcher or bug bounty hunter. But if you've ever tried to replicate a production environment locally, you know the struggle: broken containers, port conflicts, and database connection errors that waste hours of valuable testing time.

In this guide, I'll walk you through three approaches to setting up testing environments-from the traditional manual method to the modern, streamlined solution that lets you deploy complete application stacks in under a minute.

Why Local Testing Environments Matter

When you're testing a target running a specific CMS version with particular plugins or configurations, having an identical local environment is crucial. It allows you to:

• Safely experiment without touching production systems
• Understand how vulnerabilities work before exploiting them
• Test payloads and exploits in isolation
• Document findings with reproducible steps

The challenge has always been the setup itself. Too often, researchers spend more time debugging their testing environment than actually hunting for bugs.

What You'll Need

Before diving into the technical details, here's what you should have ready:

Basic Docker Knowledge: You don't need to be an expert-just understand that Docker runs applications in isolated containers. That's sufficient for this guide.

A VPS: While you can run Docker locally, using a cloud VPS gives you consistent performance, public accessibility for testing webhooks, and the ability to run multiple environments simultaneously. Hostinger's VPS comes with Docker pre-installed, eliminating manual configuration.

The Traditional Approach: Manual Docker Commands

Let's start with how most people traditionally set up testing environments-running Docker commands manually.

To deploy a WordPress testing environment, you'd typically start by launching a MySQL database container:

docker run -d \
  --name wpdb \
  -e MYSQL_ROOT_PASSWORD=root \
  mysql:5.7

This creates a detached MySQL container named wpdb with a root password. Next, you'd launch WordPress and link it to the database:

docker run -d \
  --name wp \
  --link wpdb:mysql \
  -p 8080:80 \
  wordpress

This approach works, but it's fragile. Here's why:

Error-Prone Configuration: One typo in an environment variable-wrong password, incorrect hostname-and WordPress can't connect to MySQL. You'll spend time troubleshooting your setup instead of testing vulnerabilities.

No Persistence: Without properly configured volumes, rebooting or rebuilding containers means losing all your data. You'll have to start from scratch, reconfiguring everything.

Manual Cleanup: Stopping and removing containers requires additional commands:

docker stop wp wpdb
docker rm wp wpdb

Difficult to Reproduce: Sharing your setup with teammates or recreating it on another machine means remembering every command, every flag, every environment variable.

This manual approach wastes valuable time that should be spent on actual security testing.

The Better Way: Docker Compose

Docker Compose solves the chaos of manual container management by letting you define your entire stack in a single configuration file.

Instead of running multiple commands, you create a docker-compose.yml file that describes all services, their relationships, and configurations:

version: "3.8"
services:
  db:
    image: mysql:5.7
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wpuser
      MYSQL_PASSWORD: wppass
    volumes:
      - db_data:/var/lib/mysql
    networks:
      - wordpress_net
  wordpress:
    image: wordpress:latest
    ports:
      - "8080:80"
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_USER: wpuser
      WORDPRESS_DB_PASSWORD: wppass
      WORDPRESS_DB_NAME: wordpress
    depends_on:
      - db
    volumes:
      - wp_data:/var/www/html
    networks:
      - wordpress_net
volumes:
  db_data:
  wp_data:
networks:
  wordpress_net:

This configuration file provides several advantages:

Service Dependencies: The depends_on directive ensures the database starts before WordPress, preventing connection errors.

Persistent Storage: Named volumes (db_data and wp_data) preserve your data across container restarts and rebuilds.

Network Isolation: Services communicate over a dedicated network, preventing conflicts with other applications.

Environment Variables: All configuration is centralized and clearly documented in one place.

With this file ready, deployment becomes a single command:

docker-compose up -d

Docker Compose handles everything: pulling images, creating networks, mounting volumes, and starting containers in the correct order. Your WordPress environment is live in seconds.

To stop everything:

docker-compose down

And to start again with all your data intact:

docker-compose up -d

This approach is clean, repeatable, and portable. You can commit the YAML file to version control, share it with your team, or deploy it on any machine with Docker installed.

Understanding the YAML Structure

Let's break down the key components:

Services: Each service represents a container. In our example, db and wordpress are services.

Images: Specifies which Docker image to use. mysql:5.7 pulls MySQL version 5.7.

Environment Variables: Configuration passed to the container at runtime. WordPress needs database credentials to connect.

Volumes: Persistent storage that survives container deletion. Critical for preserving databases and uploaded files.

Networks: Isolated networks that allow services to communicate using service names as hostnames.

Ports: Maps container ports to host ports. 8080:80 makes WordPress accessible on port 8080.
 

The Game Changer: Hostinger's Docker Compose Manager

While Docker Compose dramatically improved the deployment experience, Hostinger's Docker Compose Manager takes it even further by adding a visual interface that eliminates the command line entirely.

Visual Dashboard Management

Instead of SSHing into your server and typing commands, you manage everything through a browser-based dashboard. The Docker Compose Manager provides three deployment methods:

1. GitHub URL Deployment: Paste a GitHub repository URL containing a docker-compose.yml file. The manager fetches and previews the configuration before deployment.

2. Direct YAML Upload: Paste your YAML configuration directly into the editor. The interface validates syntax and shows a preview of services.

3. Form-Based Builder: Build configurations visually without writing YAML. The manager generates the file in real-time as you fill out forms.

Deploying from GitHub

Let's say you want to deploy a WordPress testing environment. Instead of manually creating files, you can use a pre-built configuration:

https://raw.githubusercontent.com/docker/awesome-compose/master/wordpress-mysql/compose.yaml

Paste this URL into the Docker Compose Manager. It automatically:

• Fetches the configuration file
• Displays a preview of services, ports, and volumes
• Validates the YAML syntax
• Shows resource requirements

Click deploy, and watch the automated process:

1. Pulling Docker images
2. Creating volumes for persistent storage
3. Setting up isolated networks
4. Starting containers in dependency order
5. Configuring port mappings

In approximately 30 seconds, WordPress is running and accessible. The dashboard shows:

• Container status (running, stopped, error)
• Port mappings for access
• Resource usage (CPU, memory, network)
• Quick action buttons (restart, stop, view logs)

Manual Configuration with Form Builder

For custom environments, the form builder provides a guided approach. Let's deploy a Drupal testing environment:

1. Select the image: Choose drupal:latest from Docker Hub
2. Configure ports: Map internal port 80 to external port 8081
3. Set environment variables: Database credentials, site configuration
4. Add volumes: Persistent storage for modules and themes
5. Configure database service: MySQL or PostgreSQL with appropriate credentials

As you fill out the form, the right panel shows the generated YAML in real-time. This helps you learn YAML syntax while building configurations visually.

Managing Multiple Projects

The dashboard allows simultaneous management of multiple environments:

• WordPress on port 8080 for plugin testing
• Drupal on port 8081 for module analysis
• DVWA on port 8082 for vulnerability practice

Each project has its own status panel showing:

• Service health and uptime
• Real-time logs for debugging
• Resource consumption metrics
• Quick actions for lifecycle management

Built-in Terminal Access

When you need CLI access, the Docker Compose Manager includes a browser-based terminal. No separate SSH client required-just click the terminal icon and execute commands directly.

Why This Matters for Security Testing

For bug hunters and security researchers, the Docker Compose Manager provides significant advantages:

Rapid Environment Replication: Found a WordPress site running version 5.8 with a specific plugin? Deploy an identical test environment in 30 seconds.

Safe Experimentation: Test exploits and payloads without risk. If something breaks, rebuild instantly.

Consistent Infrastructure: Every team member works with identical environments, eliminating "works on my machine" issues.

Documentation and Reproducibility: YAML configurations serve as documentation. Share them in vulnerability reports to help developers reproduce issues.

Resource Efficiency: Run multiple testing environments on a single VPS. Containers use minimal resources compared to full virtual machines.

Practical Example: Deploying DVWA

Damn Vulnerable Web Application (DVWA) is essential for practicing web security techniques. Here's a Docker Compose configuration for DVWA:

services:
  dvwa:
    image: vulnerables/web-dvwa
    ports:
      - "8082:80"
    environment:
      - MYSQL_HOSTNAME=db
      - MYSQL_DATABASE=dvwa
      - MYSQL_USERNAME=dvwa
      - MYSQL_PASSWORD=p@ssw0rd
    depends_on:
      - db
    networks:
      - dvwa_net
  db:
    image: mariadb:10.1
    environment:
      - MYSQL_ROOT_PASSWORD=rootpass
      - MYSQL_DATABASE=dvwa
      - MYSQL_USER=dvwa
      - MYSQL_PASSWORD=p@ssw0rd
    volumes:
      - dvwa_db:/var/lib/mysql
    networks:
      - dvwa_net
volumes:
  dvwa_db:
networks:
  dvwa_net:

Using the Docker Compose Manager, you'd paste this configuration and click deploy. In under a minute, you have a fully functional DVWA instance ready for SQL injection practice, XSS testing, and other security exercises.

Best Practices for Testing Environments

Use Specific Versions: Instead of wordpress:latest, specify exact versions like wordpress:5.8 to match your target environment.

Implement Network Isolation: Use dedicated networks for each project to prevent interference between testing environments.

Configure Persistent Volumes: Always use named volumes for databases and application data to preserve work across container restarts.

Monitor Resource Usage: The Docker Compose Manager shows CPU and memory consumption. Use this to optimize your VPS sizing.

Regular Cleanup: Remove unused containers, images, and volumes to free up disk space and maintain performance.

Getting Started

To begin using this streamlined deployment approach:

1. Sign up for a Hostinger VPS with Docker pre-installed
2. Access the Docker Compose Manager from your dashboard
3. Choose your deployment method (GitHub URL, direct YAML, or form builder)
4. Deploy your first testing environment
5. Access your application via the provided IP and port

The VPS comes configured with Docker and the Compose Manager ready to use-no manual installation or configuration required.

Conclusion

The evolution from manual Docker commands to Docker Compose to visual management tools represents a significant leap in efficiency for security researchers and developers. What once required intimate knowledge of Docker CLI and careful command sequencing now happens through an intuitive interface.

Your time should be spent finding vulnerabilities, not troubleshooting deployment configurations. Whether you're testing WordPress plugins, analyzing Drupal modules, or practicing exploitation techniques, having reliable, rapidly deployable testing environments is essential.

The Docker Compose Manager eliminates the friction between "I need to test this" and "I'm testing this." That's where the real value lies-in reducing the time from idea to action, from discovery to exploitation, from hypothesis to validated finding.

For security researchers, bug bounty hunters, and penetration testers, this tool removes a persistent pain point and lets you focus on what matters: finding and documenting security issues.

Use code AmrSec for 10% off Hostinger VPS plans at hostinger.com/amrsec