diff --git a/pillar/secrets/mariadb.sls.sample b/pillar/secrets/mariadb.sls.sample
index e0bc659..15526dc 100644
--- a/pillar/secrets/mariadb.sls.sample
+++ b/pillar/secrets/mariadb.sls.sample
@@ -1,2 +1,3 @@
 mariadb:
-  root_pw: 'password'
+  root_pw: 'havoc'
+  havoc_pw: 'mNa4dkxs'
diff --git a/pillar/top.sls b/pillar/top.sls
index 4c8c277..2564c9f 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -2,6 +2,7 @@ base:
   'hedwig.lunch.org.uk':
     - secrets/certificates
     - secrets/mariadb
+    - secrets/wordpress
   'scabbers.lunch.org.uk':
     - secrets/dnsapi
     - secrets/gitea
diff --git a/states/backup/hedwig_backup2l.conf b/states/backup/hedwig_backup2l.conf
index 1fa28b8..2f2d2f7 100644
--- a/states/backup/hedwig_backup2l.conf
+++ b/states/backup/hedwig_backup2l.conf
@@ -22,7 +22,7 @@ VOLNAME="all"
 
 # List of directories to make backups of.
 # All paths MUST be absolute and start with a '/'!
-SRCLIST=(/etc /root /home /var/mail /usr/local)
+SRCLIST=(/etc /root /home /var/mail /usr/local /var/lib/wordpress)
 
 # The following expression specifies the files not to be archived.
 # See the find(1) man page for further info. It is discouraged to
@@ -99,6 +99,8 @@ PRE_BACKUP ()
     # all installed packages to a file.
     #echo "  writing dpkg selections to /root/dpkg-selections.log..."
     #dpkg --get-selections | diff - /root/dpkg-selections.log > /dev/null || dpkg --get-selections > /root/dpkg-selections.log
+
+    mysqldump --all-databases > /root/mysql.sql
 }
 
 # This user-defined bash function is executed after a backup is made
diff --git a/states/havoc_website/config-www.cryhavoc.org.uk.php b/states/havoc_website/config-www.cryhavoc.org.uk.php
new file mode 100644
index 0000000..91b3869
--- /dev/null
+++ b/states/havoc_website/config-www.cryhavoc.org.uk.php
@@ -0,0 +1,13 @@
+<?php
+# Created by setup-mysql 
+define('DB_NAME', 'cryhavoc');
+define('DB_USER', 'havoc');
+define('DB_PASSWORD', '{{ pillar['mariadb']['havoc_pw'] }}');
+define('DB_HOST', 'localhost');
+define('DB_CHARSET', 'utf8');
+define('DB_COLLATE', '');
+define('SECRET_KEY', '{{ pillar['wordpress']['havoc_key'] }}');
+define('WP_CONTENT_DIR', '/var/lib/wordpress/wp-content-cryhavoc');
+define( 'FS_METHOD', 'direct' );
+define('WPLANG', 'en_GB');
+?>
diff --git a/states/havoc_website/cryhavoc.org.uk.conf b/states/havoc_website/cryhavoc.org.uk.conf
new file mode 100644
index 0000000..0829de0
--- /dev/null
+++ b/states/havoc_website/cryhavoc.org.uk.conf
@@ -0,0 +1,61 @@
+<IfModule mod_ssl.c>
+
+<VirtualHost *:443>
+        ServerName www.cryhavoc.org.uk
+        ServerAlias cryhavoc.org.uk
+
+        ErrorLog /var/log/apache2/cryhavoc-error.log
+        CustomLog /var/log/apache2/cryhavoc-access.log combined
+
+        RemoteIPProxyProtocol On
+
+        DocumentRoot /usr/share/wordpress
+
+        Alias /wp-content /var/lib/wordpress/wp-content-cryhavoc
+
+        <Directory /var/lib/wordpress/wp-content-cryhavoc>
+                Order deny,allow
+                Allow from all
+                Require all granted
+        </Directory>
+
+        <Directory /usr/share/wordpress>
+            Options FollowSymLinks
+            AllowOverride Limit Options FileInfo
+            Order allow,deny
+            Allow from all
+            Require all granted
+            DirectoryIndex index.php
+
+            RewriteEngine On
+            RewriteBase /
+            RewriteRule ^index\.php$ - [L]
+            RewriteCond %{REQUEST_FILENAME} !-f
+            RewriteCond %{REQUEST_FILENAME} !-d
+            RewriteRule . /index.php [L]
+        </Directory>
+
+	SSLEngine on
+	SSLCertificateFile /var/local/certificates/cryhavoc.org.uk/fullchain.pem
+	SSLCertificateKeyFile /var/local/certificates/cryhavoc.org.uk/privkey.pem
+</VirtualHost>
+
+</IfModule>
+
+<VirtualHost *:80>
+        ServerName cryhavoc.org.uk
+        ServerAlias www.cryhavoc.org.uk
+
+        ErrorLog /var/log/apache2/cryhavoc-error.log
+        CustomLog /var/log/apache2/cryhavoc-access.log combined
+
+        RemoteIPProxyProtocol On
+
+        <IfModule rewrite_module>
+                #
+                # This redirects all accesses to the HTTPS version of the site.
+                #
+                RewriteEngine On
+                RewriteRule ^/?(.*) https://www.cryhavoc.org.uk/$1 [R=301,L]
+        </IfModule>
+</VirtualHost>
diff --git a/states/havoc_website/init.sls b/states/havoc_website/init.sls
new file mode 100644
index 0000000..c6f2c74
--- /dev/null
+++ b/states/havoc_website/init.sls
@@ -0,0 +1,34 @@
+havoc_wordpress:
+  pkg.installed:
+    - name: wordpress
+  mysql_user.present:
+    - name: havoc
+    - password: '{{ salt['pillar.get']('mariadb:havoc_pw', '') }}'
+  mysql_database.present:
+    - name: cryhavoc
+  mysql_grants.present:
+    - grant: all privileges
+    - database: cryhavoc.*
+    - user: havoc
+  file.managed:
+    - name: /etc/wordpress/config-www.cryhavoc.org.uk.php
+    - source: salt://havoc_website/config-www.cryhavoc.org.uk.php
+    - template: jinja
+
+havoc_website:
+  file.managed:
+    - require:
+      - sls: apache
+      - sls: certificates/client
+    - names:
+      - /etc/apache2/sites-available/www.cryhavoc.org.uk.conf:
+        - source: salt://havoc_website/cryhavoc.org.uk.conf
+  apache_site.enabled:
+    - require:
+      - file: /etc/apache2/sites-available/www.cryhavoc.org.uk.conf
+    - name: www.cryhavoc.org.uk
+  service.running:
+    - name: apache2
+    - reload: true
+    - watch:
+      - file: /etc/apache2/sites-available/www.cryhavoc.org.uk.conf
diff --git a/states/top.sls b/states/top.sls
index bc2455b..9d7dc67 100644
--- a/states/top.sls
+++ b/states/top.sls
@@ -12,6 +12,7 @@ base:
     - fail2ban
     - firewalls/hedwig
     - lunch_website
+    - havoc_website
 
   'scabbers.lunch.org.uk':
     - debian