Installing WordPress using best practices
When choosing which platform to build your website with, WordPress is a brilliant choice for most startups and small businesses. In fact over a third of all websites on the internet are built using WordPress.
The main reason for this is that WordPress offers:
- Customisable Designs. There are thousands of different templates to choose from and each can be easy to customise for your specific needs.
- SEO friendly. WordPress has many tools and features that can help your website rank well.
- Huge number of plugins. With over 50,000 different plugins you should be able to find almost anything you need your website to do with a simple few clicks and minimal setup.
- Easy to get started with. When starting out a new company it is important to get things up and running quickly. With WordPress you can get a website up and running within a few days.
- Good performance and high security. WordPress can handle large traffic loads and if setup correctly have great security too. Like everything though, it depends on who is setting up the website that impacts on these two points significantly.
Install Prerequisites
For the purpose of this tutorial we will assume that this is a brand new Ubuntu 18.04 server that has just completed all the steps in the previous tutorial, Setting up a secure server.
Installing Nginx
Nginx is more lightweight than Apache and often faster as seen in multiple tests. For this reason we will be using the LEMP stack instead of the more known LAMP stack. To get started simply install Nginx.
sudo apt-get -y install nginx
sudo systemctl enable nginx
sudo systemctl start nginx
You should have Nginx up and running now. Check by opening a tab in your browser with your server’s IP address. If you don’t know your server’s IP run: curl icanhazip.com
to get it. You should see the default, “Welcome to nginx!” page.
Installing MariaDB
Next up is to install your database. We will be using MariaDB for this. Install MariaDB and then strengthen your database security too.
sudo apt install mariadb-server mariadb-client -y
sudo mysql_secure_installation
sudo systemctl enable mariadb
sudo systemctl start mariadb
When running the “mysql_secure_installation” be sure to select “Y” for everything and use strong password option.
Next we must create the actual WordPress database (in this example we will call it wordpress_db). We must also ensure that the database has the correct character encoding so that it can store special characters. Lastly we will create a new mysql user (in this example we will call it wordpress_user) which will only have permissions to access the WordPress database and no other databases that might be on the server.
CREATE DATABASE wordpress_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'wordpress_user'@'localhost' IDENTIFIED BY 'strongPassword';
GRANT ALL ON wordpress_db.* TO 'wordpress_user'@'localhost';
FLUSH PRIVILEGES;
Installing PHP and Configuring Nginx
Since Nginx does not contain native PHP processing like Apache we need to install a few extra packages to get Nginx to work with PHP. For WordPress I’d recommend the following:
- php-fpm So Nginx can work with PHP
- php-mysql So Nginx can work with MySql
sudo apt-get install php-fpm php-mysql php-curl php-dom php-imagick php-mbstring php-zip php-gd php-intl php-soap php-bcmath php-opcache php-xml
sudo systemctl restart php8.3-fpm.service
sudo systemctl restart nginx
- Create a new file located at
/etc/nginx/sites-available/your_website
where “your_website” is the name of your website
For the .pem and .key file go CloudFlare then: SSL/TLS –> Origin Server and then create a 15 year .pem and .key file.
server {
listen 443 ssl;
server_name xxxx.com;
root /var/www/xxxx.com/public;
index index.php index.html index.htm;
ssl_certificate /etc/nginx/ssl/xxxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/xxxx.com.key;
error_log /var/www/xxxx.com/logs/errors.log;
access_log /var/www/xxxx.com/logs/access.log;
client_max_body_size 64M;
# Enable the rewrite module
rewrite_log on;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php-fpm.sock;
}
location ~ /.ht {
deny all;
}
}
- Then create a new directory to host the php code in.
mkdir /var/www/your_website
- Then assign correct file and folder permissions:
sudo usermod -aG www-data john
sudo chown -R webmaster:www-data /var/www/your_website
sudo chmod -R 775 /var/www/your_website
sudo chmod g+s /var/www/your_website
The first command will assign the user “john” to Nginx’s group which is known as “www-data”. Next we will change the group associated with that folder to be www-data and no longer root. Then we will give write access to the folder only for the www-data group. Lastly “g+s” will ensure that any new files or directories created within folder will inherit the group ownership of the parent directory.
- Next we need to remove the old “default” website and add the brand new website.
unlink /etc/nginx/sites-enabled/default
ln -snf /etc/nginx/sites-available/your_website /etc/nginx/sites-enabled/
Download WordPress
The final step is to download the latest version of WordPress and get it up and running. First we need to download and extract it, create some needed blank files (the contents will be added later) and then move the code to the required directory.
su john #change to the user that has access to the web folder first.
cd /tmp
curl -O https://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz
touch /tmp/wordpress/.htaccess
cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
cp -a /tmp/wordpress/* /var/www/your_website
Once that is done we need to improve the security a bit more. WordPress provides a secure generator for these values so that you do not have to try to come up with good values on your own. Run curl -s https://api.wordpress.org/secret-key/1.1/salt/
and copy all of that content and replace the same section in /var/www/your_website/wp-config.php file. Basically you need to update those default values.
Lastly update the DB_NAME, DB_USER and DB_PASSWORD in the wp-config.php file with your own values. Also it is recommended to use utf8mb4 as this can handle a wider range of characters, including emoji, special symbols, and less commonly used scripts. This is particularly useful if your website content or user input requires such characters. It is recommended to also place in FS_METHOD, FS_CHMOD_DIR and FS_CHMOD_FILE to avoid entering FTP credentials every time you try and upload a file.
define('DB_CHARSET', 'utf8mb4');
define('DB_COLLATE', 'utf8mb4_unicode_ci');
define('FS_METHOD', 'direct');
define('FS_CHMOD_DIR', 0755);
define('FS_CHMOD_FILE', 0644);
You can then open a web browser and go to http://[server’s ip] and complete the last of the web setup.