Deploying a WordPress website via Ansible

WordPress is one of the most widely used website platforms. However one of the major issues with it is the lax security setups that are done when it is setup.  The follow Ansible script will setup a blank WordPress site. This script will automatically install PHP, NGINX, MariaDB and provide some fantastic security settings as well on an Ubuntu 18.04 server.


  • You will first need a server that will be used to host your website.  This must be Ubuntu 20.04
  • Then on your local PC that will actually be running the script you will need:
    • Ansible 2.8+, Python 3, PyMySQL (python module) passlib (python module) [Only for MacOS]
    • Ensure that your domain (both www and non-www) is pointing to your server’s IP
    • If you’re using CloudFlare, be sure that Full Encrypt is on. This will encrypts end-to-end, using a self signed certificate on the server.
    • To get the above running on your local PC run the following commands
sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt-get install -y ansible
ansible --version #ensure it is at least version 2.8
#python 3 with PyMySQL for Ubuntu
sudo apt-get install -y python-pymysql
python3 --version #should be installed by default on most PCs
#Python 3 with PyMySQL for MacOS
brew install python3
pip3 install PyMySQL

On your local PC you must be able to “SSH” directly into your remote server with a simple “SSH server_name” using the Ubuntu’s own default “ubuntu” user.

git clone wp-lemp
cd wp-lemp
echo "" > inventory #"" should be the domain you want to use
vim host_vars/
####Add the following to the file
#domain_name: "" # Do not add www. to the public domain
#lets_encrypt_email: "[email protected]"
#webmaster_user_password: "ChangeThis" #this is the user that controls Apache/nginx
#mysql_user_password: "SeriouslyChangeThis"
#mysql_root_password_update: true

#Install the required ansible roles using ansible-galaxy
ansible-galaxy install -r requirements.yml

#Run ansible on the site.yml playbook
ansible-playbook -i inventory site.yml

Now all that is needed is to install WordPress.  But be sure to have the following file permissions set AFTER installing wordpress: find public/ -type d -exec chmod 775 {} ; AND find public/ -type f -exec chmod 664 {} ; (run this as webmaster and take note that the public/ folder is where the wordpress files are found for your site)