How to Install WordPress on a VPS Server

Welcome dear reader- if you just signed up for a VPS plan, you are probably looking for a way to install WordPress on the operating system. Some infrastructure providers may provide with WordPress Installers that you can use from inside their interface, but in this article I will share some of the manual steps you can take to install WordPress on a VPS Server.

Table of contents

• What is WordPress and Why Do You Need It?
• Download and Install the Latest Version of WordPress
• Configure your MySQL Database for WordPress
• How To Securely Install WordPress On a VPS Server?
• Correct Files & Folders Permissions for WordPress
• Create a Virtual Host for WordPress with Apache 2
• Where to Find Themes & Plugins Files in WordPress?
• Conclusion

What is WordPress and Why Do You Need It?

The open-source WordPress software package, licensed under GPLv2, is a low-code website management software to create dynamic websites without the need to code. WordPress features a Plugins and Themes System that is highly popular amongst open-source developers and a Registry of Free Plugins and Themes that can be applied to build next-generation websites.

In case you haven’t used WordPress before, it is free of charge and comes with the most basic utilities already installed. After you install WordPress on a VPS Server, you won’t have to come back to the source code. In fact, WordPress offers loads of possibilities to extend the software using Themes and Plugins.

You may need WordPress to build your small enterprise website, or maybe to sell items online in a custom e-commerce shop that you’d setup with WordPress and WooCommerce, which is also free.

If you are looking for a way to change the WordPress Site URL, have a look at this related article here.

Download and Install the Latest Version of WordPress

Head over to the WordPress website to download the latest version, or download it with this link. It will download a ZIP-archive that contains the source code necessary to run WordPress on a VPS Server, or on your computer.

If you prefer to work with the Terminal, you can download the latest archive with the following command:

wget https://wordpress.org/latest.zip
cp latest.zip /var/www/public_html/

You can execute the above command directly from your VPS Server, after having connect over SSH. Typically, VPS providers create a public_html or hosts folder in /var/www, this is where you must place the download ZIP-archive.

Next, we can go ahead and uncompress the archive, this will create a folder named wordpress, which sets our document root at /var/www/public_html/wordpress. We will refer to the document_root later on when configured the Apache2 Virtual Host on your VPS Server.

cd /var/www/public_html
unzip latest.zip

The source code to run WordPress is now installed on your VPS Server. Next we will have to connect to a MySQL database to make sure WordPress can be configured correctly.

Configure your MySQL Database for WordPress

Now, we are going to create a new database to install WordPress on a VPS Server, and we are going to create a MySQL User so that your website database can be protected accordingly. Note that we highly discourage to use the root MySQL user account to connect websites to a database.

Create a MySQL Database and User and Grant Permissions

Note that you can change the database name from db_wordpress to something that is related to your website.

CREATE DATABASE db_wordpress;
CREATE USER 'webWordPress'@'localhost' IDENTIFIED BY 'CrazyPassword!';
GRANT ALL PRIVILEGES ON db_wordpress.* TO 'webWordPress'@'localhost';

The first of these three MySQL commands creates a new empty database, the second creates a user that identifies by password and the last authorizes the created user to manipulate / manage the WordPress database. You can also give the user less privileges (not using GRANT ALL) but the above serves well for a quick start with WordPress.

We recommend that you use a much more complicated password for the MySQL User than the one set in this article. The credentials to connect to you MySQL database should be kept private and must not be simple to guess or to bruteforce.

Connect WordPress to Your MySQL Database

Now that you have created a database and user, you can start configuring WordPress to connect to the database. This happens in wordpress/wp-config.php – in case this file doesn’t exist yet, you may execute the following command:

cd /var/www/public_html/wordpress
cp wp-config-sample.php wp-config.php

Open this file to configure the connection of your WordPress instance to the database. Find the following values and update them with the connection details we just created:

define('DB_NAME', 'db_wordpress');
define('DB_USER', 'webWordPress');
define('DB_PASSWORD', 'CrazyPassword!');

How To Securely Install WordPress On a VPS Server?

WordPress features a random salt generator online, in the form of a HTTP API that you can find here. The values returned by this API can be put inside your wp-config.php file to secure your WordPress instance with an initial set of random salts.

define('AUTH_KEY',         '9kr18^3b2v2q+CY~2yiK Ul0#5MGO4xO:OWMl25aHa; Riz9Vya~Zc</Jxh5Qbz^');
define('SECURE_AUTH_KEY',  '%0=`k_G!y1~<|$D&W?HF;e}n+r-q4-gEuy=92>cO55!aTh#il{%BhCd5=+xj1$F0');
define('LOGGED_IN_KEY',    '@uW+vHh4*3jeO-Avt`eL,+7JiZVC_0.sFu:Gy;X*,z{(SqLZy0dl;n+7fT9V#@p;');
define('NONCE_KEY',        'fFX+F`*qXY%ZVIMx|VaL^BaNm(!5!3OVT5~=>pAo2>.R?+|ZFv-x+)(``^$U|v3/');
define('AUTH_SALT',        'G|@]wk]|~^dg^zQWb+L6OXT(O<;Cv+-3rz)5W+n|i&|HKX*~l7>[P[$$DDt7uc-H');
define('SECURE_AUTH_SALT', 'YIiORF|UTIaT}YiLAcNO?JGXX?xgr7rjY(DS5%%-TEjp2/z%*7Z`sAoX]-ZIc-V9');
define('LOGGED_IN_SALT',   '9LLHG12z5Aq32Hy+0 G0Y$$d{dR2b?eoB%-E6jq*i`3r,xZCY4@UQt=B-fr[ya{q');
define('NONCE_SALT',       '%>D`DP? 9_-5+Iu7Y(6F+)/|tP}Yv~k?+VLw<}m9p_+JqP)9h2A*|,]g|F+#MJ%A');

The above salts are used for different purposes across the WordPress source code and provide a random source of complex keys that can be used as the backbone for encryption algorithms, such as these used to authenticate users.

We recommend that you visit the WordPress API at: https://api.wordpress.org/secret-key/1.1/salt/ – and get your own set of random keys – rather than copying the ones in this article.

Correct Files & Folders Permissions for WordPress

Typically, all files should be owned by your user (ftp or user) account on your web server, and should be writable by that account. On shared hosts, please make sure that your files are not owned by the webserver process itself (apache, www-data or nobody user).

Execute the following commands to set files and folders permissions on your WordPress:

cd /var/www/public_html/wordpress/
find . -type d -exec sudo chmod 755 {} \;
find . -type f -exec sudo chmod 644 {} \;

The above command set a general file permissions scheme of 644, which means that only the owner can write the files, and it sets a general folder permissions scheme of 755, which means that all users may read and execute the folder, but only the owner can write to the folder.

Next, we will harden the permissions scheme, by making sure that the web server process only has access to wp-content/ and .htaccess so that WordPress can also create rewrite rules for you. All the other files and folders will be assigned to your user account, and are not writeable by the web server process.

sudo chown -R "$(id -un)":"$(id -un)" *
sudo chown -R www-data:"$(id -un)" wp-content/
sudo chown www-data:"$(id -un)" .htaccess

There is one file in your WordPress website that you should protect a little more, that is the wp-config.php file, which contains your database credentials and the security keys generated when you install WordPress on a VPS Server. We will now change the file permissions for the wp-config.php file so that writing to it is not possible and so that any other account than the owner wouldn’t even be able to open the file:

sudo chmod 400 wp-config.php

Create a Virtual Host for WordPress with Apache 2

Now that we have secured the WordPress instance, we can deploy it using Apache 2. The Apache software is only one example of a Web Server that can host WordPress websites, you could be using nginx here, as well. Writing a virtual host that deploys a WordPress instance on your web server is relatively simple.

Create a new virtual host file inside /etc/apache2/sites-available that you name wordpress.conf. Note that you may need sudo access to write files in this folder. In this file, add the following virtual host configuration:

<VirtualHost *:80>
    # (1)
    ServerName example.com
    ServerAlias www.example.com

    # (2)
    DocumentRoot /var/www/public_html/wordpress

    # (3)
    <Directory /var/www/public_html/wordpress>
        Options -Indexes +FollowSymLinks -MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
        Require all granted
    </Directory>

    # (4)
    CustomLog /var/log/apache2/example.com-access.log combined
    ErrorLog /var/log/apache2/example.com-error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn
</VirtualHost>

In the above, we start with (1) mapping a domain name to the virtual host as well as some aliases that should also trigger the display of this website, as you can see here we use the root domain name as the ServerName and then set any subdomain(s) in the ServerAlias directive.

Next, in (2) we configure the document root of the website, this is where your web server will expect to find a index.php file that it will execute by default. In (3) then, we configure Apache to allow .htaccess to be used using the AllowOverride directive and in (4) we set custom logging files where we expect our website traffic to be presented as well as errors generated by WordPress.

Now, you must create a symbolic link to this virtual host file inside /etc/apache2/sites-enabled, such that Apache enables your website the next time it will be restarted.

cd /etc/apache2/sites-enabled
sudo ln -s ../sites-available/wordpress.conf .

And you are good to go, restart your Apache server with sudo service apache2 restart or with systemctl apache2 restart and your website should appear in your browser!

Where to Find Themes & Plugins Files in WordPress?

Themes and Plugins files in WordPress are part of what enables you to customize your WordPress Website, so you will often need to know about these files in case there is any problem with a Theme or a Plugin in WordPress.

You can find these files in the following folders:

wp-content/themes/
wp-content/plugins/

What about uploads you ask? Same principle, they are user-generated files and folders, so they are available under:

wp-content/uploads/

Conclusion

That’s it already if what you were trying is to install WordPress on a VPS Server. Hopefully this article was helpful for you and make sure to leave a comment below in the comments section if you have any questions or feedback about the content of this article.