Install and Setup WordPress on Ubuntu (LAMP Stack)

Launch your website: A detailed guide to installing WordPress, configuring Apache, MySQL, and essential security.

Estimated Time: Approximately 60 - 90 minutes (excluding prior LAMP setup)

Overview: What is WordPress?

WordPress is the world's most popular Content Management System (CMS), powering over 40% of all websites on the internet. It's a free and open-source platform that allows you to create and manage dynamic websites, blogs, and even e-commerce stores with ease, without needing extensive coding knowledge.

At its core, WordPress is a PHP application that uses a MySQL database to store all its content (posts, pages, comments, user data, settings). It typically runs on a web server like Apache or Nginx, making a LAMP (Linux, Apache, MySQL, PHP) stack an ideal environment.

Why Choose WordPress?

Ease of Use: User-friendly interface for content creation and management.
Extensive Customization: Thousands of themes and plugins to extend functionality and design.
Scalable: Suitable for small personal blogs to large corporate websites.
Large Community: Abundant resources, tutorials, and support available online.
Cost-Effective: Free software, only requiring hosting and domain.

Estimated Time

60 - 90 minutes

(Assuming a LAMP stack is already configured. If not, add 45-60 minutes for LAMP setup.)

Experience Level

Intermediate

Assumes basic familiarity with Linux terminal commands, Apache, MySQL, and DNS.

System Requirements & Prerequisites

Server: An Ubuntu 22.04 LTS or 20.04 LTS server. You need SSH access to this server.
LAMP Stack: A functional LAMP (Linux, Apache, MySQL, PHP) stack must be installed and running. If not, please follow our LAMP Stack Installation Guide first.
UFW Configured: UFW must be enabled and configured to allow HTTP (port 80) and HTTPS (port 443) traffic. (See our LAMP guide for `Apache Full` rule).
Registered Domain Name: A registered domain name (e.g., `yourdomain.com`) that you control.
DNS A Records: The DNS `A` records for your domain (e.g., `yourdomain.com` and `www.yourdomain.com`) must be pointed to your Ubuntu server's public IP address. **This is critical and must be done *before* starting this guide.**
Sudo Privileges: Access to a terminal as a non-root user with sudo privileges on your Ubuntu server.

Critical Warnings & Best Practices for WordPress

Security:
- **Strong Passwords:** Use complex, unique passwords for your WordPress admin, database user, and SSH login.
- **HTTPS (SSL/TLS):** Always secure your WordPress site with HTTPS using a trusted certificate (e.g., Let's Encrypt via Certbot). This is covered in Step 8.
- **Permissions:** Incorrect file permissions are a major security risk. Follow recommended permissions carefully.
- **Regular Updates:** Keep WordPress core, themes, and plugins updated to their latest versions to patch vulnerabilities.
DocumentRoot & Permissions: WordPress requires specific file ownership (`www-data:www-data` for files/directories it needs to write to) and permissions. Misconfigurations can lead to security vulnerabilities or functionality issues.
Separate Logs: Configure separate `ErrorLog` and `CustomLog` files for your WordPress virtual host to simplify troubleshooting.
Automated Backups: Implement a robust automated backup strategy for both your WordPress files and database. (Refer to our Automate Backups guide).
Fail2Ban: Consider installing Fail2Ban to protect your server (and thus your WordPress site) from brute-force attacks. (Refer to our Fail2Ban guide).

Step-by-Step Instructions

Step 1: Update System Packages & Verify LAMP Stack

Ensure your server is up-to-date and all LAMP components are correctly installed and running.

1. Update system packages:

sudo apt update && sudo apt upgrade -y

2. Verify Apache, MySQL, PHP:

                                            sudo systemctl status apache2

                                            sudo systemctl status mysql

                                            php -v

Apache and MySQL should show `active (running)`, and `php -v` should display your PHP version. If any are missing or not running, please refer to our LAMP Stack Installation Guide.

3. Install PHP modules for WordPress: WordPress requires a few additional PHP modules.

sudo apt install php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip -y

4. Restart Apache to load new PHP modules:

sudo systemctl restart apache2

Step 2: Create MySQL Database and User for WordPress

WordPress needs a dedicated database and a user with specific privileges to interact with it. Using a dedicated user with limited permissions is a key security practice.

Choose a strong, unique password for `your_wp_user_password`. Replace `your_wp_database`, `your_wp_user`, and `your_wp_user_password` with your desired values.

1. Log in to MySQL as root:

sudo mysql -u root -p

Enter the MySQL root password you set during your LAMP setup.

2. Execute the following SQL commands in the MySQL prompt (`mysql>`):

                                            CREATE DATABASE your_wp_database CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

                                            CREATE USER 'your_wp_user'@'localhost' IDENTIFIED BY 'your_wp_user_password';

                                            GRANT ALL PRIVILEGES ON your_wp_database.* TO 'your_wp_user'@'localhost';

                                            FLUSH PRIVILEGES;

                                            EXIT;

You've created a secure database and user for your WordPress site. Remember these credentials!

Step 3: Download and Extract WordPress Files

Now, we'll download the latest version of WordPress and place its files in a suitable location on your server.

Replace `yourdomain.com` with your actual domain name throughout this step.

1. Navigate to the `/tmp` directory (for temporary downloads):

cd /tmp

2. Download the latest WordPress archive:

wget -c http://wordpress.org/latest.tar.gz

3. Extract the WordPress archive:

tar -xzvf latest.tar.gz

This will create a `wordpress` directory containing all the WordPress files.

Step 4: Configure Apache Virtual Host for WordPress

We'll create a dedicated Apache Virtual Host for your WordPress site, ensuring it responds correctly to your domain name and uses the correct document root.

1. Create the WordPress document root directory:

sudo mkdir -p /var/www/yourdomain.com/public_html

2. Copy WordPress files to the document root:

sudo mv /tmp/wordpress/* /var/www/yourdomain.com/public_html/

This moves all files from the temporary `wordpress` folder into your new public HTML directory.

3. Set correct ownership and permissions for WordPress files:

                                            sudo chown -R www-data:www-data /var/www/yourdomain.com/public_html

                                            sudo find /var/www/yourdomain.com/public_html -type d -exec chmod 755 {} \;

                                            sudo find /var/www/yourdomain.com/public_html -type f -exec chmod 644 {} \;

These permissions are crucial for security and WordPress functionality. `www-data` is the user/group Apache runs as.

4. Create Apache virtual host configuration file:

sudo nano /etc/apache2/sites-available/yourdomain.com.conf

Paste the following, replacing `yourdomain.com` and `www.yourdomain.com` with your actual domain:

<VirtualHost *:80>
    ServerAdmin webmaster@yourdomain.com
    ServerName yourdomain.com
    ServerAlias www.yourdomain.com
    DocumentRoot /var/www/yourdomain.com/public_html

    ErrorLog ${APACHE_LOG_DIR}/yourdomain.com_error.log
    CustomLog ${APACHE_LOG_DIR}/yourdomain.com_access.log combined

    <Directory /var/www/yourdomain.com/public_html>
        Options Indexes FollowSymLinks
        AllowOverride All # Crucial for WordPress permalinks to work
        Require all granted
    </Directory>
</VirtualHost>

Save (`Ctrl+O`, `Enter`) and exit (`Ctrl+X`).

5. Enable Apache `mod_rewrite` module: WordPress uses this for pretty permalinks.

sudo a2enmod rewrite

6. Enable your new virtual host and disable the default one (if applicable):

                                            sudo a2ensite yourdomain.com.conf

                                            sudo a2dissite 000-default.conf # Only if replacing the default site

If `000-default.conf` is still enabled, it might interfere. Disabling it usually prevents this.

7. Test Apache configuration for syntax errors and restart:

                                            sudo apache2ctl configtest

                                            sudo systemctl restart apache2

You should see `Syntax OK` from `configtest`. Apache is now configured for WordPress!

Step 5: Configure WordPress `wp-config.php`

This file tells WordPress how to connect to your database and provides unique security keys.

1. Copy the sample configuration file:

sudo cp /var/www/yourdomain.com/public_html/wp-config-sample.php /var/www/yourdomain.com/public_html/wp-config.php

2. Open `wp-config.php` for editing:

sudo nano /var/www/yourdomain.com/public_html/wp-config.php

3. Edit Database Settings: Find the following lines and update them with the database credentials you created in Step 2:

# ...
define( 'DB_NAME', 'your_wp_database' );
define( 'DB_USER', 'your_wp_user' );
define( 'DB_PASSWORD', 'your_wp_user_password' );
# ...

4. Generate Unique Security Keys: This significantly increases the security of your WordPress installation.

Open a new browser tab and go to https://api.wordpress.org/secret-key/1.1/salt/.
Copy all the generated lines.
Paste them into your `wp-config.php` file, replacing the dummy lines.

Save (`Ctrl+O`, `Enter`) and exit `nano` (`Ctrl+X`).

`wp-config.php` is now configured. WordPress can connect to your database.

Step 6: Run WordPress Web Installation

Now that all server-side configurations are done, you can complete the WordPress installation through your web browser.

1. Open your web browser: Navigate to `http://yourdomain.com`.

If you see a blank page or an error, check your Apache logs (`/var/log/apache2/error.log`) and PHP error logs for clues.

2. Follow the WordPress installation wizard:

Language Selection: Choose your preferred language.
Welcome Screen: Click `Let's go!`. (The database details should auto-populate from `wp-config.php`).
Site Information:
- `Site Title`: Your website's name.
- `Username`: **Do NOT use 'admin'**. Choose a unique, strong username.
- `Password`: Use a very strong password.
- `Your Email`: An admin email address.
- `Search Engine Visibility`: Uncheck this if you want your site indexed by search engines immediately (default is usually fine).
Click `Install WordPress`.
On success, click `Log In`.

Congratulations! WordPress is now installed and accessible. You can log in to your admin dashboard.

Step 7: Post-Installation: Secure Your WordPress Site with HTTPS (Certbot)

Securing your WordPress site with HTTPS is critical for security, SEO, and user trust. We'll use Certbot and free SSL certificates from Let's Encrypt.

For a complete, detailed guide on Certbot setup, please refer to our dedicated guide: Secure Your Website with Certbot & Let's Encrypt.

1. Install Certbot (if not already):

                                            sudo snap install core

                                            sudo snap refresh core

                                            sudo snap install --classic certbot

                                            sudo ln -s /snap/bin/certbot /usr/bin/certbot

2. Obtain SSL Certificate and Configure Apache:

sudo certbot --apache

Follow the prompts: enter your email, agree to terms, select your domain(s) (`yourdomain.com` and `www.yourdomain.com`), and choose to redirect HTTP to HTTPS (option `2`).

Certbot will automatically configure Apache, and your site should now be accessible via `https://yourdomain.com` with a padlock icon!

Step 8: Post-Installation: Essential Security & Optimization (Recommended)

Once WordPress is running, implement these crucial steps for better security and performance.

A. Disable Directory Browsing

To prevent visitors from browsing directories without an `index.html` file, you should disable directory listing.

1. Edit your Apache virtual host file:

sudo nano /etc/apache2/sites-available/yourdomain.com-le-ssl.conf

After Certbot, your HTTPS config is in a file ending with `-le-ssl.conf`. If you didn't set up Certbot yet, edit `yourdomain.com.conf`.

2. Locate the `Options` line within the `<Directory /var/www/yourdomain.com/public_html>` block and remove `Indexes`:

# Change from:
Options Indexes FollowSymLinks
# To:
Options FollowSymLinks

Save and exit, then restart Apache:

sudo systemctl restart apache2

B. Secure `wp-config.php` (Advanced)

For an extra layer of security, you can move your `wp-config.php` file one directory above the `DocumentRoot`.

1. Move `wp-config.php`:

sudo mv /var/www/yourdomain.com/public_html/wp-config.php /var/www/yourdomain.com/wp-config.php

2. Modify `public_html/index.php` to include it:

sudo nano /var/www/yourdomain.com/public_html/index.php

At the top of the file, *above* the `/** Loads the WordPress Environment and Template */` line, add:

<?php
require_once( dirname(__FILE__) . '/../wp-config.php' );
require_once( ABSPATH . 'wp-settings.php' );
?>

This makes `wp-config.php` inaccessible directly via web requests.

C. Change Default 'admin' Username

If you accidentally used 'admin' as your WordPress username, change it immediately from the WordPress admin dashboard (Users > All Users > Edit your user). This is a common target for brute-force attacks.

D. Install Security Plugins

Consider installing a reputable WordPress security plugin like Wordfence, Sucuri, or iThemes Security. These can help with firewalls, malware scanning, login attempt limits, and more.

E. Adjust PHP Memory Limit

For larger WordPress sites or those with many plugins, you might need to increase PHP's memory limit.

1. Open PHP configuration:

sudo nano /etc/php/8.1/apache2/php.ini

Replace `8.1` with your actual PHP version.

2. Find `memory_limit` and change it (e.g., to 256M or 512M):

# Change from:
memory_limit = 128M
# To:
memory_limit = 256M

Save and exit, then restart Apache: `sudo systemctl restart apache2`

F. Implement Caching

Caching is vital for WordPress performance. Install a caching plugin (e.g., WP Super Cache, LiteSpeed Cache, W3 Total Cache) and configure it. You might also consider server-side caching like Nginx FastCGI Cache or Redis/Memcached with object caching.

G. Configure Cron Job for WordPress

WordPress has its own cron system. To ensure it runs reliably, it's best to disable WP-Cron and set up a system cron job.

1. Disable WP-Cron in `wp-config.php`:

sudo nano /var/www/yourdomain.com/wp-config.php

Add the following line, preferably above the `/* That's all, stop editing! Happy blogging. */` line:

define('DISABLE_WP_CRON', true);

Save and exit.

2. Set up system cron job:

sudo crontab -e -u www-data

`-u www-data` ensures the cron job runs as the Apache user, which has the correct permissions for WordPress files.

Add the following line to run WordPress cron every 5 minutes:

*/5 * * * * /usr/bin/php /var/www/yourdomain.com/public_html/wp-cron.php >/dev/null 2>&1

Save and exit. (For more details on cron jobs, see our Cron Jobs Automation Guide).

Final Verification Checklist

Confirm your WordPress installation is functional, secure, and ready for use:

LAMP Stack Active: Apache, MySQL, PHP are running. Essential PHP modules are installed.
Database Ready: MySQL database and dedicated user for WordPress are created.
Files in Place: WordPress files are in `/var/www/yourdomain.com/public_html` with `www-data` ownership.
Virtual Host Configured: `yourdomain.com.conf` is enabled, `mod_rewrite` is active, and Apache restarted.
`wp-config.php` Correct: Database credentials and security keys are set.
WordPress Accessible: You can access `https://yourdomain.com` in your browser and log into the admin dashboard.
HTTPS Active: Your site shows a padlock icon, and HTTP redirects to HTTPS.
Security Configured: Directory browsing is disabled, and `wp-config.php` is secured (if you followed these steps).

Conclusion & Next Steps

Congratulations! You have successfully installed and configured WordPress on your Ubuntu server, complete with Apache virtual hosts, MySQL database, and essential security measures including HTTPS. Your website is now live and ready for content!

From here, your WordPress journey truly begins. Consider these next steps to build, optimize, and maintain your site:

Install Themes & Plugins: Explore the vast WordPress ecosystem for themes to customize your site's appearance and plugins to extend its functionality (e.g., SEO, contact forms, galleries).
Performance Optimization: Beyond caching, consider image optimization plugins, CDN integration (e.g., Cloudflare or AWS CloudFront), and further PHP/MySQL tuning (refer to our MySQL Slow Log & Optimization guide).
Advanced Security: Implement additional security headers, disable XML-RPC if not needed, use two-factor authentication for admin login, and keep all components (WordPress core, themes, plugins) updated.
Automated Backups: Crucial! Set up a reliable automated backup solution for your entire WordPress site (files and database). Our Automate Backups guide can help.
Server Monitoring: Keep an eye on your server's resources (CPU, RAM, disk I/O) to ensure optimal performance as your site grows.
Learn WordPress: Explore the official WordPress documentation and community forums for ongoing learning and support.

Need Expert WordPress Development, Hosting, or Optimization? Contact Us!