Christmas Sale | Flat 20% OFF on Lifetime & All Themes Package. Use coupon code XMAS2024 Buy Now

WordPress Website Templates

Find Professional WordPress themes Easy and Simple to Setup

inner banner

How to set up WordPress


The most popular way to start with WordPress is to rent a server from a shared hosting provider and call it a day. There’s nothing wrong with this approach – it allows you to focus almost entirely on your website and its content – but there are certain advantages to setting up WordPress yourself.

Setting up WordPress on a server you control allows you to perform more in-depth configuration and typically offers better performance. If you buy a VPS from a provider such as BitLaunch, you also benefit from improved privacy.

Going it alone can be intimidating, but don’t let the length of the guide below and its code put you off. We’ll explain everything you need to do step-by-step. You’ll just have to copy and paste and make minor customization adjustments.

How to set up WordPress on Linux

Setting up WordPress is generally a three-step process:

  1. Install LEMP (Linux, Nginx, MySQL, PHP)
  2. Install WordPress
  3. Secure your WordPress installation

While it’s technically possible to install WordPress on a Windows server, there’s no good reason to do so if you have the choice. Linux is highly compatible with PHP and tends to be more stable and performant. As always, you should perform this installation on a non-root account where possible. You’ll find plenty of resources about setting one up online.

How to install LEMP

Once you have a Linux server or personal computer, installing the rest of the LEMP suite only requires a few commands. We’ll show them using Ubuntu, but you can replace “apt” with the default package manager of whichever distro you’re using:

sudo apt update
sudo apt install nginx -y
sudo apt install mysql-server -y
sudo mysql_secure_installation
sudo apt install php8.1-fpm php-mysql -y
sudo service nginx restart

You’ll want to choose the following options during the MySQL security setup:

– Validate password: Optional, adds more security for users.
– Remove anonymous user: Y
– Disallow remote root login: Y
– Remove test privilege tables: Y
– Reload privilege tables: Y

Next, you’ll want to edit your nginx configuration to ensure your server block can process php scripts correctly. To do so, type:

sudo nano /etc/nginx/sites-available/default

Select the entire section that starts with server { and ends with deny all; } } by placing your cursor at the beginning, pressing Alt + A, and moving the cursor down with arrow keys. Paste (right-click) this in its place:

server {
    listen 80;
    listen [::]:80;
    root /var/www/html;
    index index.php index.html index.htm;
    server_name example.com www.example.com;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}

You can change example.com to your domain name if you have one. Press Ctrl + O, followed by Ctrl + X to exit.

Test your config file to make sure there are no errors using:

nginx -t

If you get a success message,restart nginx to apply the changes:

systemctl restart nginx

Otherwise, check your config file for syntax errors and make sure you replaced the correct text.

Creating your WordPress database

Before installing WordPress, you need to create a MySQL database that can store all of its data. To do so, run the following commands:

mysql -u root -p
CREATE DATABASE wordpress;
CREATE USER wpadmin@localhost IDENTIFIED BY "securepassword";
GRANT ALL PRIVILEGES ON wordpress.* TO wpadmin@localhost;
exit

Make sure you change “secure password” to a long, complex password that uses a combination of numbers, letters, and symbols. Replace “wpadmin” with your username. You will need this information later, so please note it down somewhere secure.

Installing WordPress

Now, we can finally install WordPress itself. We’ll download and extract our files to the /var/www/ directory where our web server, nginx, searches for files:

cd /var/www/html
wget http://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz

Navigate to the /wordpress folder and edit the sample wordpress config file:

cd wordpress
sudo nano wp-config-sample.php

Look for the section that begins ** Database settings and enter the database information you noted down earlier in the relevant fields. For example:

database settings
Press Ctrl + O and delete -sample from the file name, then press enter, followed by Ctrl + X.

To complete the setup, go to the browser on your local PC and enter your IP address,, such as:

206.188.196.18/wordpress

Select your language and press next until you reach this screen:

Database Settings
Enter the database information you noted down earlier and press submit. Now all that’s left is to enter your site details and press “Install”. WordPress will install, and you can log in at /wp-admin to get started.

However, before you do so, you may want to consider implementing some additional security measures.

How to secure your WordPress installation

WordPress is a common target for attackers because it is widely used and often utilized by non-developers or IT professionals. Additionally, WordPress sites have commonalities that are easy to automate attacks against. For example, the login page is always at /wp-admin by default, comments on pages are usually open and use the same base WordPress code, etc.

Basic security principles will get you a long way with WordPress:

  • Use unique, secure passwords for your account backed by two-factor authentication.
  • Make sure the users you give advanced privileges to are trustworthy. For example, new hires can start on a probationary period during which they can’t publish without approval.
  • Don’t install plugins and scripts from untrusted sources. Stick to well-known solutions that have been widely used and thoroughly vetted. Check plugins against a WordPress vulnerability database.
  • Disable comments or require them to go through an approval process before publication.
  • Ensure WordPress itself, as well as plugins, themes, and your underlying server packages, are up to date.
  • Regularly back up your database to another location so that you can restore it after any attack.
  • Don’t install themes from sketchy “cracked/nulled WordPress theme” sites. Often, the pirate inserts code that will compromize your site and users to distribute malware and more. Stick to reputable providers such as Grace Themes.

You can also make more specific tweaks to improve your WordPress security:

  1. Install a plugin to limit the number of login attempts. This will help protect against brute-force attacks.
  2. Change the URL of your login page to reduce automated login attacks. You can do this using a plugin.
  3. Generate a .htpassword file using Htaccess Tools, upload it to your server, and add a customized version of this code to .htaccess.
  4. AuthName "Admins Only"
    AuthUserFile /home/public_html/wp-admin/htpasswd/.htpasswd
    AuthType basic
    Require user Secur3UserName
    
    <Files admin-ajax.php>>
        Order allow,deny
        Allow from all
        Satisfy any
    </Files>
    
  5. Protect your wp-includes folder by adding the following code to .htaccess outside the #BEGIN and #END tags. You can remove this later if needed.

    <IfModule mod_rewrite.c>
    RewriteEngine On  
    RewriteBase /  
    RewriteRule ^wp-admin/includes/ - [F,L] 
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L] 
    </IfModule> 
    

Closing words

There’s always more we could say about WordPress customization, configuration, and use, but this guide should be enough to get you started on your journey while giving you a crucial understanding of key WordPress concepts. For more guidance, we recommend you read through the official WordPress Advanced Administration Handbook, which is full of advice on security, management, optimization, and more.