14. Installing WordPress

14.1. Introduction to WordPress Installation

After setting up your LEMP stack and configuring Nginx server blocks, you’re ready to install WordPress. This process involves creating a database, downloading WordPress, configuring it, and setting the proper permissions.

Clean Installation

This guide covers a fresh WordPress installation. If you’re migrating an existing site, you’ll need additional steps to transfer your content and database.

14.2. Creating a Database for WordPress

WordPress requires a MySQL/MariaDB database to store its content. Let’s create one:

# Log into MariaDB as root
sudo mysql

Once logged in, create a database and user with the following commands:

-- Create a new database
CREATE DATABASE wordpress_db;

-- Create a new user with a strong password
CREATE USER 'wordpress_user'@'localhost' IDENTIFIED BY 'your_strong_password';

-- Grant the user all privileges on the database
GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wordpress_user'@'localhost';

-- Apply the changes
FLUSH PRIVILEGES;

-- Verify the grants
SHOW GRANTS FOR 'wordpress_user'@'localhost';

-- Exit MariaDB
EXIT;

Security Note

Replace 'your_strong_password' with an actual strong password. You can generate a random password using:

cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 30 | head -n 1

14.2.1. Database Management Commands (Reference)

Here are some useful MariaDB commands for reference:

-- List all databases
SHOW DATABASES;

-- List all users
SELECT host, user FROM mysql.user;

-- Delete a database
DROP DATABASE database_name;

-- Delete a user
DROP USER 'username'@'localhost';

-- Select a database to use
USE database_name;

-- Show tables in the current database
SHOW TABLES;

-- Show structure of a table
DESCRIBE table_name;

14.3. Downloading and Extracting WordPress

Now let’s download and extract the latest version of WordPress:

# Navigate to your home directory
cd ~

# Download the latest WordPress package
wget https://wordpress.org/latest.tar.gz

# Extract the archive
tar xf latest.tar.gz

# Verify the extraction
ls -la wordpress/

14.4. Configuring WordPress

14.4.1. Creating and Editing the Configuration File

# Navigate to the WordPress directory
cd ~/wordpress/

# Create a configuration file from the sample
cp wp-config-sample.php wp-config.php

# Edit the configuration file
nano wp-config.php

Update the database settings in the configuration file:

// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress_db' );

/** Database username */
define( 'DB_USER', 'wordpress_user' );

/** Database password */
define( 'DB_PASSWORD', 'your_strong_password' );

/** Database hostname */
define( 'DB_HOST', 'localhost' );

14.4.2. Generating and Adding Security Keys

WordPress uses security keys to enhance the security of your installation. Generate these keys:

# Generate security keys
curl -s https://api.wordpress.org/secret-key/1.1/salt/

Copy the output and replace the placeholder section in your wp-config.php file:

/**#@+
 * Authentication unique keys and salts.
 */
define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );
/**#@-*/

14.4.3. Adding Additional Security Settings

Add these lines at the end of your wp-config.php file, before the line that says “That’s all, stop editing!”:

/** Allow direct updates without FTP */
define('FS_METHOD', 'direct');

/** Disable editing of themes and plugins using the built-in editor */
define('DISALLOW_FILE_EDIT', true);

/** Disable automatic WordPress updates */
define('WP_AUTO_UPDATE_CORE', false);
define('AUTOMATIC_UPDATER_DISABLED', true);

14.5. Installing WordPress Files

Now that WordPress is configured, let’s copy the files to your web root directory:

# Navigate back to your home directory
cd ~

# Copy WordPress files to your web root directory
sudo rsync -artv wordpress/ /var/www/example.com/public_html/

# Set the correct ownership
cd /var/www/example.com/
sudo chown -R www-data:www-data public_html/

# Verify the permissions
ls -la public_html/

14.6. Completing the Installation

Open your web browser and navigate to your domain (e.g., http://example.com). You should see the WordPress installation wizard. Follow these steps:

1. Select your language and click “Continue”
2. Enter the site information:
   • Site Title: Your website’s name
   • Username: Create an admin username (don’t use “admin”)
   • Password: Use a strong password
   • Your Email: Enter your email address
   • Search Engine Visibility: Check if you want to discourage search engines from indexing your site
3. Click “Install WordPress”

After installation completes, you can log in with your username and password at http://example.com/wp-login.php.

Post-Installation

After installing WordPress, it’s important to harden and optimize your installation for security and performance. We’ll cover these steps in the next sections.