Overview
The following post will showcase the steps how to install Wordpress with Nginx on Debian 10 and on Debian 11 as well. On a single Debian server we will install and configure the LEMP stack(Nginx, PHP and MariaDB) and at the end install and run Wordpress. In other words, our single Debian server will run the Nginx web server, the MariaDB server and run Wordpress altogether.
Wordpress can also be setup and run on multiple separate servers(separate web server and separate database server). If you need setup like that(with a remote database), you can check how to setup it on this post. Another method of installing and running Wordpress is with Docker, which is covered on this post.
How to install Wordpress with Nginx on Debian
Install necessary libraries and packages
sudo apt install nginx php-cli php-fpm php-mysql php-json php-opcache php-mbstring php-xml php-gd php-curl mariadb-server
Once the installation is complete, start Nginx and MariaDB if are not running and enable them to auto-start on boot.
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
sudo systemctl start mariadb.service
sydo systemctl enable mariadb.service
Configure the database
Start and configure the mariadb server with a database, user and grant privileges.
Before that, first it’s recommended to run the secure installation:
sudo mysql_secure_installation
When prompted for root password change, you can skip it but that depends on you do you need to change the root password or not. With the rest of the prompted questions, you can go ahead and go with Yes option. Similar like in the picture bellow:
then access the database server and create the database, a user and set privileges
sudo mysql -u root -p
CREATE DATABASE sampledbwp;
GRANT ALL ON sampledbwp.\* TO 'sample-admin'@'localhost' IDENTIFIED BY 'SamplePassword1';
quit
With these commands, we created the database - sampledbwp, created the user sample-admin on localhost and granted all privileges to read and write the database we just created.
Install and configure the Wordpress
Navigate to the following directory and download and extract the Wordpress installation:
cd /var/www/html/
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzfv latest.tar.gz
Switch to wordpress directory and rename the wp-config-sample.php file to wp-config.php
cd wordpress
mv wp-config-sample.php wp-config.php
Now we’re going to edit the Wordpress configuration file:
sudo nano wp-config.php
In the configuration file, we need to add the database user, database name and the password we created at MariaDB server and to add salt keys from - https://api.wordpress.org/secret-key/1.1/salt/ . Refer to the sample picture bellow:
Save and exit.
Set the correct permissions to the Wordpress installation in order to be accessible from the internet:
sudo chown -R www-data:www-data /var/www/html/wordpress
sudo chmod -R 755 /var/www/html/wordpress
Configure Nginx
Moving on to the nginx web server configuration. First step is to create the configuration file for out Wordpress website. Run the following command to start the text editor:
sudo nano /etc/nginx/sites-available/wordpress.conf
Bellow you’ll find the sample configuration:
server {
listen 80;
listen [::]:80;
root /var/www/html/**wordpress**;
index index.php index.html index.htm;
server_name **mysite.com www.mysite.com**;
error_log /var/log/nginx/mysite.com_error.log;
access_log /var/log/nginx/mysite.com_access.log;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Save and exit.
Note - Double check and confirm the root of your wordpress installation and the php-fpm version running on your server. Those must be matching in the configuration file.
In end, it should look something like this:
The default configuration still remains in the Nginx and is active. Until removed, your configuration will not take place, meaning your Wordpress website will not be reachable, so we need to remove the default configuration:
sudo rm /etc/nginx/sites-available/default
sudo rm /etc/nginx/sites-enabled/default
Create the symlink for our new Nginx wordpress configuration:
sudo ln -s /etc/nginx/sites-available/wordpress.conf /etc/nginx/sites-enabled/
After that, double check the configuration with:
sudo nginx -t
and restart Nginx
sudo systemctl restart nginx
Test if Wordpress is up in the browser by accessing it with either the server IP address or with the URL(if you have assigned the domain name) and complete the installation:
And that is it. You now have a Wordpress website up and running.
Few suggestions and security tips
Here I would like to point out few suggestions for safer and more secure Wordpress installation and how to maintain it.
- First suggestion is to delete - xmlrpc.php file
This file is not a crucial point of Wordpress and Wordpress can function without this file without any problems. Xmlrpc file was used at the early stages of Wordpress as a service, where bloging clients connect to Wordpress via xmlrpc to post new content(in short). This file now is a cause of many and various malicious attacks(DDoS, brute force and etc).
In this example, we can delete this file with the command:
sudo rm /var/www/html/wordpress/xmlrpc.php
One note as well - with each update/upgrade of Wordpress, this file will reappear, so it’s necessary to repeat acting each the Wordpress is updated.
- Delete wp-config-sample.php
In this post we renamed this file to the wp-config.php. We did this way since we manually added the database credentials for Wordpress to connect to the database server and added the salt keys as well. This file also reappears with each Wordpress update/upgrade and is suggested to delete it since it’s exposed to many malicious attack which can cause your site to be taken down.
- Hide wp-login url and add 2FA login
It’s highly suggested to change the default URL login in order to prevent brute force attacks and add two factor authentication login. You can do this easily with plugins such as - WPS Hide login and miniOrange 2-Factor. Also now Wordpress has it’s 2FA login as well by default.
- Add firewall plugin and do not use account with user name admin
One of the first plugins that it’s highly suggested to install is a firewall plugin, such is - Wordfence or Sucuri
Summary
We covered the steps how to install Wordpress with Nginx on Debian 10 and also on Debian 11. This scenario were Wordpress is served with it’s database on a single server machine is good option if you’re also starting out now and don’t have an extra budget to spare on infrastructure or if you are a beginner who’s first time trying out Wordpress on a cloud/dedicated/VM/VPS hosting or for just some testing purposes.
But one downside it can cause over time is if you still have this scenario in production, it can become rather difficult to maintain the server when upgrades are needed to be applied since it can cause downtimes. That’s why it’s common practice to have at least two servers and separate the Wordpress install by having on one server only web server(Nginx or Apache) and Wordpress installation and the other the database server(MariaDB, MySQL).
Thank you very much for your time…