How to Install WordPress on Ubuntu Server 18.04

WordPress is, without question, the most widely-used blogging platform on the planet. But the tool can be used for much more than just blogging. With the right addition of extensions, you can morph WordPress into an e-commerce site, a multimedia site, and much more.

If you happen to have a server of your own, you can host a WordPress installation, without having to turn to a third party. And that is exactly what we’re going to do here. In this tutorial, you will learn how to install the necessary components as well as the WordPress platform on Ubuntu Server 18.04. This will only assume one thing: That you have Ubuntu Server up and running.

Yuichiro Chino / Getty Images


The first thing to do is to get our LAMP (Linux Apache MySQL PHP) server up and running. Since Ubuntu is already there, all that needs to be done is install the secondary components. Because we’re using Ubuntu, this can be done with a single command. However, before we do that, we want to make sure our server is up to date. Open a terminal window and issue the following commands:

sudo apt-get update

Should the kernel get upgraded in the process, a reboot will be necessary. If that’s the case, the server will need to be restarted (so the changes will take effect). This means you should run the update/upgrade at a time when a reboot is viable.

With the update/upgrade out of the way, it’s time to install the web/database servers and PHP. This can be done with a single command:

sudo apt install apache2 p

During the installation, you will be prompted to create/verify a password for the MySQL admin user. When the process completes, you can point a browser to http://SERVER_IP (Where SERVER_IP is the IP address of your Ubuntu Server) to see the Apache welcome screen.

Next we have to install a few necessary PHP extensions. This can be done with the command:

sudo apt install php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap

Enabling SSL

Before we get into the configuration of Apache and the installation of WordPress, we’re going to prepare our server to use SSL (Secure Sockets Layer), which are various web protocols that work together to wrap normal HTTP traffic in a protected, encrypted wrapper. So HTTP becomes HTTPS. As I am only setting up a testing server, I’ll be creating a self-signed SSL certificate for an IP address. To do this, follow these steps.

Generate the SSL certificate with the following command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apac

When you run that command, you’ll be required to answer the following questions:

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company)[]
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

It is important, for the self-signed certificate, that you enter the IP address of your server for the Common Name entry.

Next we configure Apache to use SSL. Create a new file with the command:

sudo nano /etc/apache2/conf-availabl

In that new file, paste the following:

SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off


Now we’re going to create a new default-ssl.conf file. Before we do that, backup the original with the command:

sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/def

Create the new file with the command:

sudo nano /etc/apache2/sites-available

In that new file, paste the following:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin YOUR_EMAIL
ServerName SERVER_IP
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile     /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars

Where SERVER_IP is the IP address of your server and YOUR_EMAIL

Save and close that file.

Now we’re going to set up a redirect so that all HTTP traffic is automatically redirected to HTTPS. To do this, create a new file with the command:

sudo nano /etc/apache2/sites-available

In that file, add the following line under the DocumentRoot entry:

Redirect “/” “ht

Where SERVER_IP is the IP address of your server.

Save and close that file.

Next we need to enable a few modules and hosts with the commands:

sudo a2enmod ssl
sudo a2enmod headers
sudo a2ensite default-ssl
sudo a2

Finally, restart Apache with the command:

sudo systemct

You should now be able to point your browser to https://SERVER_IP (Where SERVER_IP is the IP address of your server) and still see the Apache Welcome Screen.

The Database

Before you start setting up your database, you should use MariaDB/MySQL’s built-in function to secure your new installation. Run the command, and accept the defaults to secure your database. When asked, set up a secure password for database’s root user.

sudo mysql_secure_installation

Once that’s complete, you’re ready to start working with MariaDB using the “mysql” command

WordPress depends upon a database to function. To create that, you first must log into the MySQL prompt with the command:


You will be prompted for the MySQL admin user password you created during the LAMP server installation. At the MySQL prompt, create the database with the command:


Next, create a new user and grant that user permission to access the database with the command:

GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost' IDENTIFIED BY &#

Where PASSWORD is a unique, strong password.

Flush the database privileges and exit with the commands:


Allow .htaccess and Enable the Rewrite Module

We need to enable .htaccess for WordPress. To do this, create a new Apache configuration file with the command:

sudo nano /etc/apache2/sites-availab

In that file paste the following:

<Directory /var/www/html/wordpress/>
AllowOverride All

Enable the rewrite module with the command:


Restart Apache with the command:

sudo systemct

Download, Unpack, and Prepare WordPress

We’re going to download the official WordPress file with the following commands:

cd /tmp
curl -O https://wordpress.

Unpack WordPress with the command:

tar x

Create a dummy .htaccess file with the command:

touch /tmp/wo

Copy the sample configuration file to the necessary config file with the command:

cp /tmp/wordpress/wp-config-sample.php /tmp/wordpr

Create an upgrade directory (to avoid permissions issues) with the command:

mkdir /tmp/wordpress/w

Copy the contents of the wordpress directory into the document root with the command:

sudo cp -a /tmp/wordpress/. /var/w

Finally, adjust the ownership and permissions of the newly moved wordpress directory with the commands:

sudo chown -R www-data:www-data /var/www/wordpress
sudo find /var/www/wordpress/ -type d -exec chmod 750 {} \;
sudo find /var/www/wordpress/ -type f -exe

Configuring WordPress

This section gets a bit complicated. The wp-config.php file needs to be edited, but before that can be done, you must download unique secret keys to be added to the config file. To get those keys, visit the online generator from the WordPress developers.

This will output a number of long strings, each associated with a specific configuration option. Each string is associated with the following values in the configuration file:


Copy those values into another file. Next open the WordPress configuration file with the command:

sudo nano /var/www/wordpr

Locate the values above and paste the secret key for each. After that, scroll up and edit the values for:


The above values were created earlier (with MySQL).

Save and close that file.

Complete the Installation

You can now point your browser to https://SERVER_IP/wordpress and walk through the web-based installer to complete the installation. After a couple of clicks and a bit of typing, your instance of WordPress will be up and running.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Review :  Best SSL Certificate Services to Buy
CYBERSECURITY HOSTING REVIEW Review : Best SSL Certificate Services to Buy

Note: When you click on the affiliate link in our article to purchase the product, we will earn some commission. is dedicated to security and privacy for all users. We believe the movement to encrypt nearly all web traffic is a positive development for the internet. Preventing MITM attacks and other data-interception techniques possible […]

Read More

Using the Mac Security Preference Pane

The Security preference pane allows you to control the security level of the user accounts on your Mac. In addition, the Security preference pane is where you configure your Mac’s firewall as well as turn data encryption on or off for your user account. Here’s how to use the Security & Privacy pane to keep your computer […]

Read More

How to Make a USB Security Key for Your PC or Mac

What to Know You can use a free or paid app to create a USB key. We recommend USB Raptor for Windows or Rohos Logon Key for Mac. USB Raptor is compatible with Windows 10, 7, 8 and XP. Rohos Logon Key is compatible with macOS 10.8 Mountain Lion and newer. This article explains how […]

Read More