🚀 WordPress Setup on Ubuntu with Nginx, MySQL & SSL

✅ Prerequisites

Ensure your system is up to date:

sudo apt update && sudo apt upgrade -y

🏗 Step 1: Install Nginx

sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx

🔹 Explanation: This installs and starts the Nginx web server.

🛢 Step 2: Install MySQL & Secure It

sudo apt install mysql-server -y
sudo mysql_secure_installation

🔹 Explanation: MySQL is installed and secured with recommended settings.

🎯 Create WordPress Database & User

sudo mysql

CREATE DATABASE wordpress;
CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'password@123';
GRANT ALL PRIVILEGES ON wordpress.* TO 'wp_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

✅ Make sure to use a strong password!

🐘 Step 3: Install PHP & Required Extensions

sudo add-apt-repository ppa:ondrej/php -y
sudo apt update

sudo apt install php8.1 php8.1-fpm php8.1-mysql php8.1-curl php8.1-xml php8.1-mbstring php8.1-zip php8.1-gd -y

sudo systemctl enable php8.1-fpm
sudo systemctl start php8.1-fpm

🔹 Explanation: We install PHP 8.1 along with necessary extensions for WordPress.

📂 Step 4: Download & Configure WordPress

cd /var/www/
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzvf latest.tar.gz
sudo mv wordpress /var/www/wordpress

🔑 Set Correct Permissions

sudo chown -R www-data:www-data /var/www/wordpress
sudo chmod -R 755 /var/www/wordpress

🔹 Explanation: This ensures WordPress has the correct permissions to function properly.

⚙ Step 5: Configure Nginx for WordPress

Create a new Nginx configuration file:

sudo nano /etc/nginx/sites-available/wordpress.conf

Paste the following:

server {
    listen 80;
    server_name your_domain_or_IP;
    root /var/www/wordpress;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

🔗 Enable the Configuration & Restart Nginx

sudo ln -s /etc/nginx/sites-available/wordpress.conf /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default  # Remove default config
sudo nginx -t
sudo systemctl reload nginx

✅ Ensure there are no errors before restarting Nginx!

🔒 Step 6: Secure WordPress with SSL (HTTPS)

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d your_domain -d www.your_domain
sudo systemctl reload nginx

🔹 Explanation: This sets up an SSL certificate from Let's Encrypt.

🔄 Enable Automatic SSL Renewal

sudo crontab -e

Add this line at the bottom:

0 0 * * * certbot renew --quiet && systemctl reload nginx

✅ This ensures your SSL certificate renews automatically!

🌐 Step 7: Redirect HTTP to HTTPS (Optional but Recommended)

server {
    listen 80;
    listen [::]:80;
    server_name wordpress.asifahmadkhan.com;
    return 301 https://wordpress.asifahmadkhan.com$request_uri;
}

🔐 Final Secure Nginx Config for HTTPS

server {
    listen 443 ssl http2;
    server_name wordpress.asifahmadkhan.com;
    access_log /var/log/nginx/wordpress.asifahmadkhan.com.access.log;
    error_log /var/log/nginx/wordpress.asifahmadkhan.com.error.log;
    root /var/www/wordpress;
    index index.php index.html;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        include fastcgi.conf;

        add_header X-Xss-Protection "1; mode=block" always;
        add_header X-Frame-Options "sameorigin" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
        add_header Content-Security-Policy "upgrade-insecure-requests";
    }

    ssl_certificate /etc/letsencrypt/live/wordpress.asifahmadkhan.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/wordpress.asifahmadkhan.com/privkey.pem;
}

✅ Ensures security with SSL, HTTP/2, and various security headers.

🎉 Final Checklist Before Accessing Your WordPress Site

✅ Nginx is installed, configured, and running
✅ MySQL is set up, and the database is created
✅ PHP is correctly installed and configured
✅ WordPress files are in the correct directory
✅ Nginx configuration is properly set up and tested
✅ SSL is installed and auto-renewal is configured
✅ HTTP is redirected to HTTPS

🎯 Now, visit http://your_domain_or_IP to complete the WordPress installation! 🚀

✅ Prerequisites​

🏗 Step 1: Install Nginx​

🛢 Step 2: Install MySQL & Secure It​

🎯 Create WordPress Database & User​

🐘 Step 3: Install PHP & Required Extensions​

📂 Step 4: Download & Configure WordPress​

🔑 Set Correct Permissions​

⚙ Step 5: Configure Nginx for WordPress​

🔗 Enable the Configuration & Restart Nginx​

🔒 Step 6: Secure WordPress with SSL (HTTPS)​

🔄 Enable Automatic SSL Renewal​

🌐 Step 7: Redirect HTTP to HTTPS (Optional but Recommended)​

🔐 Final Secure Nginx Config for HTTPS​

🎉 Final Checklist Before Accessing Your WordPress Site​