/ Web Design & Development

Step by Step Guide to Install Wordpress with LEMP on Ubuntu

Araf Nishan

Read more posts by this author.

Read More
Step by Step Guide to Install Wordpress with LEMP on Ubuntu

In this tutorial, we will concentrate on setting up a WordPress instance on a LEMP stack (Linux, Nginx, MySQL, and PHP) on a Ubuntu 16.04 server.


WordPress is the Internet's most popular content management system (CMS). This enables you to set up scalable blogs and websites with PHP storage on top of a MySQL backend. WordPress has seen incredible growth and is a great choice to easily update and run a website. Nearly all administration can be done via the web frontend after setup.

In this tutorial, we will focus on setting up a WordPress instance on a LEMP stack (Linux, Nginx, MySQL, and PHP) on a Ubuntu 16.04 server.

Step 1: Create a MySQL Database for WordPress

The first step we are going to take is a prepared one. WordPress uses MySQL to manage and store information about the site and the user. We've already downloaded MySQL, but we need to create a WordPress server and user to use.

Log in to the MySQL root (administrative) account with this command to get started:

mysql -u root -p

In terminal, You will be prompted for your Mysql root password.

Then, we will create a separate database for our Wordpress project. You can create it by just typing:

mysql> CREATE DATABASE wordpress_project DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

Step 2: Configure Nginx Server

Next, we will make some adjustments to our Nginx server configuration.

Open the default server block file with sudo privileges to begin:

sudo nano /etc/nginx/sites-available/default

Within the main server block, we need to add a few location blocks.

Create exact-matching location blocks for requests to /favicon.ico and /robots.txt, both of which we do not want to log requests for.

Here We should use a regular expression location to match any requests for static files. Then again turn off the logging for these requests and mark them as highly cacheable as these are expensive resources.

You can edit this static files list to contain any other file extensions your site may use:
File-path: /etc/nginx/sites-available/default

server {
    . . .

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    . . .

Inside existing location / block, we need to adjust the try_files list so that instead of returning a 404 error as the default option, control is passed to the index.php file with the request arguments.
This should look like this:
Folder: /etc/nginx/sites-available/default

server {
. . .
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
. . .

If you are done, save and close the file.
Now, we can check our configuration for syntax errors by typing:

sudo nginx -t

If no errors were listed, reload Nginx:

sudo systemctl reload nginx

Step 3: Install PHP Extensions (additional)

While setting up our LEMP stack, we only need a minimal set of extensions to get PHP to respond with MySQL. WordPress and many of its plugins need additional php extensions.

Download and install some of the most popular PHP extensions to use with WordPress by typing:

sudo apt-get update
sudo apt-get install php-curl php-gd php-mbstring php-mcrypt php-xml php-xmlrpc

When you are finished installing the extensions, restart the PHP-FPM process.

Step 4: Install WordPress

Now our server is ready, we can set up WordPress. For security reasons in particular, Especially for security reasons, it is always recommended that you get the latest WordPress version from wordpress.org.

Change the target directory into a writable directory and then download the compressed wordpress release by typing:

cd /tmp

curl -O https://wordpress.org/latest.tar.gz

Extract the compressed wordpress setup file to create the WordPress directory:

tar xzvf latest.tar.gz

You need to move these files into target directory momentarily. Before that, we can copy over the sample configuration file to the filename that WordPress actually recognizes:

cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php

You can also create the upgrade directory to solve permission issues while trying to do this on its own following an update to its software:

mkdir /tmp/wordpress/wp-content/upgrade

Now, you should copy the entire contents of the directory into your document root. You should check using the -a flag to make sure permissions are maintained. We are using a dot at the end of our source directory to indicate that everything within the directory should be copied, including the hidden files:

sudo cp -a /tmp/wordpress/. /var/www/html

Step 5: Configure the WordPress Directory

Before we do the web-based WordPress setup, we need to adjust some items in our WordPress directory.

Adjusting the Ownership and Permissions

You need setting up reasonable file permissions and ownership. You need to be able to write to those files as a regular user, and you need the web server to also be able to access and modify certain files and directories in order to function properly.

We’ll start by assigning ownership over all of the files in our document root to our username. We will use sammy as our username in this guide, but you should change this to match whatever your sudo user is called. We will assign group ownership to the www-data group:

sudo chown -R sammy:www-data /var/www/html

Next, we will set the setgid bit on each of the directories within the document root. This causes new files created within these directories to inherit the group of the parent directory (which we just set to www-data) instead of the creating user’s primary group. This just makes sure that whenever we create a file in the directory on the command line, the web server will still have group ownership over it.

We can set the setgid bit on every directory in our WordPress installation by typing:

sudo find /var/www/html -type d -exec chmod g+s {} \;

There are a few other fine-grained permissions we’ll adjust. First, we’ll give group write access to the wp-content directory so that the web interface can make theme and plugin changes:

sudo chmod g+w /var/www/html/wp-content

As part of this process, we will give the web server write access to all of the content in these two directories:

sudo chmod -R g+w /var/www/html/wp-content/themes
sudo chmod -R g+w /var/www/html/wp-content/plugins

This should be a reasonable permissions set to start with. Some plugins and procedures might require additional tweaks.

Setting up the WordPress Configuration File

Now, we need to make some changes to the main WordPress configuration file.

When we open the file, our first order of business will be to adjust some secret keys to provide some security for our installation. WordPress provides a secure generator for these values so that you do not have to try to come up with good values on your own. These are only used internally, so it won’t hurt usability to have complex, secure values here.

To grab secure values from the WordPress secret key generator, type:

curl -s https://api.wordpress.org/secret-key/1.1/salt/

You will get back unique values that look something like this:

WarningIt is important that you request unique values each time. Do NOT copy the values shown below!

Outputdefine('AUTH_KEY','1jl/vqfs<XhdXoAPz9 DO NOT COPY THESE VALUES c_j{iwqD^<+c9.k<J@4H');
define('SECURE_AUTH_KEY',  'E2N-h2]Dcvp+aS/p7X DO NOT COPY THESE VALUES {Ka(f;rv?Pxf})CgLi-3');
define('LOGGED_IN_KEY',    'W(50,{W^,OPB%PB<JF DO NOT COPY THESE VALUES 2;y&,2m%3]R6DUth[;88');
define('NONCE_KEY',        'll,4UC)7ua+8<!4VM+ DO NOT COPY THESE VALUES #`DXF+[$atzM7 o^-C7g');
define('AUTH_SALT',        'koMrurzOA+|L_lG}kf DO NOT COPY THESE VALUES  07VC*Lj*lD&?3w!BT#-');
define('SECURE_AUTH_SALT', 'p32*p,]z%LZ+pAu:VY DO NOT COPY THESE VALUES C-?y+K0DK_+F|0h{!_xY');
define('LOGGED_IN_SALT',   'i^/G2W7!-1H2OQ+t$3 DO NOT COPY THESE VALUES t6**bRVFSD[Hi])-qS`|');
define('NONCE_SALT',       'Q6]U:K?j4L%Z]}h^q7 DO NOT COPY THESE VALUES 1% ^qUswWgn+6&xqHN&%');

These are configuration lines that we can paste directly in our configuration file to set secure keys. Copy the output you received now.

Now, open the WordPress configuration file:

nano /var/www/html/wp-config.php

Find the section that contains the dummy values for those settings. It will look something like this:


. . .

define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

. . .

Delete those lines and paste in the values you copied from the command line:


. . .


. . .

Next, we need to modify some of the database connection settings at the beginning of the file. You need to adjust the database name, the database user, and the associated password that we configured within MySQL.

The other change we need to make is to set the method that WordPress should use to write to the file-system. Since we’ve given the web server permission to write where it needs to, we can explicitly set the file-system method to “direct”. Failure to set this with our current settings would result in WordPress prompting for FTP credentials when we perform some actions.

This setting can be added below the database connection settings, or anywhere else in the file:


. . .

define('DB_NAME', 'wordpress');

/** MySQL database username */
define('DB_USER', 'wordpressuser');

/** MySQL database password */
define('DB_PASSWORD', 'password');

. . .

define('FS_METHOD', 'direct');

Save and close the file when you are finished.

Step 6: Complete the Installation Through the Web Interface

Now the server configuration is done, we can finish the installation through the web interface.

In your web browser, enter to your server’s domain name or public IP address:


Select the language you would like to use:

WordPress language selection

Next, you will come to the main setup page.

Select a name for your WordPress site and choose a username (it is recommended not to choose something like “admin” for security purposes). A strong password will be generated automatically. Save this password somewhere or create an alternative strong password.

Enter your email address and select if you want to discourage search engines from indexing your website:

WordPress setup installation

When you click ahead, you will be taken to a page that prompts you to log in:

WordPress login prompt

Once you log in, you will be taken to the WordPress administration dashboard:

WordPress login prompt

Upgrading WordPress

As WordPress upgrades become available, you will be unable in install them through the interface with the current permissions.

The permissions we selected here should provide a good trade off between security and usability for the 99% of times between upgrading. However, they are a bit too restrictive for WordPress to automatically apply updates.

When an update is available, log in to your server as your sudo user. Temporarily give the web server process access to the whole document root:

sudo chown -R www-data /var/www/html

Now, go back the WordPress administration panel and apply the update.

When you are finished, lock the permissions down again for security:

sudo chown -R sammy /var/www/html

This should only be necessary when applying upgrades to WordPress itself.


Now WordPress should be installed and ready to use! Some common steps are to choose the permalinks setting for your posts (can be found in Settings > Permalinks) or to select a new theme (in Appearance > Themes). If You are exploring WordPress for first time, explore the dashboard a bit to get familiar with your new CMS.