Introduction

WordPress is the most popular content management system (CMS) on the internet. It allows you to set up flexible blogs and websites on top of a MySQL backend with PHP processing. WordPress has seen incredible adoption and is a great choice for getting a website up and running quickly. After setup, almost all administration can be done through the web frontend.
In this guide, you’ll set up a WordPress instance on a LAMP stack (Linux, Apache, MySQL, and PHP) on an Ubuntu 18.04 server.

Prerequisites

To complete this tutorial, you will need:

Access to an Ubuntu 18.04 server with a sudo user: You’ll be completing the steps in this guide using a non-root user with sudo privileges. You can create a user with sudo privileges by following our Ubuntu 18.04 initial server setup guide.
Install a LAMP stack: WordPress will need a web server, a database, and PHP in order to correctly function. Setting up a LAMP stack (Linux, Apache, MySQL, and PHP) fulfills all of these requirements. Follow this guide to install and configure this software.
Secure your site with SSL: WordPress serves dynamic content and handles user authentication and authorization. TLS/SSL is the technology that allows you to encrypt the traffic from your site so that your connection is secure. The way you set up SSL will depend on whether you have a domain name for your site.

If you have a domain name… one way to secure your site is with Let’s Encrypt, which provides free, trusted certificates. Follow our Let’s Encrypt guide for Apache to set this up.
If you do not have a domain… and you are only using this configuration for testing or personal use, you can use a self-signed certificate instead. This provides the same type of encryption, but without domain validation. Follow our self-signed SSL guide for Apache to get set up.

When you are finished with the prerequisites, log into your server as your sudo user and continue to Step 1.

Step 1 – Creating a MySQL Database and User for WordPress

The first step you’ll take is a preparatory one. Even though MySQL is already installed, you still need to create a database to manage and store the user information for WordPress to use. To get started, log into the MySQL root (administrative) account by issuing the following command:

sudo mysql

You will be prompted for the password you set for the MySQL root account when you installed the software.
However, if you have password authentication enabled for your root user, you can run the following command and enter your password information when prompted:

mysql -u root -p

From there, you’ll create a new database that WordPress will control. You can call this whatever you would like, but we will be using wordpress in this guide as an example. Create the database for WordPress by writing the following:

CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

Note: Every MySQL statement must end in a semi-colon (;). Check to make sure this is present if you are running into any issues.

Next, you’re going to create a separate MySQL user account that you’ll use exclusively to operate on the new database. Creating one-function databases and accounts is a good idea from a management and security standpoint. We will use the name wordpressuser as an example in this guide. Feel free to change this if you’d like.
You can create this account, set a password for it, and then grant it access to the database you created all by running the following command. Remember to choose a strong password here for your database user:

GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost' IDENTIFIED BY 'password';

After creating this user, flush the privileges to ensure that the current instance of MySQL knows about the recent changes you’ve made:

FLUSH PRIVILEGES;

Exit out of MySQL:

EXIT;

You now have a database and user account in MySQL, each made specifically for WordPress.

Step 2 – Installing Additional PHP Extensions

When setting up your LAMP stack, the process only required a minimal set of extensions to get PHP to communicate with MySQL. WordPress and many of its plugins leverage additional PHP extensions.
First, update your package list:

sudo apt update

Next download and install some of the most popular PHP extensions for use with WordPress:

sudo apt install php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip

Note: Each WordPress plugin has its own set of requirements. Some may require additional PHP packages to be installed. Check your plugin documentation to discover its PHP requirements. If they are available, they can be installed with apt as demonstrated above.

Restart Apache to load these new extensions in the next section. If you are returning here to install additional plugins, you can restart Apache now:

sudo systemctl restart apache2

In the next step, you’ll make some adjustments to your Apache configuration.

Step 3 – Adjusting Apache’s Configuration to Allow for .htaccess Overrides and Rewrites

WordPress defaults to using .htaccess files to manage certain features of your site, such as permalinks, plugins, and redirects. The Apache web server uses these .htaccess configuration files to create the rules for the web server to follow. However, Apache disables the use of .htaccess files by default, so you’ll need to update the Apache virtual host file for your website to enable them.
To enable, open the virtual host file for your website:

sudo nano /etc/apache2/sites-available/wordpress.conf

Note: For this tutorial, we’ll use /etc/apache2/sites-available/wordpress.conf as an example, but you should substitute the path to your configuration file where appropriate.
Additionally, we will use /var/www/wordpress as the root directory of our WordPress install. You should use the web root specified in your own configuration.
It’s also possible you are using the 000-default.conf default configuration (with /var/www/html as your web root). This is fine to use if you’re only going to host one website on this server. If not, it’s best to split the necessary configuration into logical chunks, one file per site.

Once you’ve opened this file, you’ll notice that the use of .htaccess files is disabled. To allow .htaccess files, you need to set the AllowOverride directive within a Directory block pointing to your document root. Add the following block of text inside the VirtualHost block in your configuration file. Make sure that you use your own web root directory in place of the highlighted example:
/etc/apache2/sites-available/wordpress.conf

<Directory /var/www/wordpress/>
	AllowOverride All
</Directory>

When you are finished, save and close the file. If you’re using nano, you can exit by pressing CTRL + X then Y and ENTER.
Next, enable mod_rewrite so that you can utilize the WordPress permalink feature:

sudo a2enmod rewrite

After, you’ll enable those changes by testing the configuration. But before you implement the changes, check to make sure there aren’t any syntax errors:

sudo apache2ctl configtest

The output might have a message that looks like the following:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK

If you wish to suppress the top line, add a ServerName directive to your main (global) Apache configuration file at /etc/apache2/apache2.conf. The ServerName can be your server’s domain or IP address. This is solely a message, however, and doesn’t affect the functionality of your site. As long as the output contains Syntax OK, you are ready to continue.
Restart Apache to implement the changes:

sudo systemctl restart apache2

Next, you’ll download and set up WordPress itself.

Step 4 – Downloading WordPress

Now that your server software is configured, you can download and set up WordPress. For security reasons, it is always recommended to get the latest version of WordPress from their site.
First change into a writable directory:

cd /tmp

Then download the compressed release by running the following:

curl -O https://wordpress.org/latest.tar.gz

Extract the compressed file to create the WordPress directory structure:

tar xzvf latest.tar.gz

You’ll be moving these files into your document root momentarily. Before you do, add an empty .htaccess file so that this will be available for WordPress to use later.
Create the file by running the following:

touch /tmp/wordpress/.htaccess

Then, make a copy of the sample configuration file and name it wp-config.php, the filename that WordPress actually reads:

cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php

Lastly, create the upgrade directory, so that WordPress won’t run into permissions issues when trying to do this on its own following an update to its software:

mkdir /tmp/wordpress/wp-content/upgrade

Now you can copy the entire contents of the directory into your document root. Using a dot at the end of your source directory indicates that everything within the directory should be copied, including hidden files (like the .htaccess file you created). Again, use the name of your actual document root in place of the highlighted example:

sudo cp -a /tmp/wordpress/. /var/www/wordpress

Next, you’ll need to adjust and configure items in your WordPress directory.

Step 5 – Configuring the WordPress Directory

Before you begin the web-based WordPress setup, you need to adjust some items in your WordPress directory.

Adjusting the Ownership and Permissions

One of the big things you need to accomplish is setting up reasonable file permissions and ownership.
Start by giving ownership of all the files to the www-data user and group. This is the user that the Apache web server runs as, and Apache will need to be able to read and write WordPress files in order to serve the website and perform automatic updates.
Update the ownership with chown:

sudo chown -R www-data:www-data /var/www/wordpress

Next run two find commands to set the correct permissions on the WordPress directories and files:

sudo find /var/www/wordpress/ -type d -exec chmod 750 {} ;
sudo find /var/www/wordpress/ -type f -exec chmod 640 {} ;

These should be reasonable permissions set to start with. Some plugins and procedures might require additional tweaks.

Setting up the WordPress Configuration File

Now, you need to make some changes to the main WordPress configuration file.
When you open the file, your first order of business will be to adjust some secret keys to provide some security for installation. WordPress provides a secure generator for these values so that you do not have to try to come up with good values on your own. These are only used internally, so it won’t hurt usability to have complex, secure values here.
To grab secure values from the WordPress secret key generator, run the following:

curl -s https://api.wordpress.org/secret-key/1.1/salt/

You will receive unique values that look something like the following:

Warning: It is important that you request unique values each time. Do NOT copy the values shown in the example below.

define('AUTH_KEY',         '1jl/vqfs<XhdXoAPz9 DO NOT COPY THESE VALUES c_j{iwqD^<+c9.k<J@4H');
define('SECURE_AUTH_KEY',  'E2N-h2]Dcvp+aS/p7X DO NOT COPY THESE VALUES {Ka(f;rv?Pxf})CgLi-3');
define('LOGGED_IN_KEY',    'W(50,{W^,OPB%PB<JF DO NOT COPY THESE VALUES 2;y&,2m%3]R6DUth[;88');
define('NONCE_KEY',        'll,4UC)7ua+8<!4VM+ DO NOT COPY THESE VALUES #`DXF+[$atzM7 o^-C7g');
define('AUTH_SALT',        'koMrurzOA+|L_lG}kf DO NOT COPY THESE VALUES  07VC*Lj*lD&?3w!BT#-');
define('SECURE_AUTH_SALT', 'p32*p,]z%LZ+pAu:VY DO NOT COPY THESE VALUES C-?y+K0DK_+F|0h{!_xY');
define('LOGGED_IN_SALT',   'i^/G2W7!-1H2OQ+t$3 DO NOT COPY THESE VALUES t6**bRVFSD[Hi])-qS`|');
define('NONCE_SALT',       'Q6]U:K?j4L%Z]}h^q7 DO NOT COPY THESE VALUES 1% ^qUswWgn+6&xqHN&%');

These are configuration lines that you can paste directly into your configuration file to set secure keys. Copy the output you received.
Now, open the WordPress configuration file. Make sure the file path aligns with your own document root information as highlighted in the following:

sudo nano /var/www/wordpress/wp-config.php

Find the section that contains the empty values for those settings. It will look something like the following:
/var/www/wordpress/wp-config.php

. . .

define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

. . .

Delete those lines and paste in the values you copied from the command line:
/var/www/wordpress/wp-config.php

. . .

define('AUTH_KEY',         'VALUES COPIED FROM THE COMMAND LINE');
define('SECURE_AUTH_KEY',  'VALUES COPIED FROM THE COMMAND LINE');
define('LOGGED_IN_KEY',    'VALUES COPIED FROM THE COMMAND LINE');
define('NONCE_KEY',        'VALUES COPIED FROM THE COMMAND LINE');
define('AUTH_SALT',        'VALUES COPIED FROM THE COMMAND LINE');
define('SECURE_AUTH_SALT', 'VALUES COPIED FROM THE COMMAND LINE');
define('LOGGED_IN_SALT',   'VALUES COPIED FROM THE COMMAND LINE');
define('NONCE_SALT',       'VALUES COPIED FROM THE COMMAND LINE');

. . .

Next, you need to modify some of the database connection settings at the beginning of the file. You need to adjust the database name, the database user, and the associated password that you configured within MySQL.
The other change is to set the method that WordPress should use to write to the filesystem. Since you’ve given the web server permission to write where it needs to, you can explicitly set the filesystem method to “direct”. Failure to set this with your current settings would result in WordPress prompting for FTP credentials when performing some actions.
This setting can be added after the database connection settings, or anywhere else in the file:
/var/www/wordpress/wp-config.php

. . .

define('DB_NAME', 'wordpress');

/** MySQL database username */
define('DB_USER', 'wordpressuser');

/** MySQL database password */
define('DB_PASSWORD', 'password');

. . .

define('FS_METHOD', 'direct');

Save and close the file when you are finished.

Step 6 – Completing the Installation Through the Web Interface

Now that the server configuration is complete, you can complete the installation through the web interface.
In your web browser, navigate to your server’s domain name or public IP address:

https://server_domain_or_IP

Select the language you would like to use:

Next you will be directed to the main setup page.
Select a name for your WordPress site and choose a username (it is recommended not to choose something like “admin” for security purposes). A strong password is generated automatically. Save this password or select an alternative strong password.
Enter your email address and select whether you want to discourage search engines from indexing your site:

When you click ahead, you will be taken to a page that prompts you to log in:

Once you log in, you will be taken to the WordPress administration dashboard:

From there, you can begin using and customizing your WordPress site.

Conclusion

WordPress should now be successfully installed and ready to use. Some common next steps are choosing the permalinks setting for your posts (can be found in Settings > Permalinks) or selecting a new theme (in Appearance > Themes). If this is your first time using WordPress, explore the interface a bit to get acquainted with your new CMS.